(+48) 12 294 00 01
registration of the project
our brands
salumanus plus
PL
EN
Knowledge Zone
VLAN in the operator's network — QinQ

VLAN in the operator's network — QinQ

In large networks, when communication between users on local networks is carried out by the network of the data service provider, QinQ technology, sometimes called operator VLAN, is used.

The basics of this technology are developed in the standard 802.1ad. QinQ technology is also referred to as 802.1Q (dot1q) tunneling or VLAN Stacking.
QinQ is a mechanism that allows the switch to support double-tagged frames 802.1Q VLAN. Adding a second tag to ethernet frame introduces an additional level of management, allowing the creation of several independent virtual networks within a single master network.

An additional tag is placed between MAC source address and the first tag. To distinguish tags, the terms “internal tag” and “external tag” are used. An additional, external tag is often referred to as Service VLAN Tag (S-VLAN), while the internal - Customer VLAN Tag (C-VLAN).

S-VLAN tag is added by the operator at the edge of the network to client frames (already containing the C-VLAN tag), coming to the operator's network. The S-VLAN tag is removed from these frames again at the edge of the operator network when the frames leave the operator network to the client network.

In the operator's network C-VLAN tag is invisible to the operator (so C-VLAN numbers may overlap), while the S-VLAN tag within the operator's network is unique to each client. Such a division ensures the separation of the traffic of individual customers.

In the figure, we have two clients: A and B. Both use VLAN 25 to transfer data between locations 1 and 2. Without QinQ, traffic from VLAN 25 of client A and VLAN 25 of client B will not be separated from each other. In order to separate the traffic, an external S-VLAN tag with ID 10 for client A and an S-VLAN tag with ID 20 for client B.

The transmitted traffic is double tagged within the operator's network between edge devices ES1 and ES2. At the exit to the client switches, external tags are removed.

The above configuration is the so-called basic QinQ, using trunk ports (switchport mode trunk) on interfaces between the locations of clients A and B and the operator, as well as within the operator's network between its edge devices. A variation of the QinQ mechanism is the so-called selective QinQ, which allows specific client VLANs to be tagged with different external tags on a single port of the operator's edge switch.

The selective QinQ configuration requires defining the edge port between the client and the operator in hybrid mode (switchport mode hybrid) and specifying the specific S-VLANs and C-VLANs tunneled on this port (s-vlan 200 c-vlan 100, s-vlan 250 c-vlan 150). In the manner described above, the QinQ mechanism implements simple point-to-point tunnel L2 for users.

With QinQ Network service providers can separate customer traffic in their own network, creating dedicated VLANs for them, without having to interfere with the configuration of VLANs client-side (e.g., multiple clients can use the same VLAN IDs on their own networks).

The functionality is available on professional network switches many leading manufacturers of network equipment.