QinQ Configuration

1.1  Understanding QinQ

In the VLAN tag field defined in IEEE 802.1Q, only 12 bits are used for VLAN IDs, so a switch can support a maximum of 4,094 VLANs. In actual applications, however, a large number of VLAN are required to isolate users, especially in metropolitan area networks (MANs), and 4,094 VLANs are far from satisfying such requirements.
QinQ provided by the S7500E series is a flexible, easy-to-implement Layer 2 VPN technique, which enables the access point to encapsulate an outer VLAN tag in Ethernet frames from customer networks (private networks), so that the Ethernet frames will travel across the service provider’s backbone network (public network) with double VLAN tags. The inner VLAN tag is the customer network VLAN tag while the outer one is the VLAN tag assigned by the service provider to the customer. In the public network, frames are forwarded based on the outer VLAN tag only, with the source MAC address learned as a MAC address table entry for the VLAN indicated by the outer tag, while the customer network VLAN tag is transmitted as part of the data in the frames.
Figure 1-1 shows the structure of a double-tagged Ethernet frame. The QinQ feature enables a switch to support up to 4,094 x 4,094 VLANs to satisfy the requirement for the amount of VLANs in the MAN.
Advantages of QinQ:
l           Addresses the shortage of public VLAN ID resource
l           Enables customers to plan their own VLAN IDs, with running into conflicts with public network VLAN IDs.
l           Provides an easy-to-do Layer 2 VPN solution for small-sized MANs or intranets.

&  Note:
The QinQ feature requires configurations only on the service provider network, and not on the customer network.

1.2  Implementations of QinQ

There are two types of QinQ implementations: basic QinQ and selective QinQ.
1)         Basic QinQ
Basic QinQ is a port-based feature, which is implemented through VLAN VPN.
With the VLAN VPN feature enabled on a port, when a frame arrives on the port, the switch will tag it with the port’s default VLAN tag, regardless of whether the frame is tagged or untagged. If the received frame is already tagged, this frame becomes a double-tagged frame; if it is an untagged frame, it is tagged with the port’s default VLAN tag.
2)         Selective QinQ
Selective QinQ is an implementation more flexible than basic QinQ. In addition to all the functions of basic QinQ, selective QinQ can tag frames with different outer VLAN tags based on their inner VLAN IDs.
The S7500E series implements selective QinQ by using customer VLAN IDs as match criteria to classify frames and then tagging the frames that match a certain VLAN ID with the outer VLAN tag defined in the associated traffic behavior.

1.3  Modification of the TPID Value in VLAN Tags

A VLAN tag uses the tag protocol identifier (TPID) field to identify the protocol type of the tag. The value of this field, as defined in IEEE 802.1Q, is 0x8100.
Figure 1-2 shows the 802.1Q-defined tag structure of an Ethernet frame.
The systems of different vendors may set the TPID in the outer VLAN tag of QinQ frames to different values. For compatibility with these systems, the S7500E series switches allow you to modify the TPID values in the VLAN tags in QinQ frames, including:
l           The TPID value in customer network VLAN tags. The switch uses it to determine whether a frame received from the customer network is VLAN tagged. If the frame is considered as VLAN untagged, the switch tags the frame with the default VLAN tag of the receiving port. This default VLAN tag uses the TPID that you have configured.
l           The TPID value in service provider network VLAN tags. The switch uses it to determine whether a frame received from the service provider network is VLAN tagged. In addition, the switch uses the configured TPID in the outer VLAN tag for customer network frames for compatibility with third-party devices.
The TPID in an Ethernet frame has the same position with the protocol type field in a frame without a VLAN tag. To avoid problems in packet forwarding and handling in the network, you cannot set the TPID value to any of the values in the table below.
Protocol type
Value
ARP
0x0806
PUP
0x0200
RARP
0x8035
IP
0x0800
IPv6
0x86DD
PPPoE
0x8863/0x8864
MPLS
0x8847/0x8848
IPX/SPX
0x8137
IS-IS
0x8000
LACP
0x8809
802.1x
0x888E
Cluster
0x88A7
Reserved
0xFFFD/0xFFFE/0xFFFF


1.4  QinQ Configuration Example

I. Network requirements

l           Provider A and Provider B are service provider network access devices.
l           Customer A, Customer B, Customer C, and Customer D are customer network access devices.
l           Provider A and Provider B are interconnected through a trunk port, which permits the frames of VLAN 1000, VLAN 2000, and VLAN 3000 to pass through.
l           Third-party devices are deployed between Provider A and Provider B, with a TPID value of 0x8200.
The expected result of the configuration is as follows:
l           VLAN 10 of Customer A and Customer B can intercommunicate across VLAN 1000 on the public network.
l           VLAN 20 of Customer A and Customer C can intercommunicate across VLAN 2000 on the public network.
l           Frames of the VLANs other than VLAN 20 of Customer A can be forwarded to Customer D across VLAN 3000 on the public network.

II. Network diagram

Comments

Popular posts from this blog

Linux File and Directory Permissions

How to Disable SSL for Webmin

INSTALL CISCO VPN CLIENT ON WINDOWS 10 (32 & 64 BIT). FIX REASON 442