[All About Switches] 27 QinQ Technology Highlighted

Created: May 10, 2017 14:47:29Latest reply: May 2, 2018 13:43:25 2824 2 0 1

Most people have great interest in QinQ, but they face difficulties during QinQ usage. I will describe how to use QinQ.

12.gifFirst, I will introduce QinQ.

QinQ is often deployed at the aggregation layer. QinQ packets carry double VLAN tags, and contain extra four-byte VLAN tag compared with common Layer 2 packets. QinQ technology can flexibly identify services.

12.gifWhat is the background of QinQ?

On a Layer 2 network, a switch adds one VLAN tag to packets to isolate broadcast domains; however, IEEE 802.1Q fines only 4096 VLAN IDs. The 4096 VLAN IDs are insufficient. To solve this problem, QinQ technology is used. QinQ technology, defined by IEEE 802.1ad, encapsulates double VLAN tags to packets, expanding the VLAN space to 4096x4096.

20170510144506879002.png

12.gifDo S series switches support QinQ? How is QinQ implemented?

Except low-end switches of S2300EI&SI and S2700EI&SI, other S series switches of all versions support QinQ.

QinQ falls into basic QinQ and selective QinQ.

?? Basic QinQ

Basic QinQ, also called common QinQ, is implemented based on interfaces. That is, a VLAN tag is added to all packets passing through an interface.

Packets from VLAN 10, VLAN 20, and VLAN 30 arrive at the egress of the aggregation device and are tagged with VLAN 100. The packets that are transmitted on the public network carry double VLAN tags. The packets are transmitted in the VLAN specified by the outer tag, and the inner VLAN tag is transmitted as data in packets. (Does the switch learn the MAC address of QinQ packets based on the outer or inner VLAN tag? The question will be answered later.)

20170510144507476003.png

?? Selective QinQ, also called VLAN stacking

Selective QinQ is implemented based on VLAN IDs and interfaces. That is, the switch only adds a VLAN tag to the packet that passes through an interface and matches the specified VLAN ID.

Packets from VLAN 10, VLAN 20, and VLAN 30 arrive at the egress of the aggregation device and are tagged with VLAN 100, VLAN 200, and VLAN 300, respectively. When user packets are transmitted on the public network, the packets carry double VLAN tags and are forwarded in VLANs specified by other tags.

(Answer: The switch learns the MAC address of QinQ packets based on the outer VLAN tag. This is because the inner VLAN tag is transmitted as the data in packets.)

20170510144508334004.png

12.gifHow are basic QinQ and selective QinQ configured?

Type

Configuration

Description

Basic QinQ

port link-type dot1q-tunnel

port default vlan 100

The configurations on fixed and modular switches are the same. You only need to configure two commands.

Selective QinQ

port link-type hybrid????????????????????????????????????????????????????????? qinq vlan-translation enable

port hybrid untagged vlan 100 200 300?????????????????????????????????????????????????

port vlan-stacking vlan 10 stack-vlan 100?????????????????????????????????????

port vlan-stacking vlan 20 stack-vlan 200?????????????????????????????????????

port vlan-stacking vlan 30 to 39 stack-vlan 300

qinq vlan-translation enable

The preceding command needs to be configured on the fixed switch but not the modular switch.

The selective QinQ configuration is flexible and selective QinQ is widely used.

12.gifLet's move to application scenarios of basic QinQ and selective QinQ.

?? Basic QinQ

Company S wants to connect to the ISP network, the carrier allocates VLAN 1000 to company S, and departments of company S belong to different VLANs.

20170510144508954005.png

Configuration Roadmap

You only need to configure basic QinQ on the PE interfaces connected to the CE of company S. The PE tags all packets from company S with VLAN 1000, without the need to modify the configuration of the CE.

Device

Configuration of GE1/0/1

Configuration of GE1/0/2

PE

port link-type dot1q-tunnel???????????????????????????????????????????????????

port default vlan 1000

port link-type trunk??????????????????????????????????????????????????????????

port trunk allow-pass vlan 1000? ?????????????????????????????

