The QinQ package and the end.

Recommended for you: Get network issues from WhatsUp Gold. Not end users.

The following is an excerpt from being, 360buy, Joyo, interactive publishing network sale, will be formally released "Huawei switch study guide" one book (Book of nearly a thousand pages). This book is authorized by the Huawei official, the first in the country, and only a Huawei switch authoritative study guide, is Huawei ICT certification training specified materials. link: Jingdong network links:

Superior online links:

Interactive Publishing Web links:

7.3.1 QinQ technology background

QinQ is the first produced for extended VLAN ID space, but with the development of Metro Ethernet and requires operators to sophisticated operation, double label QinQ and there was a further usage scenarios. Its inner, outer tag can represent different information, such as the inner label on behalf of the user, the outer tag represents business. In addition, QinQ data frame with two layers of labels across the network operators, the inner label transparent transmission, can also be regarded as a kind of simple, practical VPN Technology. Therefore it can be used as the core MPLS VPN in Metro Ethernet VPN extension, eventually forming the end to end VPN Technology. Due to the characteristics of QinQ easy to use, is now in the operators have a wide range of applications, such as QinQ technology solutions in Metro Ethernet scheme and a variety of business combination. Especially the flexible QinQ (Selective QinQ/VLAN Stacking) appears, make QinQ business and more by the operators of the highly praised and popular.

As we know, a VLAN tag is common in VLAN is used to distinguish users, but if want to distinguish between the user and the type of business, so how to do? As shown in Figure 7-11 is below a company connects two sub company, and each sub company has the staff of different departments use VLAN to distinguish, but the two sub sector companies VLAN ID planning is overlapping. If the data frame using only a layer of VLAN tags, corporation cannot distinguish data are from which subsidiary is not for different sub company data any treatment.

Figure 7-11 QinQ typical application example

In order to solve this problem, we can imagine the company switches for each subsidiary company to create a different VLAN. So when the company is connected to the corresponding sub company switch port receives a data frame after the data frame outside, add a layer of VLAN tag (the data frame has two layers of the VLAN label., The original VLAN tag called the inner VLAN label, The newly added called outer VLAN label), As for the 1 subsidiary company and subsidiary data frames are respectively added 2 outer VLAN tag for the VLAN 10 and VLAN 20, This can be achieved in a corporation are from different subsidiary data distinguished, Can also provide different services on from the two sub company data, The difference in service.

In addition, based on the two layer of LAN interconnection mode of traditional 802.1Q protocol, when the two user network through the service provider (ISP) access each other (as in Metro Ethernet), ISP must create a different VLAN for each user access. One aspect of this configuration method so that the user's VLAN is visible in the backbone network, there are some security risks, at the same time, because the one one corresponding VLAN ID, also consume a lot of service provider's VLAN ID resources. This is unbearable for larger ISP, because only 4094 VLAN ID), when the number of users to access many may make the ISP network VLAN ID is not enough. In addition, the ordinary VLAN deployment mode, ISP access different cannot use the same VLAN ID, otherwise we cannot achieve isolation of different access between users, then only VLAN ID user unified planning by ISP, leads the user does not have its own planning VLAN rights.

Using the QinQ technology can effectively solve the above problem, because it can provide many different inner VLAN label users using the same outer VLAN tag package, the ISP VLAN ID resource. In addition, the outer VLAN label on the inner VLAN label shielding effect, enables the user to their inner VLAN ID deployment can be used by the users themselves, rather than by the ISP to the unified deployment.

The double-layer VLAN label can be used as a single VLAN tag, The only use of outer public VLAN tags NEW, The inner layer of private network VLAN can be used as a data transmission, This will be like later in this chapter 2 to 1 VLAN mapping; also can be used as the double-layer VLAN label to use (such as later in this chapter will introduce 2 to VLAN mapping in 2), The data frame in the VLAN tag, VLAN tag by double joint decision, Thus, Is equivalent to the number of VLAN ID can use up to 4094 x 4094., In order to achieve the purpose of extending the VLAN space. The double-layer VLAN label packaging such, can make the private VLAN ID in the public network transmission, which can solve the security problem of user VLAN ID and by the user's own planning private network VLAN ID demand, but also solve the problem of space VLAN ID ISP problem, because in ISP can be thought to visit the user configuration identical outer VLAN, only need to provide a VLAN ID for different VLAN from the same user network.

