Login
- Table of Contents
-
- 04-Layer 2 - LAN Switching Configuration Guide
- 00-Preface
- 01-VLAN Configuration
- 02-MAC Address Table Configuration
- 03-Spanning Tree Configuration
- 04-Ethernet Link Aggregation Configuration
- 05-Port Isolation Configuration
- 06-QinQ Configuration
- 07-VLAN Mapping Configuration
- 08-BPDU Tunneling Configuration
- 09-GVRP Configuration
- 10-Loopback Detection Configuration
- 11-MAC-in-MAC Configuration
- 12-LLDP Configuration
- 13-MVRP Configuration
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 06-QinQ Configuration | 258.92 KB |
Contents
Modifying the TPID in a VLAN tag
Configuring an outer VLAN tagging policy
Configuring an inner-outer VLAN 802.1p priority mapping policy
Setting the TPID value in VLAN tags
Basic QinQ configuration example
Selective QinQ configuration example
|
|
NOTE: Throughout this document, customer network VLANs (CVLANs), also called inner VLANs, refer to the VLANs that a customer uses on the private network; and service provider network VLANs (SVLANs), also called outer VLANs, refer to the VLANs that a service provider uses to carry VLAN tagged traffic for customers. |
Introduction to QinQ
QinQ stands for 802.1Q in 802.1Q. QinQ is a flexible, easy-to-implement Layer 2 VPN technology based on IEEE 802.1Q. QinQ enables the edge device on a service provider network to insert an outer VLAN tag in the Ethernet frames from customer networks, so that the Ethernet frames travel across the service provider network (public network) with double VLAN tags. QinQ enables a service provider to use a single SVLAN to serve customers who have multiple CVLANs.
Background and benefits
The IEEE 802.1Q VLAN tag uses 12 bits for VLAN IDs. A device supports a maximum of 4094 VLANs. This is far from enough for isolating users in actual networks, especially in metropolitan area networks (MANs).
By tagging tagged frames, QinQ expands the available VLAN space from 4094 to 4094 × 4094. QinQ delivers the following benefits:
· Releases the stress on the SVLAN resource.
· Enables customers to plan their CVLANs without conflicting with SVLANs.
· Provides an easy-to-implement Layer 2 VPN solution for small-sized MANs or intranets.
· Allows the customers to keep their VLAN assignment schemes unchanged when the service provider upgrades the service provider network.
How QinQ works
The devices in the public network forward a frame only according to its outer VLAN tag and learn its source MAC address into the MAC address table of the outer VLAN. The inner VLAN tag of the frame is transmitted as the payload.
Figure 1 Typical QinQ application scenario
As shown in Figure 1, customer network A has CVLANs 1 through 10, and customer network B has CVLANs 1 through 20. The service provider assigns SVLAN 3 for customer network A, and SVLAN 4 for customer network B. When a tagged Ethernet frame from customer network A arrives at the edge of the service provider network, the edge device tags the frame with outer VLAN 3. When a tagged Ethernet frame from customer network B arrives at the edge of the service provider network, the edge device tags it with outer VLAN 4. As a result, no overlap of VLAN IDs among customers exists, and traffic from different customers can be identified separately.
|
|
NOTE: The QinQ feature is implemented based on the 802.1q standard. It is necessary that all the switches along the tunnel support the 802.1q standard. |
QinQ frame structure
A QinQ frame is transmitted double-tagged over the service provider network. As shown in Figure 2, the inner VLAN tag is the CVLAN tag, and the outer one is the SVLAN tag that the service provider has allocated to the customer.
Figure 2 Single-tagged Ethernet frame header and double-tagged Ethernet frame header
|
|
NOTE: The default maximum transmission unit (MTU) of an interface is 1500 bytes. The size of an outer VLAN tag is 4 bytes. H3C recommends you to increase the MTU of each interface on the service provider network to at least 1504 bytes. For more information about interface MTU configuration, see Interface Configuration Guide. |
Implementations of QinQ
H3C provides the following QinQ implementations: basic QinQ and selective QinQ.
1. Basic QinQ
Basic QinQ enables a port to tag any incoming frames with its default VLAN tag, regardless of whether they have been tagged or not. If an incoming frame has been tagged, it becomes a double-tagged frame. If not, it becomes a frame tagged with the port’s default VLAN tag.
