Home » Layer-2 Switching » Q-in-Q Tunneling

Q-in-Q Tunneling

Q-inQ Enables the Service Provider to carry and transport the customer VLANs across the provider switches. When the Service Provider carries VLANs from multiple customers across their network infrastructure, one of the potential problem can be that the customer VLAN number is already being used in the service network and it can  cause a conflict when forwarding traffic. The second issue can be that a particular VLAN is being used by multiple customers and that can cause a conflict as well causing the traffic to be forwarded to wrong destinations.  Using Q-in-Q the customer VLANs can be transported across the Service Provider network transparently without causing any conflict. Also, for the customers the service provider network will be totally transparent and the customers can run STP, VTP, CDP and other protocols seamlessly using the Layer-2 tunneling protocol. Layer-2 tunneling is different from Q-in-Q tunneling but it can be run along with Q-in-Q or even independently without Q-in-Q. Also L2T can be turned on per protocol basis.

Below is the digram which we will reference to learn more on how Q-inQ works.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

In this diagram, notice Customer A is sending VLANs 1 – 50 over the metro ethernet link to the Provider network, where it crosses the Provider network and is able to communicate on the other end with its remote switch. Similarly Customer-B is sending VLANs 1 -100 over its metro ethernet links. Both the customer traffic kept separate with the use of the Q-in-Q.
The Provider Switch Ports connecting to the customer switch are configured as not trunk and the customer switches are configured a trunk ports, this is reason why the provider end of the switch is called as an asymmetric port, the provider port is configured as a tunnel port and not a trunk port. Also make note that the Provider Switch Port connecting to customer-A switch Port is configured in VLAN 25, this is also called as the Metro Ethernet Tag. Similarly the Metro Ethernet Tag for Customer-B is VLAN 50. Customers build standard 802.1 Q trunk ports and the provider builds a tunnel port with the VLAN tag, So the customer traffic is identified with this additional Q tag. Notice that the Metro VLAN tag is same for each of the same customer’s location and it is different for each customer identifying each customer’s location. Provider Edge switches treat everything that comes in the tunnel port as untagged even if customer is sending tagged traffic and by default the Priority tag is set to 0.

Notice when 802.1Q trunks in Provider network are used, the native VLAN of these trunks cannot be the same as the native VLAN on any tunnel port to avoid double tagging of customer traffic.  Providers can use a native VLAN that is not being used by of the customers- can cause issues later when some new customer or existing customer changes their VLAN which can match this Native VLAN, so the other two choices in Provider network will be to either use ISL trunks (possible only if Provider has all Cisco switches) or go ahead and tag the native van on all provider edge switches with command: vlan dot1q tag native vlan.

Few Notes on Provider Tunnel Ports
1. Tunnel Ports cannot be routed
2. If SVI are used then only untagged frames (native vlan frames)  sent by the customer will be routed.
3. Tunnel Ports do not support IP ACLs
4. Tunnel Ports do not support DTP.

Note: When using Q-in -Q increase the MTU on the frames, because of the addition of a new tag the ethernet frame size increases, so its recommended to increase the MTU of the ethernet frames.


Q-in-Q  Tunneling and L2TP Configuration.
Below is the Diagram we will utilize to configure a very simple Q-in-Q sample network.

Description C1-SW1 C1-SW2
Configuration of Customer Ports Connecting to Provider Edge Switches interface GigabitEthernet0/1
description To-Provider
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
end
interface GigabitEthernet0/1
description To-Provider
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
end
Customer Vlans VLANs 10,11,12,13,14,15,16 VLANs 10,11,12,13,14,15,16
Customer SVIs interface Vlan10
ip address 10.100.100.1 255.255.255.0
interface Vlan10
ip address 10.100.100.2 255.255.255.0
P1-SW1 P1-SW2
Trunk Ports between Provider Switches interface GigabitEthernet0/48
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
interface GigabitEthernet0/48
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
Only Vlan on trunk Vlan 15 Vlan 15
Q-in-Q and L2TP configuration of Provider Edge switches interface GigabitEthernet0/1
description To-Cust1
switchport access vlan 15
switchport mode dot1q-tunnel
l2protocol-tunnel cdp
l2protocol-tunnel stp
l2protocol-tunnel vtp
no cdp enable
interface GigabitEthernet0/1
description To-Cust1
switchport access vlan 15
switchport mode dot1q-tunnel
l2protocol-tunnel cdp
l2protocol-tunnel stp
l2protocol-tunnel vtp
no cdp enable

Incoming search terms for the article:

Leave a Reply