What Is 802.1Q-in-802.1Q (QinQ)?
802.1Q-in-802.1Q (QinQ), defined by IEEE 802.1ad, expands VLAN space by adding an additional 802.1Q tag to 802.1Q-tagged packets. It is also called VLAN stacking or double VLAN. QinQ is widely used on carriers' backbone networks. By encapsulating the VLAN tag of a private network in the VLAN tag of a public network, QinQ enables packets with double VLAN tags to traverse the backbone network (public network) of a carrier, so as to expand VLAN space and implement refined user management.
Why Do We Need QinQ?
IEEE 802.1Q defines a 12-bit VLAN ID field and can identify only 4096 VLANs. With the growth of networks, this limitation has become more acute. IEEE 802.1ad, as an amendment to IEEE 802.1Q, adds an additional 802.1Q tag (also known as a VLAN tag) to single-tagged 802.1Q packets, expanding VLAN space to 4094 x 4094. Such double-tagged packets are called QinQ packets.
As Ethernet networks develop and carriers need to refine their service operations, QinQ is applied in scenarios other than simply to expand VLAN space. Inner and outer VLAN tags can be used to differentiate packets based on users and services. For example, the inner tag can represent a user and the outer tag can represent a service. In addition, QinQ can provide simple VPNs because the inner tag of QinQ packets can be transparently transmitted over a carrier network.
In summary, QinQ is developed to expand VLAN space and allow refined service management.
What Are Application Scenarios of QinQ?
On an enterprise network, outer VLAN tags can be added to packets based on their service type. For example, in the following figure, PC, VoIP, and IPTV users belong to different VLANs. Different outer VLAN tags are added to the packets they send for Internet access.
- Packets from PC users: have an inner VLAN tag with VLAN ID 101 and an outer VLAN tag with VLAN ID 1001.
- Packets from VoIP users: have an inner VLAN tag with VLAN ID 301 and an outer VLAN tag with VLAN ID 2001.
- Packets from IPTV users: have an inner VLAN tag with VLAN ID 501 and an outer VLAN tag with VLAN ID 3001.
Adding different VLAN tags to packets of different services
Adding different inner VLAN tags can help differentiate packets from different departments. In addition, packets from different departments can be added with the same outer VLAN tag to save VLANs on the carrier's public network. In the following figure, users in different departments need to communicate with each other across the carrier network. To save VLANs on the carrier network, all packets traveling on the carrier network are added with the same outer VLAN tag, that is, VLAN tag with VLAN ID 3.
Adding the same outer VLAN tag to packets from different departments
What Is the QinQ Packet Format?
A QinQ packet has a fixed format, in which a second 802.1Q tag is inserted in front of the first tag of the single-tagged 802.1Q packet. As such, a QinQ packet has 4 more bytes than a single-tagged 802.1Q packet. This additional 4-byte tag is used as the outer tag, that is, the public VLAN tag of a carrier network. The original 802.1Q tag is used as the inner tag, that is, the private VLAN tag. The following figure shows the encapsulation format of a QinQ packet.
QinQ packet encapsulation format
According to the comparison between a 802.1Q packet and a QinQ packet in the following figure, the QinQ packet has an additional 802.1Q tag.
Comparison between a 802.1Q packet and a QinQ packet
How Can QinQ Be Used?
According to the modes in which packets are identified and the positions where outer VLAN tags are added, QinQ can be implemented in the following two modes:
- Interface-based QinQ encapsulation
This encapsulation mode is also called basic QinQ or QinQ tunneling. It encapsulates packets arriving at an interface with the same outer VLAN tag.
- Flow-based QinQ encapsulation
This encapsulation mode is also called selective QinQ. It classifies packets arriving at an interface into different flows based on specific rules, and then determines the outer VLAN tags to add based on the packet type.
Assume that an enterprise uses different VLANs to identify services. Selective QinQ can be used to classify service packets based on their VLAN ID. For example, VLANs 101 to 200 are allocated for Internet access PC users, VLANs 201 to 300 for IPTV users, and VLANs 301 to 400 for VIP users. After receiving service packets, a device adds outer tag with VLAN ID 100 to packets from PC users, outer tag with VLAN ID 300 to packets from IPTV users, and outer tag with VLAN ID 500 to packets from VIP users.
Selective QinQ classifies packets in the following ways:
- Adds outer VLAN tags based on inner VLAN IDs.
- Adds outer VLAN tags based on 802.1p priorities in inner VLAN tags.
- Adds outer VLAN tags based on traffic policies so that differentiated services can be provided based on service types.
How Does QinQ Work?
On a typical QinQ network, there are two key device roles: customer edge (CE) and provider edge (PE). A CE is connected to users and adds inner VLAN tags to user packets, whereas a PE is connected downstream to a CE and adds outer VLAN tags to packets received from the CE.
In the following figure, departments A and B are located in different offices and use VLANs 10 and 20, respectively. They communicate with each other across the carrier network using the public VLAN 3. When a user connected to CE1 sends a packet to a user connected to CE3:
- CE1 adds a tag with VLAN ID 10 to the packet received from its connected user.
- After receiving the single-tagged packet from CE1, PE1 adds an additional VLAN tag with VLAN ID 3 to the packet.
- PE1 sends the double-tagged packet (whose inner VLAN tag has a VLAN ID of 10 and outer VLAN tag has a VLAN ID of 3) to PE2.
- After receiving the packet, PE2 removes the outer VLAN tag with VLAN ID 3 from the packet and then sends the packet with only the inner VLAN tag to CE3.
- After receiving the single-tagged packet, CE3 removes the remaining VLAN tag and then sends it to the destination user.
When a user connected to CE3 needs to communicate with a user connected to CE1, the same process is implemented in reverse.
Adding and removing QinQ tags
What Are Technologies Related to QinQ?
As described above, QinQ technology connects two Layer 2 networks in the same VLAN through a backbone network. It, however, requires an extra packet overhead, that is, an additional VLAN tag. VLAN mapping can achieve the same goal without adding an extra VLAN tag.
When VLAN-tagged packets from a user network arrive at a backbone network, an edge device on the backbone network changes the customer VLAN (C-VLAN) ID to the service provider VLAN (S-VLAN) ID that can be identified and carried by the backbone network. After the packets arrive at the edge device connected to the destination user network, the edge device retrieves the C-VLAN ID to ensure seamless interworking between the two user networks.
If VLAN IDs on two directly connected Layer 2 networks are different due to different VLAN plans, you can configure VLAN mapping on the devices connecting the two networks to map VLAN IDs on the two networks. This means the two networks can be managed as a single Layer 2 network, while it helps implement Layer 2 user communication and unified deployment of Layer 2 protocols. For details about VLAN mapping, see VLAN Mapping Configuration (S Series Switch).
Virtual eXtensible Local Area Network (VXLAN) is a network virtualization technology that extends VLANs. As a Network Virtualization over Layer 3 (NVO3) technology, VXLAN is essentially a VPN technology and can be used to build a Layer 2 virtual network over any networks with reachable routes. VXLAN uses VXLAN gateways to implement communication within a VXLAN network and communication between a VXLAN network and a non-VXLAN network. VXLAN uses a VXLAN Network Identifier (VNI) field similar to the VLAN ID field. The VNI field has 24 bits and can identify up to 16M VXLAN segments, effectively isolating massive tenants in cloud computing scenarios. For details about VXLAN, see VXLAN Mapping Configuration (S Series Switch).
- Author： Gu Suqin
- Updated on： 2022-05-07
- Views： 20079
- Average rating：