QinQ技術出現的原因
我們都知道VLAN資源最大支持4096個
(VLAN(802.1Q)標籤在以太網幀中佔4個字節,只有12bit用於VLAN ID)。作為運營商網絡,VLAN資源已經遠遠不夠用了,解決方案是進行QinQ配置,進一步擴充VLAN資源(擴充至4096*4096),有效緩解VLAN ID資源緊張的問題。QinQ(802.1Q in 802.1Q)
QinQ技術是一種基於802.1q封裝的二層隧道協議,它將用戶私網VLAN(CVLAN)標籤封裝在公網VLAN(SVLAN)標籤中,從而為用戶提供二層VPN隧道。
- 華為的QinQ配置:
拓撲如下:
華為S5720 QinQ配置
<code>//華為S5720交換機QinQ配置
//(聚合組裡配置,將該端口上來的vlan
1001
到2999數據包打上外層標籤3838;vlan101
to
700
及3101
to
3500
的內層標籤加上外層標籤3932)
interface
Eth-Trunk10
description
To
sw-name
x.x.x.x
Bri1
port
link-type
hybrid
qinq
vlan-translation
enable
port
hybrid
tagged
vlan
2
to
500
3599
//其他不需要做QinQ的打tag進行vlan透傳
port
hybrid
untagged
vlan
3851
3932
//下行剝去外層標籤
port
vlan-stacking
vlan
1001
to
2999
stack-vlan
3838
//內層標籤1001
to
2999
,外層標籤3838
port
vlan-stacking
vlan
101
to
700
stack-vlan
3932
//內層標籤101
to
700
,外層標籤3932
port
vlan-stacking
vlan
3101
to
3500
stack-vlan
3932
需要注意:華為S5720
接口trunk模式無法配置vlan-stacking,只有hybrid接口模式才可以配置。
/<code>
- 華三交換機QinQ配置
<code>vlan-mapping方式做QinQ:
interface
Bridge-Aggregation23
description
To
xxxx
port
link-type
hybrid
undo
port
hybrid
vlan
1
port
hybrid
vlan
3
44
72
118
152
176
247
316
to
317
320
to
321
325
tagged
//透傳內層及外層VLAN
port
hybrid
vlan
328
347
352
354
359
445
527
532
to
537
539
563
tagged
port
hybrid
vlan
574
583
to
584
637
to
638
641
643
to
644
656
662
898
901
998
to
999
tagged
port
hybrid
vlan
1001
to
1003
1434
1444
3169
3197
3461
tagged
port
hybrid
vlan
3828
3926
untagged
//下行剝去外層VLAN
vlan
mapping
nest
range
1001
to
2999
nested-vlan
3828
//vlan
1001
-2999
的內層vlan,打上3838的外層vlan
vlan
mapping
nest
range
101
to
700
3101
to
3500
nested-vlan
3926
//同上
/<code>
- PON設備QinQ配置(以華三76系列PON及瑞思康達5800E為例)
拓撲如下:
1、華三S76系列PON QinQ的配置如下(通過QOS策略的方式進行):
<code>//華三S76系列PON配置QinQ,通過QOS策略的方式如下:
//display
current-configuration
interface
Onu1/0/1:1
interface
Onu1/0/1:1
description
x.x.x.x
bind
onuid
xxxx.xxxx.xxxx
upstream-sla
maximum-bandwidth
3200
uni
1
port-isolate
uni
1
vlan-mode
translation
pvid
2701
963
to
701
//業務A
pvid內層vlan2701
,業務B:將vlan963轉為701,內層pvid
701
uni
2
port-isolate
uni
2
vlan-mode
translation
pvid
2701
963
to
701
uni
3
port-isolate
uni
3
vlan-mode
translation
pvid
2701
963
to
701
uni
4
port-isolate
uni
4
vlan-mode
translation
pvid
2701
963
to
701
port
link-type
trunk
//display
current-configuration
interface
Olt
1
/0/1
interface
Olt1/0/1
description
XXXX
using
onu
1
to
32
port
link-type
hybrid
undo
port
hybrid
vlan
1
port
hybrid
vlan
963
970
to
976
tagged
//不做QinQ的VLAN直接透傳
port
hybrid
vlan
801
955
untagged
//外層VLAN
untag也即下行得剝離外層標籤
port
hybrid
pvid
vlan
801
broadcast-suppression
pps
1000
qinq
enable
//使能qinq
qinq
transparent-vlan
963
970
to
976
//不做QinQ的VLAN
qos
apply
policy
QINQ
inbound
//olt接口入方向應用qos
QINQ策略
port-isolate
enable
//OLT口隔離
//display
current-configuration
configuration
qospolicy
qos
policy
QINQ
classifier
CVLAN
behavior
SVLAN
//對應的流匹配對應的行為
classifier
HD_CVLAN
behavior
IPTV_SVLAN
//display
current-configuration
configuration
classifier
traffic
classifier
CVLAN
