Shulou(Shulou.com)06/02 Report--

The following content is extracted from the book "Huawei switch Learning Guide" (nearly 1000 pages), which is being pre-sold by Dangdang, Jingdong, Zhuoyue and Interactive Publishing Network. This book is officially authorized by Huawei, the first and only authoritative learning guide for Huawei switches in China, and it is the designated textbook for Huawei ICT certification training. Dangdang link: http://product.dangdang.com/23372225.html

Jingdong link: http://item.jd.com/11355972.html preeminent link: http://www.amazon.cn/dp/B00GT743ME/ref=sr_1_1

Link on the Interactive Publishing Network: http://product.china-pub.com/3768908#ml

There is a grand prize for booking. For more information: http://winda.blog.51cto.com/55153/1325503

7.3.1 background of the birth of QinQ Technology

QinQ was originally produced to expand the VLAN ID space, but with the development of Metro Ethernet and the requirements of meticulous operation of operators, QinQ double-layer tags have a further use scene. Its inner and outer tags can represent different information, such as the inner tag represents the user and the outer tag represents the business. In addition, the QinQ data frame traverses the operator network with two layers of tags, and the inner layer tags are transmitted transparently, which can also be regarded as a simple and practical technology. Therefore, it can be used as an extension of the core MPLS × × × in metro Ethernet × × ×, and finally form an end-to-end × × × technology. Because QinQ is easy to use, it has been widely used in various operators, such as QinQ technology in metro Ethernet solutions combined with a variety of services. In particular, the emergence of flexible QinQ (Selective QinQ/VLAN Stacking) makes QinQ services more respected and favored by operators.

We know that a VLAN tag in a normal VLAN is used to distinguish users, but what if you want to distinguish between users and business types at the same time? As shown in figure 7-11, there are two branch subsidiaries connected under a head office, and the employees of different departments have been distinguished by VLAN in each branch subsidiary, but the departmental VLAN ID plans of the two subsidiaries overlap. In this way, if only one layer of VLAN tag is used in the data frame, the head office will not be able to distinguish which subsidiary the data comes from, and it will not be able to deal with the data of different subsidiaries.

Figure 7-11 typical application example of QinQ

To solve this problem, we can imagine creating different VLAN for each subsidiary on the switch of the head office. In this way, when the switch port of the head office connecting the corresponding subsidiary receives the data frame, then add a layer of VLAN tags on the outside of the data frame (at this time, there are two layers of VLAN tags in the data frame, the original VLAN tag is called the inner VLAN tag, and the newly added one is called the outer VLAN tag). For example, the outer VLAN tags added to the data frames of subsidiary 1 and subsidiary 2 are VLAN 10 and VLAN 20, respectively. In this way, we can distinguish the data from different subsidiaries in the head office, and also provide different services for the data from the two subsidiaries, that is, differential services.

In addition, in the layer 2 LAN interconnection mode based on the traditional 802.1Q protocol, when two user networks need to access each other through a service provider (ISP) (such as in Metro Ethernet), ISP must create a different VLAN for each access user. On the one hand, this configuration method makes the user's VLAN visible on the backbone network, which has certain security risks, at the same time, because of the one-to-one corresponding VLAN ID, it also consumes a lot of VLAN ID resources of service providers. This is unbearable for larger ISP, because there are only 4094 VLAN ID available), when the number of connected users is large, the VLAN ID of the ISP network may not be enough. In addition, under this ordinary VLAN deployment mode, different ISP access users cannot use the same VLAN ID, otherwise the isolation between different access users cannot be achieved. In this case, the VLAN ID of users can only be uniformly planned by ISP, resulting in users having no right to plan their own VLAN.

The above problems can be effectively solved by QinQ technology, because it can encapsulate many different inner VLAN tag users with the same outer VLAN tag, which solves the problem of insufficient VLAN ID resources in ISP. In addition, through the shielding effect of the outer VLAN tag on the inner VLAN tag, the user's own inner VLAN ID deployment can be decided by the user, instead of being uniformly deployed by ISP.

