2 q-in-q vlan – PLANET SGSD-1022 User Manual

User’s Manual of SGSD-1022 / SGSD-1022P

SGSW-2840 / SGSW-2840P

4.8.2 Q-in-Q VLAN

■

IEEE 802.1Q Tunneling (Q-in-Q)

IEEE 802.1Q Tunneling (QinQ) is designed for service providers carrying traffic for multiple customers across their networks.

QinQ tunneling is used to maintain customer-specific VLAN and Layer 2 protocol configurations even when different customers

use the same internal VLAN IDs. This is accomplished by inserting Service Provider VLAN (SPVLAN) tags into the customer’s

frames when they enter the service provider’s network, and then stripping the tags when the frames leave the network.

A service provider’s customers may have specific requirements for their internal VLAN IDs and number of VLANs supported.

VLAN ranges required by different customers in the same service-provider network might easily overlap, and traffic passing

through the infrastructure might be mixed. Assigning a unique range of VLAN IDs to each customer would restrict customer

configurations, require intensive processing of VLAN mapping tables, and could easily exceed the maximum VLAN limit of

4096.

QinQ tunneling uses a single Service Provider VLAN (SPVLAN) for customers who have multiple VLANs. Customer VLAN

IDs are preserved and traffic from different customers is segregated within the service provider’s network even when they use

the same customer-specific VLAN IDs. QinQ tunneling expands VLAN space by using a VLAN-in-VLAN hierarchy, preserving

the customer’s original tagged packets, and adding SPVLAN tags to each frame (also called double tagging).

A port configured to support QinQ tunneling must be set to tunnel port mode. The Service Provider VLAN (SPVLAN) ID for the

specific customer must be assigned to the QinQ tunnel access port on the edge switch where the customer traffic enters the

service provider’s network. Each customer requires a separate SPVLAN, but this VLAN supports all of the customer's internal

VLANs. The QinQ tunnel uplink port that passes traffic from the edge switch into the service provider’s metro network must also

be added to this SPVLAN. The uplink port can be added to multiple SPVLANs to carry inbound traffic for different customers

onto the service provider’s network.

When a double-tagged packet enters another trunk port in an intermediate or core switch in the service provider’s network, the

outer tag is stripped for packet processing. When the packet exits another trunk port on the same core switch, the same

SPVLAN tag is again added to the packet.

When a packet enters the trunk port on the service provider’s egress switch, the outer tag is again stripped for packet

processing. However, the SPVLAN tag is not added when it is sent out the tunnel access port on the edge switch into the

customer’s network. The packet is sent as a normal IEEE 802.1Q-tagged frame, preserving the original VLAN numbers used in

the customer’s network.

189