2. Selective QinQ
Selective QinQ is more flexible than basic QinQ. In addition to all the functions of basic QinQ, selective QinQ enables a port to perform the following per-CVLAN actions for incoming frames:
¡ Tag frames from different CVLANs with different SVLAN tags.
¡ Mark the outer VLAN 802.1p priority based on the existing inner VLAN 802.1p priority.
Besides being able to separate the service provider network from the customer networks, selective QinQ provides abundant service features and allows more flexible networking.
Modifying the TPID in a VLAN tag
A VLAN tag uses the tag protocol identifier (TPID) field to identify the protocol type of the tag. The default value of this field, as defined in IEEE 802.1Q, is 0x8100.
Figure 3 shows the 802.1Q-defined tag structure of an Ethernet frame.
Figure 3 VLAN tag structure of an Ethernet frame
The TPID in an Ethernet frame has the same position as the protocol type field in a frame without a VLAN tag. To avoid problems in packet forwarding and handling in the network, do not set the TPID value to any of the values in Table 1.
Table 1 Reserved protocol type values
|
Protocol type |
Value |
|
ARP |
0x0806 |
|
PUP |
0x0200 |
|
RARP |
0x8035 |
|
IP |
0x0800 |
|
IPv6 |
0x86DD |
|
PPPoE |
0x8863/0x8864 |
|
MPLS |
0x8847/0x8848 |
|
IPX/SPX |
0x8137 |
|
IS-IS |
0x8000 |
|
LACP |
0x8809 |
|
802.1X |
0x888E |
|
Cluster |
0x88A7 |
|
Reserved |
0xFFFD/0xFFFE/0xFFFF |
QinQ configuration task list
Complete the follows tasks to configure QinQ:
|
Task |
Remarks |
|
|
Required |
||
|
Perform at least one of these tasks |
||
|
Configuring an inner-outer VLAN 802.1p priority mapping policy |
||
|
Optional |
||
Enabling basic QinQ
To enable basic QinQ:
|
Step |
Command |
Remarks |
|
|
1. Enter system view. |
system-view |
N/A |
|
|
2. Enter interface view or port group view. |
·
Enter Ethernet interface view or Layer 2 aggregate
interface view: ·
Enter port group view: |
Use either command. |
|
|
3. Enable basic QinQ. |
qinq enable |
By default, basic QinQ is disabled. |
|
|
CAUTION: The basic QinQ function must be enabled on network devices in the service provider network with customer networks connected to them. |
Configuring selective QinQ
|
|
NOTE: For more information about QoS policies, see ACL and QoS Configuration Guide. |
Configuring an outer VLAN tagging policy
You can configure QoS policies to have different outer VLAN tags encapsulated for frames based on their inner VLAN tags.
To configure an outer VLAN tagging policy:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Create a class and enter class view. |
traffic classifier tcl-name [ operator { and | or } ] |
By default, the relationship between the rules in a class is logical AND, that is, the switch considers a packet belongs to a class only when the packet matches all the rules in the class. |
|
3. Define a match criterion. |
if-match match-criteria |
You can configure more match criteria as needed. |
|
4. Return to system view. |
quit |
N/A |
|
5. Create a traffic behavior and enter traffic behavior view. |
traffic behavior behavior-name |
N/A |
|
6. Configure the action of inserting an SVLAN tag. |
nest top-most vlan-id vlan-id-value |
Configure more actions for the behavior as needed. |
|
7. Return to system view. |
quit |
N/A |
|
8. Create a policy and enter policy view. |
qos policy policy-name |
N/A |
|
9. Associate the traffic class with the traffic behavior. |
classifier tcl-name behavior behavior-name |
N/A |
|
10. Return to system view. |
quit |
N/A |
|
11. Enter interface view: |
·
Enter Ethernet interface view: · Enter port group view: |
Use either command. |
|
12. Apply the QoS policy to the Ethernet interface or all ports in the port group. |
qos apply policy policy-name { inbound | outbound } |
N/A |
Configuring an inner-outer VLAN 802.1p priority mapping policy
To map different inner VLAN 802.1p priorities to different outer VLAN 802.1p priorities, you can perform the following configuration.
