QinQ Configuration Guide
此内容尚不支持你的语言。
QinQ, short for “802.1Q in 802.1Q,” is a simple Layer 2 VPN (Virtual Private Network) protocol based on IEEE 802.1Q technology. QinQ adds an additional VLAN tag to private network packets, enabling them to carry two layers of VLAN tags. This allows packets to traverse the carrier’s core network (also known as the public network), enabling the carrier to provide services for user networks containing multiple VLANs. When packets traverse the carrier network and reach the private network device on the other side of the carrier network, flooding or FDB lookup occurs within the outer VLAN. When QinQ packets are output from the downstream port, the outer VLAN is stripped, and data forwarding occurs within the inner VLAN.
Initially, QinQ was primarily developed to expand the VLAN space. It achieves this by adding an additional layer of 802.1Q tags on top of existing 802.1Q packets, increasing the VLAN count to 4094*4094.
With the development of metropolitan Ethernet and the demand for refined operations by carriers, QinQ’s dual-layer tagging has found further applications. Its inner and outer tags can represent different information, such as the inner tag representing users and the outer tag representing services. Due to its ease of use, QinQ has been widely adopted by various carriers. Particularly, the emergence of flexible QinQ has made QinQ services more favored and endorsed by carriers, offering features such as effective separation between VLANs of different users and public network VLANs, and maximizing savings on carrier network VLAN resources.
Explanation of Principles
Section titled “Explanation of Principles”Basic QinQ
Section titled “Basic QinQ”Basic QinQ, also known as QinQ Layer 2 tunneling, is configured through interfaces. Once the basic QinQ feature is enabled on an interface, when the device receives a data packet on that interface, it attaches the VLAN tag of the default VLAN for that interface to the packet. If the received data packet already carries a VLAN tag, it becomes a double-tagged packet. If the incoming data packet lacks a VLAN tag, it will be tagged with the VLAN tag of the interface’s default VLAN.
When there is a need to utilize multiple VLANs, the basic QinQ feature can be configured by adding an outer tag to the VLAN, thereby expanding the numerical range of available VLANs and addressing the issue of limited VLAN quantity resources.
Flexible QinQ
Section titled “Flexible QinQ”Flexible QinQ is a more versatile implementation of QinQ, combining the characteristics of interfaces and VLANs. In the case of data packets received on the same interface with different inner VLAN IDs, Flexible QinQ adds distinct outer VLAN tags to them.
Compared to Basic QinQ, Flexible QinQ extends its functionality, providing greater flexibility and diversity. The key differences between the two are:
- Basic QinQ: All frames entering the Layer 2 QinQ interface receive the same outer tag.
- Flexible QinQ: Frames entering the Layer 2 QinQ interface can have different outer tags added based on their different inner tags, allowing for a more detailed segmentation of user VLANs.
QinQ Configuration
Section titled “QinQ Configuration”| Configure Tasks | Instructions | Index |
|---|---|---|
| Configure Interface-based Basic QinQ Rules | Optional | |
| Configure VLAN-based Flexible QinQ Functionality | Optional |
Configuring Interface-based Basic QinQ Rules
Section titled “Configuring Interface-based Basic QinQ Rules”When the port enables basic QinQ, all traffic entering the device from this port will be tagged with the default VLAN tag of this port.
If the received packet is untagged, a VLAN tag of the default VLAN of this port will be added to the packet.
If the received packet is tagged, another layer of the default VLAN tag of this port will be added outside the existing VLAN tag of the packet, making it a double-tagged packet.
| Operation | Command | Description |
|---|---|---|
| Enter the interface configuration view | interface ethernet interface-id | |
| Configuring Interface-based Basic QinQ Rules | qinq enable |
Configuring VLAN-based Flexible QinQ Functionality
Section titled “Configuring VLAN-based Flexible QinQ Functionality”Building upon basic QinQ, it supports matching the VLAN carried by incoming packets and encapsulating them with a specified VLAN.
If the packet does not carry a VLAN, an additional layer of the VLAN corresponding to the Port VLAN ID (PVID) will be added to it.
If the packet carries a VLAN, it will attempt to match the configured rules. If a match is found, an additional layer of the VLAN specified in the rule will be added to the packet.
| Operation | Command | Description |
|---|---|---|
| Enter the interface configuration view | interface ethernet interface-id | |
| Configuring Interface-based Basic QinQ Rules | vlan-stack tagged | stack-id: Specifies the outer VLAN tag after stacking remark-tc |
Display and Maintenance
Section titled “Display and Maintenance”| Operation | Command |
|---|---|
| View the QinQ protocol configuration on an interface | show interface qinq protocol [interface_name] |
| View the VLAN stack functionality configuration on an interface | show interface vlan-stack tagged |
Configuration Example
Section titled “Configuration Example”Network requirements
Two branches of a company communicate through the operator’s network, and the company’s internal services use VLAN 100 and 200 to interoperate. The operator’s network provides VLAN 101.
Procedure
1.The configuration of Device A and Device B is the same, here is the example of Device A
2.Create VLAN 100, 200 and add the corresponding physical interfaces to the VLAN
sonic(config)# vlan 100sonic(config)# interface ethernet 1sonic(config-if-1)# switchport trunk vlan 100sonic(config)# interface ethernet 2sonic(config-if-2)# switchport trunk vlan 100sonic(config)# vlan 200sonic(config)# interface ethernet 3sonic(config-if-3)# switchport trunk vlan 200sonic(config)# interface ethernet 4sonic(config-if-4)# switchport trunk vlan 2003.Add the user-side interface to the operator-provided VLAN in access mode
sonic(config)# vlan 101sonic(config)# port-group ethernet 1-4sonic(config-port-group-1-4)# switchport access vlan 1014.Configure the operator-side interface to allow access to the VLAN provided by the operator
sonic(config)# vlan 101sonic(config)# interface ethernet 5sonic(config-if-5) switchport trunk vlan 1015.Enable QinQ on the user-side interface and configure the VLAN tag to be added
sonic(config)# interface ethernet 1sonic(config-if-1)# qinq enablesonic(config)# interface ethernet 2sonic(config-if-2)# qinq enablesonic(config)# interface ethernet 3sonic(config-if-3)# qinq enablesonic(config)# interface ethernet 4sonic(config-if-4)# qinq enableVerify configuration
The PCs in the same VLAN under Device A and Device B can communicate with each other.