QinQ Tunneling
————————
This is the method basically used by service providers to preserve Vlan-Ids and to segregate
traffic of different customers.It enables service providers to use a single VLAN to support
different customers who have a single or multiple VLANs need to connect across providers
network.
Few things to remember while configuring QinQ tunnel:-
A tunnel port must be defined and assigned to a VLAN,different customers must be assign to
different tunnel ports and different tunnel ports must be configured in different provider
VLANs to keep the traffic of different customers segregated.
When a given tunnel port receives customer traffic,it then adds a 2 Byte Ether-Type field
of 0x8100 followed by a 2 Byte field containing CoS and the VLAN and then this traffic
put into the VLAN to which the tunnel port is assigned.The Egress tunnel port strips off the
4 Bytes that was added by the ingress tunnel port and then transmits the traffic to the
customer device.You can recall the MPLS lable imposition and disposition to understand this
concept as i did.
When Dot1q tunneling is configured,a layer 2 protocol tunneling can also be configured,a
layer2 protocol tuneling allows layer2 PDU’s(Protocol Data Units) to be tunneled through
the network,the layer 2 protocols that can be tunneled are:-CDP,STP, and VTP and they need
to be configured or else they will NOT get propagated accross the tunnel.
Note:Dont forget to increase the system MTU to support atleast 1504 bytes”system-mtu 1504″
and then reload the switch to take effect.
Scenario:-
In this diagram, notice Customer A is sending VLANs 1 – 50 over the metro ethernet link to the Provider network,where it crosses the Provider network and is able to communicate on the other end with its remote switch.
Similarly Customer-B is sending VLANs 1 -100 over its metro ethernet links. Both the customer traffic kept separate with the use of the Q-in-Q.
The Provider Switch Ports connecting to the customer switch are configured as not trunk and the customer switches are configured as trunk ports, this is reason why the provider end of the switch is called as an asymmetric port, the provider port is configured as a tunnel port and not a trunk port. Also make note that the Provider Switch Port connecting to customer-A switch Port is configured in VLAN 25, this is also called as the Metro Ethernet Tag. Similarly the Metro Ethernet Tag for Customer-B is VLAN 50. Customers build standard 802.1 Q trunk ports and the provider builds a tunnel port with the VLAN tag, So the customer traffic is identified with this additional Q tag. Notice that the Metro VLAN tag is same for each of the same customer’s location and it is different for each customer identifying each customer’s location.
Provider Edge switches treat everything that comes in the tunnel port as untagged even if customer is sending tagged traffic and by default the Priority tag is set to 0.
Notice when 802.1Q trunks in Provider network are used, the native VLAN of these trunks cannot be the same as the native VLAN on any tunnel port to avoid double tagging of customer traffic. Providers can use a native VLAN that is not being used by of the customers- beacuse this can cause issues later when some new customer or existing customer changes their VLAN which can match this Native VLAN, so the other two choices in Provider network will be to either use ISL trunks (possible only if Provider has all Cisco switches) or go ahead and tag the native vlan on all provider edge switches with command: “vlan dot1q tag native vlan”.
Few things to remember on Provider Tunnel Ports:-
1. Tunnel Ports cannot be routed
2. If SVI are used then only untagged frames (native vlan frames) sent by the customer will be routed.
3. When a port is configured as an IEEE 802.1Q tunnel port, spanning-tree bridge protocol data unit (BPDU) filtering is automatically enabled on the interface. Cisco Discovery Protocol (CDP) and the Layer Link Discovery Protocol (LLDP) are automatically disabled on the interface,so we need to manually tunnel CDP.Also STP and VTP will not work we need to tunnel with the command “l2protocol-tunnel [cdp|vtp|stp]”
4.Layer 3 quality of service (QoS) ACLs and other QoS features related to Layer 3 information are not supported on tunnel ports. MAC-based QoS is supported on tunnel ports.
5.Port Aggregation Protocol (PAgP), Link Aggregation Control Protocol (LACP), and UniDirectional Link Detection (UDLD) are supported on IEEE 802.1Q tunnel ports.
Note: When using Q-in -Q increase the MTU on the frames, because of the addition of a new tag the ethernet frame size increases, so its recommended to increase the MTU of the ethernet frames by 1504 atleast “system-mtu 1504” and reload the switch to take effect the change.
Q-in-Q Tunneling and L2TP Configuration.
Below is the Diagram we will utilize to configure a very simple Q-in-Q sample network.
Description | C1-SW1 | C1-SW2 |
Configuration of Customer Ports Connecting to Provider Edge Switches | interface GigabitEthernet0/1 description To-Provider switchport trunk encapsulation dot1q switchport mode trunk switchport nonegotiate end |
interface GigabitEthernet0/1 description To-Provider switchport trunk encapsulation dot1q switchport mode trunk switchport nonegotiate end |
Customer Vlans | VLANs 10,11,12,13,14,15,16 | VLANs 10,11,12,13,14,15,16 |
Customer SVIs | interface Vlan10 ip address 10.100.100.1 255.255.255.0 |
interface Vlan10 ip address 10.100.100.2 255.255.255.0 |
P1-SW1 | P1-SW2 | |
Trunk Ports between Provider Switches | interface GigabitEthernet0/24 switchport trunk encapsulation dot1q switchport mode trunk switchport nonegotiate |
interface GigabitEthernet0/24 switchport trunk encapsulation dot1q switchport mode trunk switchport nonegotiate |
Only Vlan on trunk | Vlan 15 | Vlan 15 |
Q-in-Q and L2TP configuration of Provider Edge switches | interface GigabitEthernet0/1 description To-Cust1 switchport access vlan 15 switchport mode dot1q-tunnel l2protocol-tunnel cdp l2protocol-tunnel stp l2protocol-tunnel vtp no cdp enable |
interface GigabitEthernet0/1 description To-Cust1 switchport access vlan 15 switchport mode dot1q-tunnel l2protocol-tunnel cdp l2protocol-tunnel stp l2protocol-tunnel vtp no cdp enable |
Some of the things like pictures are copied from the internet due to non-availabilty of the appropriate tool , as i am sitting in my office right now,still i hope this will be informative.
- NETGEAR Nighthawk (RAX54S) WiFi 6 Router Review - August 24, 2024
- TP-Link AX1800 Archer AX21 WiFi 6 Router Review - August 24, 2024
- How to Connect Nanit to Hotel WiFi? - August 12, 2024