To configure an inner-outer VLAN 802.1p priority mapping policy:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Create a class and enter class view. |
traffic classifier tcl-name [ operator { and | or } ] |
By default, the relationship between the rules in a class is logic AND, that is, the switch considers a packet belongs to a class only when the packet matches all the rules in the class. |
|
3. Define an inner VLAN 802.1p priority match criterion. |
if-match customer-dot1p 8021p-list |
You can configure more match criteria as needed. |
|
4. Return to system view. |
quit |
N/A |
|
5. Create a traffic behavior and enter traffic behavior view. |
traffic behavior behavior-name |
N/A |
|
6. Configuring the action of setting the 802.1p priority. |
remark dot1p 8021p |
Configure more actions for the traffic behavior as needed. |
|
7. Return to system view. |
quit |
N/A |
|
8. Create a policy and enter policy view. |
qos policy policy-name |
N/A |
|
9. Associate the traffic class with the traffic behavior. |
classifier tcl-name behavior behavior-name |
N/A |
|
10. Return to system view. |
quit |
N/A |
|
11. Enter interface view: |
·
Enter Ethernet interface view: · Enter port group view: |
Use either command. |
|
12. Apply the QoS policy to the Ethernet interface or all ports in the port group. |
qos apply policy policy-name { inbound | outbound } |
N/A |
Setting the TPID value in VLAN tags
To set the TPID value in outer VLAN tag:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enter interface view or port group view. |
·
Enter Ethernet interface view or Layer 2
aggregate interface view: ·
Enter port group view: |
Use either command. |
|
3. Set the TPID value in the outer VLAN tag that the port adds to frames. |
qinq ethernet-type hex-value |
Optional. The default setting is 0x8100. |
|
|
CAUTION: · Perform the above configuration on ports (of switches in the service provider network) with customer networks connected to them. H3C recommends that you configure the qinq ethernet-type command and the qinq enable command on the same card. · The qinq ethernet-type command must be used with the qinq enable command. · A card supports only one TPID value in addition to its default TPID. |
QinQ configuration examples
|
|
NOTE: By default, Ethernet, VLAN, and aggregate interfaces are in DOWN state. Before configuring these interfaces, use the undo shutdown command to bring them up. |
Basic QinQ configuration example
Network requirements
As shown in Figure 4:
· The two branches of Company A, Site 1 and Site 2, are connected through the service provider network and use CVLANs 10 through 70. The two branches of Company B, Site 3 and Site 4, are connected through the service provider network and use CVLANs 30 through 90.
· PE 1 and PE 2 are edge devices on the service provider network and are connected through third-party devices with a TPID value of 0x8200.
Configure the edge and third-party devices to enable communication between the branches of Company A through SVLAN 100, and communication between the branches of Company B through SVLAN 200.
Configuration procedure
|
|
NOTE: Make sure that the devices in the service provider network have been configured to allow QinQ packets to pass through. |
1. Configure PE 1
a. Configure GigabitEthernet 4/0/1.
# Configure GigabitEthernet 4/0/1 as a trunk port and assign it to VLAN 100 and VLANs 10 through 70.
<PE1> system-view
[PE1] interface gigabitethernet 4/0/1
[PE1-GigabitEthernet4/0/1] port link-type trunk
[PE1-GigabitEthernet4/0/1] port trunk permit vlan 100 10 to 70
# Configure VLAN 100 as the default VLAN ID for the port.
[PE1-GigabitEthernet4/0/1] port trunk pvid vlan 100
# Enable basic QinQ on the port.
[PE1-GigabitEthernet4/0/1] qinq enable
[PE1-GigabitEthernet4/0/1] quit
b. Configure GigabitEthernet 4/0/2.
# Configure GigabitEthernet 4/0/2 as a trunk port and assign it to VLAN 100 and VLAN 200.
[PE1] interface gigabitethernet 4/0/2
[PE1-GigabitEthernet4/0/2] port link-type trunk
[PE1-GigabitEthernet4/0/2] port trunk permit vlan 100 200
# Set the TPID value in the outer VLAN tag to 0x8200 on the port.
[PE1-GigabitEthernet4/0/2] qinq ethernet-type 8200
[PE1-GigabitEthernet4/0/2] quit
c. Configure GigabitEthernet 4/0/3.
