CANOGA PERKINS CanogaOS Configuration Guide User Manual
Page 79
CanogaOS Configuration Guide
Proprietary & Confidential Canoga Perkins Metro Ethernet Switches
Page 79 of 350
10 Configuring 802.1q tunneling and Layer2 protocol
Tunneling
Tunneling is a feature designed for service providers who carry traffic of multiple customers
across their networks and are required to maintian the VLAN and Layer2 protocol configurations
of each customer without impacting the traffic of other customers. This chapter will describe
how to configure 802.1q tunneling and Layer2 protocol tunneling, as well as VLAN
mapping(VLAN-ID translation).
10.1.1 Understanding 802.1q tunneling
Service-provider business customers often have specific requirements for VLAN IDs and the
number of VLANs to be supported. The VLAN ranges required by different customers in the
same service-provider network might overlap, and traffic of customers through the infrastructure
might be mixed. Assigning a unique range of VLAN IDs to each customer would restrict
customer configurations and could easily exceed the VLAN limit (4096) of the 802.1Q
specification.
Using the 802.1Q tunneling feature, service providers can use a single VLAN to support
customers who have multiple VLANs. Customer VLAN IDs are preserved, and traffic from
different customers is segregated within the service-provider infrastructure, even when they
appear to be on the same VLAN. Using 802.1Q tunneling expands VLAN space by using a
VLAN-in-VLAN hierarchy and tagging the tagged packets. A port configured to support 802.1Q
tunneling is called a tunnel port. When you configure tunneling, you assign a tunnel port to this
port’s native VLAN that is dedicated to tunneling. Each customer requires a separate
service-provider VLAN ID, but that VLAN ID supports all of the customer’s VLANs.
Customer traffic tagged in the normal way with appropriate VLAN IDs come from an 802.1Q
trunk port on the customer device and into a tunnel port on the service-provider edge switch. The
link between the customer device and the edge switch is an asymmetric link because one end is
configured as an 802.1Q trunk port and the other end is configured as a tunnel port. You assign
the tunnel port interface to an access VLAN ID that is unique to each customer. See following
figure.
Packets coming from the customer trunk port into the tunnel port on the service-provider edge
switch are normally 802.1Q-tagged with the appropriate VLAN ID. The tagged packets remain
intact inside the switch and, when they exit the trunk port into the service-provider network, are
encapsulated with another layer of an 802.1Q tag (called the metro tag) that contains the VLAN
ID that is unique to the customer. The original 802.1Q tag from the customer is preserved in the
encapsulated packet. Therefore, packets entering the service-provider infrastructure are
double-tagged, with the outer tag containing the customer’s access VLAN ID, and the inner
VLAN ID being the VLAN of the incoming traffic.
When the double-tagged packet enters another trunk port in a service-provider core switch, the
outer tag is stripped as the packet is processed inside the switch. When the packet exits another
trunk port on the same core switch, the same metro tag is again added to the packet.