Skip to main content

QinQ Configuration

By Vikas Bagwe
1.1  Understanding QinQ

In the VLAN tag field defined in IEEE 802.1Q, only 12 bits are used for VLAN IDs, so a switch can support a maximum of 4,094 VLANs. In actual applications, however, a large number of VLAN are required to isolate users, especially in metropolitan area networks (MANs), and 4,094 VLANs are far from satisfying such requirements.
QinQ provided by the S7500E series is a flexible, easy-to-implement Layer 2 VPN technique, which enables the access point to encapsulate an outer VLAN tag in Ethernet frames from customer networks (private networks), so that the Ethernet frames will travel across the service provider’s backbone network (public network) with double VLAN tags. The inner VLAN tag is the customer network VLAN tag while the outer one is the VLAN tag assigned by the service provider to the customer. In the public network, frames are forwarded based on the outer VLAN tag only, with the source MAC address learned as a MAC address table entry for the VLAN indicated by the outer tag, while the customer network VLAN tag is transmitted as part of the data in the frames.
Figure 1-1 shows the structure of a double-tagged Ethernet frame. The QinQ feature enables a switch to support up to 4,094 x 4,094 VLANs to satisfy the requirement for the amount of VLANs in the MAN.
Figure 1-1 Single-tagged frame structure vs. double-tagged Ethernet frame structure
Advantages of QinQ:
l           Addresses the shortage of public VLAN ID resource
l           Enables customers to plan their own VLAN IDs, with running into conflicts with public network VLAN IDs.
l           Provides an easy-to-do Layer 2 VPN solution for small-sized MANs or intranets.

&  Note:
The QinQ feature requires configurations only on the service provider network, and not on the customer network.

1.2  Implementations of QinQ

There are two types of QinQ implementations: basic QinQ and selective QinQ.
1)         Basic QinQ
Basic QinQ is a port-based feature, which is implemented through VLAN VPN.
With the VLAN VPN feature enabled on a port, when a frame arrives on the port, the switch will tag it with the port’s default VLAN tag, regardless of whether the frame is tagged or untagged. If the received frame is already tagged, this frame becomes a double-tagged frame; if it is an untagged frame, it is tagged with the port’s default VLAN tag.
2)         Selective QinQ
Selective QinQ is an implementation more flexible than basic QinQ. In addition to all the functions of basic QinQ, selective QinQ can tag frames with different outer VLAN tags based on their inner VLAN IDs.
The S7500E series implements selective QinQ by using customer VLAN IDs as match criteria to classify frames and then tagging the frames that match a certain VLAN ID with the outer VLAN tag defined in the associated traffic behavior.

1.3  Modification of the TPID Value in VLAN Tags

A VLAN tag uses the tag protocol identifier (TPID) field to identify the protocol type of the tag. The value of this field, as defined in IEEE 802.1Q, is 0x8100.
Figure 1-2 shows the 802.1Q-defined tag structure of an Ethernet frame.
Figure 1-2 VLAN Tag structure of an Ethernet frame
An S7500E switch determines whether a received frame is VLAN tagged by comparing its own TPID with the TPID field in the received frame. If they match, the frame is considered as a VLAN tagged frame. If not, the switch tags the frame with the default VLAN tag of the receiving port.
The systems of different vendors may set the TPID in the outer VLAN tag of QinQ frames to different values. For compatibility with these systems, the S7500E series switches allow you to modify the TPID values in the VLAN tags in QinQ frames, including:
l           The TPID value in customer network VLAN tags. The switch uses it to determine whether a frame received from the customer network is VLAN tagged. If the frame is considered as VLAN untagged, the switch tags the frame with the default VLAN tag of the receiving port. This default VLAN tag uses the TPID that you have configured.
l           The TPID value in service provider network VLAN tags. The switch uses it to determine whether a frame received from the service provider network is VLAN tagged. In addition, the switch uses the configured TPID in the outer VLAN tag for customer network frames for compatibility with third-party devices.
The TPID in an Ethernet frame has the same position with the protocol type field in a frame without a VLAN tag. To avoid problems in packet forwarding and handling in the network, you cannot set the TPID value to any of the values in the table below.
Table 1-1 Reserved protocol type values
Protocol type
Value
ARP
0x0806
PUP
0x0200
RARP
0x8035
IP
0x0800
IPv6
0x86DD
PPPoE
0x8863/0x8864
MPLS
0x8847/0x8848
IPX/SPX
0x8137
IS-IS
0x8000
LACP
0x8809
802.1x
0x888E
Cluster
0x88A7
Reserved
0xFFFD/0xFFFE/0xFFFF