After the configuration is performed, departments of company S can access the ISP network.

?? Selective QinQ

Companies A and B are located in different regions. Data and voice services of company A are transmitted in VLAN 10 and VLAN 30, respectively. Data and voice services of company B are also transmitted in VLAN 10 and VLAN 30, respectively. The PE of the ISP network is required to transmit data services in VLAN 100 and voice services in VLAN 30. Data and voice services of companies A and B need to be correctly forwarded without changing the networking.

20170510144509491006.pngb

Configuration Roadmap

1.???????????????? For data services in different VLANs, you only need to configure selective QinQ on the PE so that companies A and B can communicate.

2.???????????????? For voice services in the same VLAN, you need to configure transparent transmission on the PE.

Device

Configuration of GE1/0/1

Configuration of GE1/0/2

PE1

port link-type hybrid

port hybrid tagged vlan 30????????????????????????????????????????????????????????

port hybrid untagged vlan 100????????????????????????????????????????????? port vlan-stacking vlan 10 stack-vlan 100

port link-type trunk???????????????????????????????????????????????? ??????????

port trunk allow-pass vlan 30 100? ?????????????????????????????

PE2

port link-type hybrid

port hybrid tagged vlan 30?????????????????????????????????????????????????????????

port hybrid untagged vlan 100??????????????????????????????????????????????

port vlan-stacking vlan 10 stack-vlan 100?

port link-type trunk??????????????????????????????????????????????????????????

port trunk allow-pass vlan 30 100 ??

http://support.huawei.com/ecommunity/showimage-10092113-10132081-083194e69a94eb040cff07d3bb44ed6e.jpgTip 1: Run the port vlan-stacking command to configure selective QinQ on GE1/0/1 connected to the CE so that the same PE-VLAN ID is added to packets from different CE-VLANs. Configure GE1/0/2 connected to the public network to transparently transmit packets from the PE-VLAN. Do not forget this configuration.

http://support.huawei.com/ecommunity/showimage-10092113-10132081-083194e69a94eb040cff07d3bb44ed6e.jpgTip 2: GE1/0/1 connected to the CE needs to be added to the PE-VLAN in untagged mode. When GE1/0/1 forwards packets tagged with outer VLAN 100, it removes the outer VLAN tag so that the CE can correctly process the packets.

12.gifAfter the configuration is complete, companies A and B cannot communicate. Why?

The common cause is that the outer VLAN is not created on the PE. Run the display vlan summary command to check whether outer VLAN 100 and VLAN 30 exist.

20170510144511490008.png

12.gifAfter VLANs are created globally, data services can be correctly transmitted, but voice services cannot. That is, double-tagged packets can be transmitted, whereas single-tagged packets cannot.

The preceding problem often occurs on SA series cards and fixed switches of S5300EI/S5700EI and S3300EI&SI/ S3700EI&SI. On SA series cards and fixed switches of S5300EI/S5700EI and S3300EI&SI/ S3700EI&SI, VLAN mapping must be configured to map the VLAN to itself from which single-tagged packets need to be transparently transmitted.

On GE1/0/1 of PE1 and PE, run the port vlan-mapping vlan 30 map-vlan 30 command.

20170510144512788009.png

12.gifThe presentation is over. For details of other QinQ functions such as flow-based selective QinQ, visit http://support.huawei.com/enterprise/docinforeader.action?contentId=DOC1000049819&idPath=7919710|9856733|7923144|7070015.

?

?

  • x
  • convention:

New_commer     Created May 12, 2017 08:50:55 Helpful(0) Helpful(0)

学习
  • x
  • convention:

wissal  Visitor   Created May 2, 2018 13:43:25 Helpful(0) Helpful(0)


useful document, thanks
  • x
  • convention:

Reply

Reply
You need to log in to reply to the post Login | Register

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Fast reply Scroll to top