What Is 802.1Q-in-802.1Q (QinQ)?

Why Do We Need QinQ?

IEEE 802.1Q defines a 12-bit VLAN ID field and can identify only 4096 VLANs. With the growth of networks, this limitation has become more acute. IEEE 802.1ad, as an amendment to IEEE 802.1Q, adds an additional 802.1Q tag (also known as a VLAN tag) to single-tagged 802.1Q packets, expanding VLAN space to 4094 x 4094. Such double-tagged packets are called QinQ packets.

As Ethernet networks develop and carriers need to refine their service operations, QinQ is applied in scenarios other than simply to expand VLAN space. Inner and outer VLAN tags can be used to differentiate packets based on users and services. For example, the inner tag can represent a user and the outer tag can represent a service. In addition, QinQ can provide simple VPNs because the inner tag of QinQ packets can be transparently transmitted over a carrier network.

In summary, QinQ is developed to expand VLAN space and allow refined service management.

What Are Application Scenarios of QinQ?

On an enterprise network, outer VLAN tags can be added to packets based on their service type. For example, in the following figure, PC, VoIP, and IPTV users belong to different VLANs. Different outer VLAN tags are added to the packets they send for Internet access.

• Packets from PC users: have an inner VLAN tag with VLAN ID 101 and an outer VLAN tag with VLAN ID 1001.
• Packets from VoIP users: have an inner VLAN tag with VLAN ID 301 and an outer VLAN tag with VLAN ID 2001.
• Packets from IPTV users: have an inner VLAN tag with VLAN ID 501 and an outer VLAN tag with VLAN ID 3001.

Adding different inner VLAN tags can help differentiate packets from different departments. In addition, packets from different departments can be added with the same outer VLAN tag to save VLANs on the carrier's public network. In the following figure, users in different departments need to communicate with each other across the carrier network. To save VLANs on the carrier network, all packets traveling on the carrier network are added with the same outer VLAN tag, that is, VLAN tag with VLAN ID 3.

What Is the QinQ Packet Format?

A QinQ packet has a fixed format, in which a second 802.1Q tag is inserted in front of the first tag of the single-tagged 802.1Q packet. As such, a QinQ packet has 4 more bytes than a single-tagged 802.1Q packet. This additional 4-byte tag is used as the outer tag, that is, the public VLAN tag of a carrier network. The original 802.1Q tag is used as the inner tag, that is, the private VLAN tag. The following figure shows the encapsulation format of a QinQ packet.

According to the comparison between a 802.1Q packet and a QinQ packet in the following figure, the QinQ packet has an additional 802.1Q tag.

How Can QinQ Be Used?

According to the modes in which packets are identified and the positions where outer VLAN tags are added, QinQ can be implemented in the following two modes:

• Interface-based QinQ encapsulation

  This encapsulation mode is also called basic QinQ or QinQ tunneling. It encapsulates packets arriving at an interface with the same outer VLAN tag.

• Flow-based QinQ encapsulation

  This encapsulation mode is also called selective QinQ. It classifies packets arriving at an interface into different flows based on specific rules, and then determines the outer VLAN tags to add based on the packet type.

  Assume that an enterprise uses different VLANs to identify services. Selective QinQ can be used to classify service packets based on their VLAN ID. For example, VLANs 101 to 200 are allocated for Internet access PC users, VLANs 201 to 300 for IPTV users, and VLANs 301 to 400 for VIP users. After receiving service packets, a device adds outer tag with VLAN ID 100 to packets from PC users, outer tag with VLAN ID 300 to packets from IPTV users, and outer tag with VLAN ID 500 to packets from VIP users.

  Selective QinQ classifies packets in the following ways:

  • Adds outer VLAN tags based on inner VLAN IDs.
  • Adds outer VLAN tags based on 802.1p priorities in inner VLAN tags.
  • Adds outer VLAN tags based on traffic policies so that differentiated services can be provided based on service types.

How Does QinQ Work?

On a typical QinQ network, there are two key device roles: customer edge (CE) and provider edge (PE). A CE is connected to users and adds inner VLAN tags to user packets, whereas a PE is connected downstream to a CE and adds outer VLAN tags to packets received from the CE.

In the following figure, departments A and B are located in different offices and use VLANs 10 and 20, respectively. They communicate with each other across the carrier network using the public VLAN 3. When a user connected to CE1 sends a packet to a user connected to CE3:

1. CE1 adds a tag with VLAN ID 10 to the packet received from its connected user.
2. After receiving the single-tagged packet from CE1, PE1 adds an additional VLAN tag with VLAN ID 3 to the packet.
3. PE1 sends the double-tagged packet (whose inner VLAN tag has a VLAN ID of 10 and outer VLAN tag has a VLAN ID of 3) to PE2.
4. After receiving the packet, PE2 removes the outer VLAN tag with VLAN ID 3 from the packet and then sends the packet with only the inner VLAN tag to CE3.
5. After receiving the single-tagged packet, CE3 removes the remaining VLAN tag and then sends it to the destination user.

When a user connected to CE3 needs to communicate with a user connected to CE1, the same process is implemented in reverse.

What Are Technologies Related to QinQ?