The 7.3.2 QinQ package and the end

QinQ is adding a layer of the new 802.1Q VLAN label head in the traditional 802.1Q based on VLAN tag, as shown in figure 7-12. Therefore, QinQ frame, 802.1Q frame than traditional multiple of four bytes, which is the new 802.1Q VLAN Tags.

Figure 7-12 the traditional 802.1Q frame and QinQ frame format

QinQ frame encapsulation is the data frame monolayer 802.1Q tags into data frame double-layer 802.1Q label. The packaging process occurs mainly in the metropolitan area network connecting the user side of the switch port. According to the VLAN tag package according to different, QinQ can be divided into "QinQ" and "flexible QinQ" two types. Details are as follows.

1 Basic QinQ package

"The basic QinQ package "is a port will enter all traffic encapsulates all the same outer VLAN label, is a QinQ package based on ports, also known as" QinQ two layer tunnel". Open the port of the basic QinQ functions, when the port receives data frame has a VLAN label, the data frame will be packaged into a double label frame; if the received data frame with no VLAN label, the data frame will be packaged into a layer of tagged frames with the default VLAN port the.

This can be seen from the above, the VLAN tag package of basic QinQ is not flexible enough, it is difficult to distinguish the different user service, because it to all the data frames in the same switch ports are the same outer VLAN label. But in need of more VLAN, can use the basic QinQ functions, which can reduce the VLAN ID demand, because all the data frames in the same port are encapsulated with an outer VLAN label.

As shown in Figure 7-13 network, the corporate sector 1 (Department1) has two offices, 2 (Department2) has three offices, two departments of the office of the commons are respectively connected with the PE1 network, PE2, sector 1 and sector 2 can plan their own VLAN. Thus, the following ideas to configure the QinQ layer two tunneling function in PE1 and PE2, so that each department each office network can be connected, but the two departments can't be shared.

L in the PE1, to enter the port Port1 and Port2 users (all belong to the sector 1) data frame encapsulation layer VLAN 10, to enter the user port Port3 (belonging to the Department 2) data frame encapsulation layer VLAN 20.

L in the PE2, to enter the port Port1 and Port2 users (all belong to the sector 2) data frame encapsulation layer VLAN 20.

L PE1 on port Port4 and PE2 on port Port3 allows users of VLAN 20 data frame through, in order to achieve connection department at PE1 Port3 2 user and connection department at PE2 Port1 and Port2 2 user communication.

The QinQ package is a plurality of inner VLAN label is equivalent to the VLAN label mapping similar users with an outer layer, to reduce the use of the ISP device VLAN ID.

Figure 7-13 QinQ typical application example

2 flexible QinQ package

"Flexible QinQ "is a more flexible on the QinQ, is based on the encapsulation and based on the combination of VLAN package. In addition to achieve all the basic function of QinQ, flexible QinQ for the same port receives data frames can also according to different inner VLAN label executive outer tag packaging different. It can be divided into the following three categories:

L flexible QinQ VLAN based on ID: it is based on the inner label different data frames in the VLAN ID to add different outer label. With the same inner tag frames to add the same outer VLAN label, with different inner tag frames with different outer VLAN label. This requires different users of the inner VLAN ID or VLAN ID ranges cannot overlap or cross. Huawei S series switch inS2700, S3700, S5700, S6700 only supports the VLAN ID QinQ function based on flexible.

L flexible QinQ 802.1p based on priority: it is based on the 802.1p priority inner label different data frames to add different outer label. With the same inner VLAN 802.1p priority frames to add the same outer tag, with different inner VLAN 802.1p priority frames with different outer label. This requires that the inner VLAN different users of the 802.1p priority or 802.1p priority range must not overlap or cross. 802.1p flexible priority QinQ in Huawei S series switch based onOnly S7700, S9300 and S9700 support.