This double-layer VLAN tag can be used as a single-layer VLAN tag, that is, only the newly added outer public network VLAN tag is used, and the inner private network VLAN can be transmitted as data, as in the 2 to 1 VLAN mapping that will be introduced later in this chapter. Of course, it can also be used as a double-layer VLAN tag (such as in the VLAN mapping of 2 to 2 introduced later in this chapter). The VLAN tag in the entire data frame is determined by the inner and outer double-layer VLAN tags, so that the number of VLAN ID that can be used has reached 4094 × 4094, so as to expand the VLAN space. Through such double-layer VLAN tag encapsulation, private VLAN ID can be transmitted transparently on the public network, which not only solves the security problem of user VLAN ID and the requirement of planning private network VLAN ID by users themselves, but also solves the problem of insufficient VLAN ID space of ISP, because in ISP, users who need to access each other can be configured with the same outer VLAN, and only need to provide a VLAN ID for different VLAN from the same user network. 7.3.2 QinQ encapsulation and termination

QinQ adds a new layer of 802.1Q VLAN tag header to the traditional 802.1Q VLAN tag header, as shown in figure 7-12. Thus, the QinQ frame has four more bytes than the traditional 802.1Q frame, that is, the new 802.1Q VLAN tag.

Figure 7-12 comparison of traditional 802.1Q frame format and QinQ frame format

The process of QinQ frame encapsulation is to convert the data frame of single-layer 802.1Q tag into the data frame of double-layer 802.1Q tag. The encapsulation process mainly takes place on the switch port that connects the users on the side of the metro network. According to different VLAN tag packaging basis, QinQ can be divided into two types: "basic QinQ" and "flexible QinQ". The details are as follows.

1. Basic QinQ encapsulation

Basic QinQ encapsulation, which encapsulates all traffic entering a port with the same outer VLAN tag, is a port-based QinQ encapsulation method, also known as "QinQ layer 2 tunnel". After the basic QinQ function of the port is turned on, when the port receives a data frame with a VLAN tag, the data frame will be encapsulated into a frame with a double label; if the data frame received is a data frame without a VLAN tag, the data frame will be encapsulated into a frame with a layer tag of the port default VLAN.

As can be seen from the above introduction, the VLAN tag encapsulation of the basic QinQ is not flexible enough to effectively distinguish different user services, because it encapsulates the same outer VLAN tag for all data frames entering the same switch port. However, when you need more VLAN, you can use this basic QinQ feature, which reduces the need for VLAN ID, because all data frames entering the same port encapsulate the same outer VLAN tag.

As shown in the network shown in figure 7-13, Enterprise Department 1 (Department1) has two offices, Department 2 (Department2) has three offices, each of the two departments is connected to PE1 and PE2 in the network, and Department 1 and Department 2 can plan their own VLAN at will. In this way, the QinQ layer 2 tunnel function can be configured on PE1 and PE2 through the following ideas, so that the office networks of each department can communicate with each other, but not between the two departments.

L on PE1, outer VLAN 10 is encapsulated for users entering port Port1 and Port2 (both belonging to department 1), and outer VLAN 20 is encapsulated for user data frames entering port Port3 (belonging to department 2).

L on PE2, the outer VLAN 20 is encapsulated for users (both belonging to department 2) entering the ports Port1 and Port2.

Port Port4 on PE1 and port Port3 on PE2 allow user data frames of VLAN 20 to pass through, so that users of department 2 connected to the Port3 of PE1 and users of department 2 connected on Port1 and Port2 of PE2 can be interconnected.

This basic QinQ encapsulation is equivalent to mapping multiple inner VLAN tags of similar users with an outer VLAN tag to reduce the use of VLAN ID on the ISP side.

Figure 7-13 typical application example of basic QinQ

two。 Flexible QinQ package

"flexible QinQ" is a more flexible implementation of QinQ, which is a combination of port encapsulation and VLAN encapsulation. In addition to realizing all the functions of basic QinQ, flexible QinQ can also perform different outer tag encapsulation for data frames received by the same port according to different inner VLAN tags. It can be divided into the following three subcategories:

Flexible QinQ based on VLAN ID: it adds different outer tags based on the VLAN ID of different inner tags in the data frame. That is, frames with the same inner tag add the same outer VLAN tag, while frames with different inner tag add different outer VLAN tag. This requires that the inner VLAN ID or VLAN ID ranges of different users must not overlap or intersect. The S2700, S3700, S5700, and S6700 switches in Huawei S-Series only support flexible QinQ functions based on VLAN ID.

Flexible QinQ based on 802.1p priority: it adds different outer tags based on the 802.1p priority of different inner tags in the data frame. That is, frames with the same inner VLAN 802.1p priority add the same outer label, while frames with different inner VLAN 802.1p priorities add different outer tags. This requires that the 802.1p priority or 802.1p priority ranges of the inner VLAN of different users must not overlap or cross. Flexible QinQ based on 802.1p priority is supported only in the S7700, S9300, and S9700 series of Huawei small Business switches.

