In service provider networks, Ethernet technology is taking over ATM technology, and the demand of VLANs is increasing by the increase of the service provider customer being served.
The VLAN-ID field is 12-bits offering 4095 VLANs, which will eventually be exhausted by the increase of the customers.
Q-in-Q offers a solution to overcome the VLANs exhaustion and extend the VLAN range by allowing two VLAN-IDs in the Ethernet frame, where the inner VLAN tag [C-Tag] is the tag for each customer, and the outer VLAN tag [S-Tag] is the service provider tag.
When would we need to use Q-in-Q ?
Have a look at the below topology:
Assume that we have two customers connected the service provider aggregation switches as shown above.
Without using Q-in-Q, you will assign one unique VLAN for each customer branch. The VLAN shortage appears when you hit the switch limitation of the maximum VLAN number you can use and this value differs from one switch to the other.
What you can do is, assign one unique S-Tag for each customer, and for each branch assign a C-Tag.
The aggregation switches will only need to know the S-Tags, as it checks the outer VLAN [S-Tag] only when it receives the frame, and it has no idea what is the value of the inner VLAN [C-Tag], this means that for different customers you can use the same C-Tags. By this the service provider can maximize the number of customer they can serve per aggregation switch [4095 S-tags x 4095 C-tags].
The most common services for service providers are L3VPNs and L2VPNs, Now lets see how Q-in-Q behaves with both of them ?
1st, L3VPN:
– The CE-1 sends the packets with double tags to the PE-1.
– At PE-1 the L2 header information is stripped off, then the IP packets are MPLS-switched through the network.
– AT PE-2 L2 header is attached once more and packets are sent to CE-2
2nd, L2VPN:
i. In case of VLAN interworking, AKA VC-type (4 – VLAN)
– CE-1 sends the packets with double tags to the PE-1.
– PE-1 drops the S-Tag and forwards the packet through the Pseudo-wire with only the C-Tag.
– PE-2 rewrites the received C-Tag [100] to be [200] and forwards the packets to CE-2.
ii. In case of Ethernet Interworking, AKA VC-type (5 – Ethernet)
– CE-1 sends the packets with double tags to the PE-1.
– PE-1 drops both S-Tag and C-Tag but retains the Ethernet frame and forwards the untagged
Ethernet frame through the Pseudo-wire.
– PE-2 attaches the VLAN [200] and forwards the packet to CE-2.
The configuration need to implement is straight forward as below
For L3VPNs
interface GigabitEthernet0/0/4.501
encapsulation dot1Q 501 second-dot1q 100
ip vrf forwarding Cust_A
ip address 172.27.3.1 255.255.255.252
end
For L2VPNs
interface GigabitEthernet0/0/4.501
encapsulation dot1Q 501 second-dot1q 100
xconnect 1.1.1.1 7501 encapsulation mpls pw-class l2vpn-ethernet
end
Keep in mind that the VLANs doesn’t have to match on both CEs in either cases [L2VPNs/L3VPNS] as the PE handles the modification of the VLAN information in the L2 headers.
This was a quick overview about Q-in-Q and how it behaves in a service provider network.
HTH
Abdullah Medhat