Figure 85 – Brocade Communications Systems Brocate Ethernet Access Switch 6910 User Manual

Brocade 6910 Ethernet Access Switch Configuration Guide

731

53-1002581-01

IEEE 802.1Q Tunneling

34

QinQ tunneling uses a single Service Provider VLAN (SPVLAN) for customers who have multiple
VLANs. Customer VLAN IDs are preserved and traffic from different customers is segregated within
the service provider’s network even when they use the same customer-specific VLAN IDs. QinQ
tunneling expands VLAN space by using a VLAN-in-VLAN hierarchy, preserving the customer’s
original tagged packets, and adding SPVLAN tags to each frame (also called double tagging).

A port configured to support QinQ tunneling must be set to tunnel port mode. The Service Provider
VLAN (SPVLAN) ID for the specific customer must be assigned to the QinQ tunnel access port on
the edge switch where the customer traffic enters the service provider’s network. Each customer
requires a separate SPVLAN, but this VLAN supports all of the customer's internal VLANs. The QinQ
tunnel uplink port that passes traffic from the edge switch into the service provider’s metro
network must also be added to this SPVLAN. The uplink port can be added to multiple SPVLANs to
carry inbound traffic for different customers onto the service provider’s network.

When a double-tagged packet enters another trunk port in an intermediate or core switch in the
service provider’s network, the outer tag is stripped for packet processing. When the packet exits
another trunk port on the same core switch, the same SPVLAN tag is again added to the packet.

When a packet enters the trunk port on the service provider’s egress switch, the outer tag is again
stripped for packet processing. However, the SPVLAN tag is not added when it is sent out the tunnel
access port on the edge switch into the customer’s network. The packet is sent as a normal IEEE
802.1Q-tagged frame, preserving the original VLAN numbers used in the customer’s network.

FIGURE 85

QinQ Operational Concept

Layer 2 Flow for Packets Coming into a Tunnel Access Port

A QinQ tunnel port may receive either tagged or untagged packets. No matter how many tags the
incoming packet has, it is treated as tagged packet.

The ingress process does source and destination lookups. If both lookups are successful, the
ingress process writes the packet to memory. Then the egress process transmits the packet.
Packets entering a QinQ tunnel port are processed in the following manner:

1. The SPVLAN tag is added to all outbound packets on the SPVLAN interface..

2. After successful source and destination lookup, the ingress process sends the packet to the

switching process with two tags. If the incoming packet is untagged, the outer tag is an SPVLAN
tag, and the inner tag is a dummy tag (8100 0000). If the incoming packet is tagged, the outer
tag is an SPVLAN tag, and the inner tag is a CVLAN tag.

Tunnel Uplink Ports
Double-Tagged Packets
Outer Tag - Service Provider VID
Inner Tag - Customer VID

QinQ Tunneling

Service Provider
(edge switch A)

Customer A
(VLANs 1-10)

Customer B
(VLANs 1-50)

Customer A
(VLANs 1-10)

Customer B
(VLANs 1-50)

Service Provider
(edge switch B)

VLAN 10
Tunnel

Port

Access

Tunnel

Port

VLAN 20

Access

VLAN 10

Tunnel

Port

Access

Tunnel

Port

VLAN 20

Access