Flexible QinQ based on flow policy: it adds different outer tags to different data frames according to the defined QoS policy. Flexible QinQ based on flow strategy is implemented based on the combination of port and VLAN, which can provide differential services according to business types. Flexible QinQ based on flow policy is only supported in the S7700, S9300 and S9700 series of Huawei small Business switches.

The above three flexible QinQ configuration methods are described in detail later in this chapter.

When different services of the same user need to use different VLAN ID, it can be diverted according to the VLAN ID interval. Now assume that the VLAN ID range of PC is 101: 200; the VLAN ID range of IPTVs is 2011300; the VLAN ID range of major customers is 301 / 400. After receiving the user data, the user-oriented port encapsulates the upper outer label 100 for PC Internet service, 300 for IPTV and 500 for major customers according to the user's VLAN ID range.

[description] QinQ encapsulation is generally performed on switched ports, but it can also be done on routing subinterfaces (QinQ termination can only be done on routing subinterfaces). This method can pass through multiple VLAN ID that identify the user through a subinterface, which is also called QinQ setting subinterface. This encapsulation method is also a stream-based QinQ encapsulation method, but the QinQ setting sub-interface can only be combined with L2 × × × business to make sense, and does not support layer 3 forwarding.

In the network shown in figure 7-14, department 1 of the enterprise has multiple offices, and department 2 also has multiple offices. VLAN 2~VLAN 500 is used in the network of department 1 and VLAN 500~VLAN 4094 is used in the network of department 2. The Port1 port of PE1 receives user data frames from different VLAN intervals of two departments at the same time.

Figure 7-14 typical examples of flexible QinQ applications

At this time, according to the user VLAN ID range of each office identified in the figure, the flexible QinQ function based on VLAN can be configured on PE1 and PE2 through the following ideas, so that the office networks of each department can communicate with each other, but not between the two departments. The specific configuration ideas are as follows:

For the user data frame entering the Port1 port of PE1, add the corresponding outer VLAN tag according to the difference of its VLAN ID. If the VLAN ID is between 2 and 500, the outer label with VLAN ID 10 is encapsulated; if the VLAN ID is between 1000 and 2000, the outer tag with VLAN ID 20 is encapsulated

For user data frames entering the Port2 port of PE1, if the VLAN ID is between 100mm 500, the outer label with a VLAN ID of 10 is encapsulated.

For user data frames entering the Port1 port of PE2, if the VLAN ID is between 1000 and 4094, the outer label with a VLAN ID of 20 is encapsulated.

For user data frames entering the Port2 port of PE2, if the VLAN ID is between 500 and 2500, the outer label with VLAN ID of 20 is encapsulated.

Allow frames of VLAN 20 to pass on the Port3 ports of PE1 and PE2, so as to achieve interworking between department 2 users connected under the Port1 port of PE1 and department 2 users connected to Port1 and Port2 of PE2.

As can be seen from the above, flexible QinQ is more flexible than the outer label encapsulation of basic QinQ, and different outer tags can be encapsulated according to the original VLAN ID range in user data frames, which makes it more convenient to provide differential services for user data streams of different services in the same network.

3. QinQ/Dot1q terminal subinterface

QinQ/Dot1q termination means that the device identifies the double-layer or single-layer VLAN tag of the data frame, strips the double-layer or single-layer VLAN tag in the frame according to the subsequent forwarding behavior, and then continues to transmit. That is, these VLAN tags only take effect before that, and the subsequent data transmission and processing is no longer based on these VLAN tags in the frame.

[experience] the essence of VLAN termination includes two aspects:

For the VLAN messages received by the interface, remove the VLAN tag and then perform layer 3 forwarding or other processing. Whether the message forwarded from other interfaces of the device has a VLAN tag or not is determined by the corresponding port type and its data transmission rules.

L for the message sent by the interface, the corresponding VLAN tag information is added to the message and then sent.

Termination is generally performed on the routing subinterface, that is, the termination subinterface, such as the VLAN termination of 802.1Q of the routing subinterface that we have to configure in the one-arm routing. If a routing subinterface terminates a single-layer VLAN tag on a data frame, it is called a Dot1q termination subinterface; if a routing subinterface terminates a double-layer VLAN tag on a data frame, it is called a QinQ termination subinterface. QinQ termination subinterfaces are usually divided into two subinterfaces according to the type of terminated user VLAN tags:

Explicit QinQ termination subinterface: two layers of VLAN tags are fixed values.

Fuzzy QinQ termination subinterface: two layers of VLAN tags are range values, that is, the inner and outer tags of the termination are both a VLAN ID range value.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.