[Insider Sharing] QinQ-based Layer2 Protocol Transparent Transmission

Hello,

Swapping Cisco core with Huawei gear is not an easy task. Usually, a swap starts with core and you later go for the branch. You still need to ensure communication for private protocols or private instance of STP while you come with new network elements into the backbone. It will be a challenge to keep LANs STP domains connected and necessary pass private PVST+ packets over the new backbone.

I would like to share an easy way to pass private packets over multi-vendor backbone: QinQ-based Layer2 Protocol Transparent Transmission.

Layer 2 Protocol Transparent Transmission can transparently transmit Layer 2 protocol packets from the user network for the ISP network. This addresses the network identity issue. The procedure is as follows:

- After receiving Layer 2 protocol packets sent from CE1, PE1 replaces the destination MAC address with a specified multicast MAC address. Then PE1 forwards the packets on the ISP network.

- The Layer 2 protocol packets are forwarded to PE2. PE2 restores the original destination MAC address of the packets, and sends the packets to CE2.

To make LAN communicate private we will use 802.1Q-in-802.1Q (QinQ) technology. In this case, frames from private VLAN tags can be transparently transmitted on the public network. A frame transmitted on the backbone network has double 802.1Q tags (one for the public network and the other for the private network), that is, 802.1Q-in-802.1Q (QinQ).

Topology:

[Insider Sharing] QinQ-based Layer2 Protocol Transparent Transmission-1238427-1

Configuration:

PE1(S7706)：

vlan batch 10 100

stp disable

l2protocol-tunnel pvst+ group-mac 0100-0ccd-cdd0

interface GigabitEthernet2/0/0

port link-type dot1q-tunnel

port default vlan 100

l2protocol-tunnel pvst+ vlan 100

l2protocol-tunnel stp vlan 100

interface GigabitEthernet2/0/1

port hybrid tagged vlan 100

PE2(ME3400)：

vlan 10 100

interface FastEthernet0/15

port-type nni

switchport trunk allowed vlan 100

switchport mode trunk

duplex full

interface FastEthernet0/16

port-type nni

switchport access vlan 100

switchport mode dot1q-tunnel

duplex full

l2protocol-tunnel stp

P(S7706)：

vlan batch 100

stp disable

interface GigabitEthernet1/0/2

port hybrid tagged vlan 100

interface GigabitEthernet1/0/4

port hybrid tagged vlan 100

CE1(ME3600X)：

spanning-tree mode pvst

spanning-tree loopguard default

spanning-tree extend system-id

vlan 10

interface GigabitEthernet0/21

port-type nni

switchport trunk allowed vlan 10

switchport mode trunk

duplex full

CE2 SWITCH(C2960G)：

spanning-tree mode pvst

spanning-tree extend system-id

vlan 10

interface GigabitEthernet0/6

switchport trunk allowed vlan 10

switchport mode trunk

Results:

1. CE2 is the Root bridge when CE1 and CE2 are configured with the same Priority;

[Insider Sharing] QinQ-based Layer2 Protocol Transparent Transmission-1238427-2

1. 2. The Designated port of CE2 send BPDU packet and the Root Port of CE1 received the BPDU packets as normal;

[Insider Sharing] QinQ-based Layer2 Protocol Transparent Transmission-1238427-3

[Insider Sharing] QinQ-based Layer2 Protocol Transparent Transmission-1238427-4

3. Let’s change the priority of CE1 to 0, and see if it will become the root bridge, proving that BPDUs are passing transparently over the network.

[Insider Sharing] QinQ-based Layer2 Protocol Transparent Transmission-1238427-5

4. The Designated port of CE1 sends BPDU packets and the Root Port of CE2 receiving BPDU packets as normal;

[Insider Sharing] QinQ-based Layer2 Protocol Transparent Transmission-1238427-6

[Insider Sharing] QinQ-based Layer2 Protocol Transparent Transmission-1238427-7

Enterprise

Consumer

Corporate

Carriers

[Insider Sharing] QinQ-based Layer2 Protocol Transparent Transmission

Third Party’s Trade Secret