[Insider Sharing] QinQ-based Layer2 Protocol Transparent Transmission

Created Apr 28, 2014 01:29:31Latest reply Feb 02, 2016 04:09:07 3386 2 0 0

Hello,

Swapping Cisco core with Huawei gear is not an easy task. Usually, a swap starts with core and  you later go for the branch. You still need to ensure communication for private protocols or private instance of STP while you come with new network elements into the backbone. It will be a challenge to keep LANs STP domains connected  and necessary  pass private PVST+ packets over the new backbone.

I would like to share an easy way to pass private packets over multi-vendor backbone: QinQ-based Layer2 Protocol Transparent Transmission.

Layer 2 Protocol Transparent Transmission can transparently transmit Layer 2 protocol packets from the user network for the ISP network. This addresses the network identity issue. The procedure is as follows:

-          After receiving Layer 2 protocol packets sent from CE1, PE1 replaces the destination MAC address with a specified multicast MAC address. Then PE1 forwards the packets on the ISP network.

-          The Layer 2 protocol packets are forwarded to PE2. PE2 restores the original destination MAC address of the packets, and sends the packets to CE2.

To make LAN communicate private we will use 802.1Q-in-802.1Q (QinQ) technology. In this case, frames from private VLAN tags can be transparently transmitted on the public network. A frame transmitted on the backbone network has double 802.1Q tags (one for the public network and the other for the private network), that is, 802.1Q-in-802.1Q (QinQ).


Topology:



Configuration:

 

PE1(S7706):


#                                                                              

vlan batch 10 100                                                           

#                                                                              

stp disable                                                                     

#                                                                              

l2protocol-tunnel pvst+ group-mac 0100-0ccd-cdd0                               

#                                                                                                                          

interface GigabitEthernet2/0/0                                                 

 port link-type dot1q-tunnel                                                   

 port default vlan 100                                                                                                                            

 l2protocol-tunnel pvst+ vlan 100                                              

 l2protocol-tunnel stp vlan 100                                                

#                                                                              

interface GigabitEthernet2/0/1                                                 

 port hybrid tagged vlan 100                                                   

#

 

 

PE2(ME3400):


!                                                                              

vlan 10 100     

!                                                                                                                            

interface FastEthernet0/15                                                     

 port-type nni                                                                  

 switchport trunk allowed vlan 100                                             

 switchport mode trunk                                                         

 duplex full                                                                   

!                                                                               

interface FastEthernet0/16                                                     

 port-type nni                                                                 

 switchport access vlan 100                                                    

 switchport mode dot1q-tunnel                                                  

 duplex full                                                                   

 l2protocol-tunnel stp                                                          

!

 


P(S7706):


#                                                                              

vlan batch 100                                              

#                                                                             

stp disable                                                                    

#                                                                             

interface GigabitEthernet1/0/2                                                  

 port hybrid tagged vlan 100                                                   

#                                                                                                                                                

interface GigabitEthernet1/0/4                                                 

 port hybrid tagged vlan 100                                                   

#

 

 

CE1(ME3600X):


!                                                                              

spanning-tree mode pvst                                                        

spanning-tree loopguard default                                                

spanning-tree extend system-id                                                                                                                                                                     

!                                                                              

vlan 10                                                                                     

!                                                                                                                                                                                                           

interface GigabitEthernet0/21                                                   

 port-type nni                                                                 

 switchport trunk allowed vlan 10                                              

 switchport mode trunk                                                          

 duplex full                                                                   

!

 


CE2   SWITCH(C2960G):


!                                                                              

spanning-tree mode pvst                                                         

spanning-tree extend system-id                                                                                              

!                                                                                                              

vlan 10                                                              

!                                                                                                                                                                                                                                                                                      

interface GigabitEthernet0/6                                                   

 switchport trunk allowed vlan 10                                               

 switchport mode trunk                                                         

!

 

Results:


1.   CE2 is the Root bridge when CE1 and CE2 are configured with the same Priority;



1.       2.    The Designated port of CE2 send BPDU packet and the Root Port of CE1 received the BPDU packets as normal;  

            

           



3.    Let’s change the priority of CE1 to 0, and see if it will become the root bridge, proving that BPDUs are passing transparently over the network. 



4.   The Designated port of CE1 sends BPDU packets and the Root Port of CE2 receiving  BPDU packets as normal;











  • x
  • convention:

Sophoni  Moderator   Created Apr 28, 2014 10:59:08 Helpful(0) Helpful(0)

Good!
  • x
  • convention:

user_2166119     Created Feb 02, 2016 04:09:07 Helpful(0) Helpful(0)

 I was looking for this information, thanks for the post! 192.168.1.1

  • x
  • convention:

Responses

Reply
You need to log in to reply to the post Login | Register

Notice:To ensure the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but not limited to politically sensitive content, content concerning pornography, gambling, drug abuse and trafficking, content that may disclose or infringe upon others' intellectual properties, including commercial secrets, trade marks, copyrights, and patents, and personal privacy. Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see“ Privacy Policy.”
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Fast reply Scroll to top