1.4  QinQ Configuration Example

I. Network requirements

l           Provider A and Provider B are service provider network access devices.
l           Customer A, Customer B, Customer C, and Customer D are customer network access devices.
l           Provider A and Provider B are interconnected through a trunk port, which permits the frames of VLAN 1000, VLAN 2000, and VLAN 3000 to pass through.
l           Third-party devices are deployed between Provider A and Provider B, with a TPID value of 0x8200.
The expected result of the configuration is as follows:
l           VLAN 10 of Customer A and Customer B can intercommunicate across VLAN 1000 on the public network.
l           VLAN 20 of Customer A and Customer C can intercommunicate across VLAN 2000 on the public network.
l           Frames of the VLANs other than VLAN 20 of Customer A can be forwarded to Customer D across VLAN 3000 on the public network.

II. Network diagram

Figure 1-3 Network diagram for QinQ configuration
Labels:

Comments

Post a Comment

Popular posts from this blog

INSTALL CISCO VPN CLIENT ON WINDOWS 10 (32 & 64 BIT). FIX REASON 442

By
This article shows how correctly install Cisco VPN Client (32 & 64 bit) on Windows 10 (32 & 64 bit) using simple steps, overcome the ‘ This app can’t run on this PC ’ installation error , plus fix the Reason 442: Failed to enable Virtual Adapter error message . The article applies to New Windows 10 installations or Upgrades from earlier Windows versions and all versions before or after Windows 10 build 1511 .  To simplify the article, we’ve broken it into the following two sections: How to Install Cisco VPN client on Windows 10 (clean installation or upgrade from previous Windows), including Windows 10 build prior or after build 1511 . How to Fix Reason 442: Failed to enable Virtual Adapter on Windows 10 Figure 1. The Cisco VPN Client Reason 442: Failed to enable Virtual Adapter error on Windows 10 HOW TO INSTALL CISCO VPN CLIENT ON WINDOWS 10 (NEW INSTALLATIONS OR O/S UPGRADES) The instructions below are for new or clean Windows 10 inst...
45 comments
Read more

Linux File and Directory Permissions

By
file & directory protection is a essential of any OS and Linux OS is no exception for it! These authorizations allow you to choose exactly who can access your files & directory, providing an overall improved system security. There was one of the major flaws in the older Windows operating-system where, by standard, all users can see each other people's information (Windows 95, 98, Me). For overcoming it, editions of the Windows based computer system such as NT, 2000, XP and 2003 lot more security features added. They fully support file & directory permissions, just as Linux system has since the beginning. Together, we'll now assess a directory listing from our Lab Linux system hosting server, to help us understand the information provided. a simple 'ls' command will give you the file and directory listing within a given directory, including the option  '-l' will display number of new areas that we are going to discuss here:
Post a Comment
Read more

How to create a Hirens Boot CD 15.2 USB Disk

By
Hiren’s BootCD (HBCD) is a bootable CD that contains a set of tools that can help users to fix their computer if their system fails to boot. More specifically, HBCD contains hardware diagnostic programs, partition tools, data recovery utilities, antivirus tools and many other tools to fix your computer problems.  I write this article because I use Hiren’s BootCD frequently to troubleshoot computer problems, specially when a computer doesn’t boot anymore due to a virus attack or due to a corrupted file system. In this article you will find instructions on how to put Hiren’s BootCD on a USB flash drive (stick) in order to troubleshoot computer problems in the future.
4 comments
Read more