CANOGA PERKINS 9175 Configuration Guide User Manual
Page 66
CanogaOS Configuration Guide
10-1
10 Configuring 802.1q tunneling and Layer2 protocol
Tunneling
Tunneling is a feature designed for service providers who carry traffic of multiple
customers across their networks and are required to maintian the VLAN and Layer2
protocol configurations of each customer without impacting the traffic of other customers.
This chapter will describe how to configure 802.1q tunneling and Layer2 protocol
tunneling, as well as VLAN mapping (VLAN-ID translation).
10.1 Understanding 802.1q tunneling
Service-provider business customers often have specific requirements for VLAN IDs and
the number of VLANs to be supported. The VLAN ranges required by different customers
in the same service-provider network might overlap, and traffic of customers through the
infrastructure might be mixed. Assigning a unique range of VLAN IDs to each customer
would restrict customer configurations and could easily exceed the VLAN limit (4096) of
the 802.1Q specification.
Using the 802.1Q tunneling feature, service providers can use a single VLAN to support
customers who have multiple VLANs. Customer VLAN IDs are preserved, and traffic
from different customers is segregated within the service-provider infrastructure, even
when they appear to be on the same VLAN. Using 802.1Q tunneling expands VLAN
space by using a VLAN-in-VLAN hierarchy and tagging the tagged packets. A port
configured to support 802.1Q tunneling is called a tunnel port. When you configure
tunneling, you assign a tunnel port to this port’s native VLAN that is dedicated to
tunneling. Each customer requires a separate service-provider VLAN ID, but that VLAN
ID supports all of the customer’s VLANs.
Customer traffic tagged in the normal way with appropriate VLAN IDs come from an
802.1Q trunk port on the customer device and into a tunnel port on the service-provider
edge switch. The link between the customer device and the edge switch is an
asymmetric link because one end is configured as an 802.1Q trunk port and the other
end is configured as a tunnel port. You assign the tunnel port interface to an access
VLAN ID that is unique to each customer. See following figure.
Packets coming from the customer trunk port into the tunnel port on the service-provider
edge switch are normally 802.1Q-tagged with the appropriate VLAN ID. The tagged
packets remain intact inside the switch and, when they exit the trunk port into the
service-provider network, are encapsulated with another layer of an 802.1Q tag (called
the metro tag) that contains the VLAN ID that is unique to the customer. The original
802.1Q tag from the customer is preserved in the encapsulated packet. Therefore,
packets entering the service-provider infrastructure are double-tagged, with the outer tag
containing the customer’s access VLAN ID, and the inner VLAN ID being the VLAN of
the incoming traffic.
When the double-tagged packet enters another trunk port in a service-provider core
switch, the outer tag is stripped as the packet is processed inside the switch. When the
packet exits another trunk port on the same core switch, the same metro tag is again
added to the packet.