Monday, September 15, 2014

802.1ad interfaces IOS-XR

In this post we will look at a simple QinQ tagged (  ether.type == 88a8 interface ) on ASR IOS-XR.

QinQ has been a favorite with ServiceProviders for at least a decade now. It's becoming a more and more available function & within the SP and Enterprise communities and routers and with a few firewalls.

Here's a simple QinQ interfaces running on a IOS-XR ASR9010

1st the  interface cfg;
( very simple we define the outer-tag aka client-vlanid and the inner-tag  )
  • outer vlan = 33
  • inner vlan = 1000

note: yes,  this is very simple to configure


And here's a dump of an ARP  packet from that interface;





note: notice the frame.type = 0x88a8 which is the default for QinQ tagged


QinQ tagging has also been called;
  •    dot1q-tunneling
  •    double-tagging
  •    stacked vlans
  •    IEEE 802.1ad
  •    0x88a8 frame-type
  •    provider bridging

Having the ability to terminate 802.1ad natively on a interface allows for greater and simplex operations. Take the following example of a MetroE SP gateway device.


Each of these 4 routers are using the same customer-vlan id#33 and have subinterface that carries via 802.1q a unique vlan id between the pair. From a service provider perspective =, vlans 999/1000 are not seen within it's vlan topology. QnQ reduce the name to carry cliest vlanids, reduce the number of STP instance, and allows for various customers to carry the same vlanids thru a single provider plane.

All customer-vlans are unique per each customer. So Theoretical speaking, you can have 4K unique customer vlans  depending on if your hardware could actually support 4K+ vlans.

NOTE:  The same applies for the customer interface and sub-interfaces. A pair of the above routers could have  4K+ sub-interfaces from  vlan# 1-4094. With QinQ  trunking you can carry any of  the 4000+ vlans with as long as it's not the SP customer-vlan. Any traffic not 802.1q tagged would be carried natively


Keep in mind with QnQ tagging,  the provider cloud must support a MTU greater than the standard 1514/1518 to allow for the 12 addition bits of extra 802.1q information for the outer vlan-tag

Ken Felix
NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com

     ^     ^
=(  #   #  )=
         o 
        /  \

No comments:

Post a Comment