# Configure GigabitEthernet 4/0/3 as a trunk port and assign it to VLAN 200 and VLANs 30 through 90.
[PE1] interface gigabitethernet 4/0/3
[PE1-GigabitEthernet4/0/3] port link-type trunk
[PE1-GigabitEthernet4/0/3] port trunk permit vlan 200 30 to 90
# Configure VLAN 200 as the default VLAN ID for the port.
[PE1-GigabitEthernet4/0/3] port trunk pvid vlan 200
# Enable basic QinQ on the port.
[PE1-GigabitEthernet4/0/3] qinq enable
[PE1-GigabitEthernet4/0/3] quit
2. Configure PE 2
a. Configure GigabitEthernet 4/0/1.
# Configure GigabitEthernet 4/0/1 as a trunk port and assign it to VLAN 200 and VLANs 30 through 90.
<PE2> system-view
[PE2] interface gigabitethernet 4/0/1
[PE2-GigabitEthernet4/0/1] port link-type trunk
[PE2-GigabitEthernet4/0/1] port trunk permit vlan 200 30 to 90
# Configure VLAN 200 as the default VLAN ID for the port.
[PE2-GigabitEthernet4/0/1] port trunk pvid vlan 200
# Enable basic QinQ on the port.
[PE2-GigabitEthernet4/0/1] qinq enable
[PE2-GigabitEthernet4/0/1] quit
b. Configure GigabitEthernet 4/0/2.
# Configure GigabitEthernet 4/0/2 as a trunk port and assign it to VLAN 100 and VLAN 200.
[PE2] interface gigabitethernet 4/0/2
[PE2-GigabitEthernet4/0/2] port link-type trunk
[PE2-GigabitEthernet4/0/2] port trunk permit vlan 100 200
# Set the TPID value in the outer VLAN tag to 0x8200 on the port.
[PE2-GigabitEthernet4/0/2] qinq ethernet-type 8200
[PE2-GigabitEthernet4/0/2] quit
c. Configure GigabitEthernet 4/0/3.
# Configure GigabitEthernet 4/0/3 as a trunk port and assign it to VLAN 100 and VLANs 10 through 70.
[PE2] interface gigabitethernet 4/0/3
[PE2-GigabitEthernet4/0/3] port link-type trunk
[PE2-GigabitEthernet4/0/3] port trunk permit vlan 100 10 to 70
# Configure VLAN 100 as the default VLAN ID for the port.
[PE2-GigabitEthernet4/0/3] port trunk pvid vlan 100
# Enable basic QinQ on the port.
[PE2-GigabitEthernet4/0/3] qinq enable
[PE2-GigabitEthernet4/0/3] quit
3. Configure third-party devices
On the third-party devices between PE 1 and PE 2, configure the port connecting to PE 1 and that connecting to PE 2 to allow tagged frames of VLAN 100 and VLAN 200 to pass through.
Selective QinQ configuration example
Network requirements
As shown in Figure 5:
· Provider A and Provider B are service provider network access switches that connect the user network.
· The user network is divided into VLAN 10 and VLAN 20.
Configure selective QinQ so that frames from the user network can pass through the service provider network tagged with SVLAN 100.
Configuration procedure
1. Configure Provider A
# Configure an uplink policy to tag SVLAN 100 for frames from the user network.
<ProviderA> system-view
[ProviderA] traffic classifier nest operator or
[ProviderA-classifier-nest] if-match service-vlan-id 10 20
[ProviderA-classifier-nest] quit
[ProviderA] traffic behavior nest
[ProviderA-behavior-nest] nest top-most vlan-id 100
[ProviderA-behavior-nest] quit
[ProviderA] qos policy nest
[ProviderA-qospolicy-nest] classifier nest behavior nest
[ProviderA-qospolicy-nest] quit
# Configure port GigabitEthernet 4/0/1 to allow frames of VLAN 100 to pass through untagged.
[ProviderA] interface gigabitethernet 4/0/1
[ProviderA-GigabitEthernet4/0/1] port link-type hybrid
[ProviderA-GigabitEthernet4/0/1] port hybrid vlan 100 untagged
# Apply the uplink policy to the inbound direction of GigabitEthernet 4/0/1.
[ProviderA-GigabitEthernet4/0/1] qos apply policy nest inbound
[ProviderA-GigabitEthernet4/0/1] quit
# Configure port GigabitEthernet 4/0/2 to allow frames of VLAN 100 to pass through.
[ProviderA] interface gigabitethernet 4/0/2
[ProviderA-GigabitEthernet4/0/2] port link-type trunk
[ProviderA-GigabitEthernet4/0/2] port trunk permit vlan 100
2. Configure Provider B
Configure Provider B as you configure Provider A.