L QinQ flow based on flexible strategy: it is based on the QoS strategies are defined for different data frames with different outer label. Flexible flow strategy based on QinQ is implemented based on the port and the VLAN combination, can provide different services according to the type of business. Current strategy of flexible QinQ in Huawei S series switch based onOnly S7700, S9300 and S9700 support.

The above three kinds of flexible configuration method of QinQ will be presented later in this chapter.

When the same business needs of different users use different VLAN ID, can be split according to the VLAN ID interval. Now suppose that PC VLAN ID is in the range of 101~200; IPTV VLAN ID range is 201~300; the big customer VLAN ID range is 301~400. User oriented port in the received user data according to the user's VLAN ID range, the PC Internet business package outer label 100, the IPTV package outer label 300, to the big customer packaging outer tab 500.

[Description] QinQ packaging in general switched port, but also can be in the routing sub interface (QinQ end can only be carried out in the routing sub interface). This kind of method can be used to transmit a plurality of user identification of VLAN ID by a sub interface, the interface is also called QinQ Stacking interface. This package is the QinQ package based on stream, but the QinQ Stacking sub interface only and L2VPN business together only then has the significance, layer three forwarding function not supported.

As shown in Figure 7-14 networks, business department 1 has more than one office, sector 2 also has a plurality of office. Department of 1 networks using VLAN 2~VLAN 500; 2 Department of network using VLAN 500~VLAN 4094. PE1 Port1 port will receive two departments and users of different VLAN data frame interval.

Figure 7-14 flexible QinQ typical application example

Then according to the diagram mark in the office of the user VLAN ID is in the range of PE1 and PE2 through the following ideas VLAN configuration of the flexible QinQ function based on each department, each office network can be connected, but the two departments can't be shared. The following configuration idea:

L for PE1 into the Port1 port of the user data frame, according to the VLAN ID different add the corresponding outer VLAN label. As VLAN ID in 2~500, then VLAN ID 10 outer packaging label; such as VLAN ID in 1000~2000, then VLAN ID 20 outer package label,

L for PE1 into the Port2 port of the user data frame, if the VLAN ID between 100~500, then encapsulated VLAN ID 10 outer label,

L for PE2 into the Port1 port frames of user data, such as VLAN ID in 1000~4094, then VLAN ID 20 outer package label,

L for PE2 into the Port2 port of the user data frame, if the VLAN ID between 500~2500, then encapsulated VLAN ID 20 outer label,

L PE1 and PE2 Port3 port allows the VLAN 20 frame through, in order to achieve the connection in the PE1 Port1 port connection department 2 users and is connected to the PE2 Port1 and Port2 users exchange 2.

As can be seen from the above, the flexible QinQ more flexible than the outer tag package of basic QinQ, which can determine the package different outer labels according to the original VLAN ID range of user data in the frame, which is more convenient to provide differentiated services for different user data flow in the same business network.

3. QinQ/End sub interface Dot1q

QinQ/The Dot1q end is the identification equipment for data frame double or single VLAN labels, according to the forwarding behavior of stripping on frame in double or single VLAN tags, and then continue to transmit. Are these VLAN tags only on this effect, data transmission and processing in the frame no longer basis behind these VLAN Tags.
[The essence of the wise remark of an experienced person] VLAN end includes two aspects:
L on the VLAN interface received, remove VLAN tags for layer three forwarding or other processing. Decided by the port types and data transmission rules is a VLAN label message forwarding out from other equipment interface.
L on the interface to send message, and the corresponding VLAN tag information added to send message after.

In the end the general implementation routing sub interface, namely the end sub interface, such as in our single arm routing is to configure the routing sub interface 802.1Q VLAN termination. If the routing sub interfaces for data frame of monolayer VLAN tag end, then the sub interface end sub interface for Dot1q; if the routing sub interfaces for data frame double-layer VLAN label end, then the sub interface end sub interface for QinQ. QinQ end sub interface according to the type of user VLAN tag end, usually divided into two seed interface:

L clear QinQ end sub interface: the two layers of the VLAN label for a fixed value.

L Fuzzy QinQ end sub interface: the two layers of the VLAN tag for the range of values, namely: the inner, outer end tag for a VLAN ID range value.
Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download

Posted by Wendy at December 09, 2013 - 6:54 PM