operator
or
//配置數據流,vlan是2000
to
4000
的數據流
if-match
customer-vlan-id
2000
to
4000
traffic
classifier
HD_CVLAN
operator
or
//配置數據流,vlan是xx(如下vlan-id)的數據流
if-match
customer-vlan-id
100
to
962
if-match
customer-vlan-id
964
to
969
if-match
customer-vlan-id
977
to
1900
//display
current-configuration
configuration
behavior
//配置行為
traffic
behavior
SVLAN
nest
top-most
vlan-id
801
//SVLAN
也即外層是801
traffic
behavior
HD_SVLAN
nest
top-most
vlan-id
955
//HD_SVLAN外層是955
策略的作用是將onu上行至olt的數據包,若數據包vlan是2000-4000的,給打上外層標籤801。
//OLT再上層設備就只認外層VLAN(也即801),這樣就隱藏了內層vlan,進而也同時縮小了廣播域。
//華三S76系列PON配置QinQ,通過vlan-mapping方式如下:
interface
Olt2/0/16
description
1528Z-DX
port-isolate
enable
group
1
using
onu
1
to
32
broadcast-suppression
pps
1000
port
link-type
hybrid
undo
port
hybrid
vlan
1
port
hybrid
vlan
8
tagged
//內層vlan不需要tag透傳
port
hybrid
vlan
3816
3902
untagged
vlan
mapping
nest
single
217
nested-vlan
3816
vlan
mapping
nest
range
1001
to
2999
nested-vlan
3816
vlan
mapping
nest
range
101
to
700
3101
to
3500
nested-vlan
3902
/<code>
2、瑞思康達5800E系列PON的QinQ配置如下:
<code>HZPON-5800E#show
running-config
onu
3
/2/1
//有vlan
translation-rule
2
都是混合業務
做QINQ
interface
onu
3
/2/1
sla
pir
204800
uni
ethernet
1
vlan
mode
translation
native
vlan
1001
//撥號做QINQ,點播機頂盒接數專的混合模式!
vlan
translation-rule
2
quit
uni
ethernet
2
vlan
mode
translation
native
vlan
1001
vlan
translation-rule
2
quit
uni
ethernet
3
vlan
mode
translation
native
vlan
1001
vlan
translation-rule
2
quit
uni
ethernet
4
vlan
mode
translation
native
vlan
1001
vlan
translation-rule
2
HZGYX-A-PersonalPON-5800E-02#show
running-config
interface
port
10
System current configuration in port mode:
interface
port
10
switchport
trunk
allowed
vlan
804
,963,970-976
//trunk(tag)模式的,點播接數專!!!特別注意!!!
switchport
trunk
untagged
vlan
remove
1
switchport
trunk
untagged
vlan
add
804
switchport
mode
trunk
switchport
protect
switchport
vlan-mapping
acl
3
add-outer
804
HZGYX-A-PersonalPON-5800E-02#
HZGYX-A-PersonalPON-5800E-02#show
running-config
fttx
FTTX current configuration:
!ROAP
Version
ISCOM5800E-SMCB_1.44.6_20160701
!command
in
fttx_mode
vlan
translation-rule
1
old
963
0
new
963
0
//vlan
轉換,963轉為963
&
970
-976
8
個vlan
vlan
translation-rule
2
old
963
0
new
970
0
vlan
translation-rule
3
old
963
0
new
971
0
vlan
translation-rule
4
old
963
0
new
972
0
vlan
translation-rule
5
old
963
0
new
973
0
vlan
translation-rule
6
old
963
0
new
974
0
vlan
translation-rule
7
old
963
0
new
975
0
vlan
translation-rule
8
old
963
0
new
976
0
換了:
HZGYX-A-PersonalPON-5800E-02#show
running-config
interface
port
10
interface
port
10
description
2427E-CC
switchport
trunk
allowed
vlan
804
,956,963,970-976
switchport
trunk
untagged
vlan
remove
1
switchport
trunk
untagged
vlan
add
804
,956
//804是撥號的外層vlan,956是點播的外層vlan
switchport
mode
trunk
switchport
protect
switchport
vlan-mapping
ingress
outer
2100
-3700
add-outer
956
//內層是2000以上就走的SR
switchport
vlan-mapping
ingress
outer
100
-960
,990-1700
add-outer
804
1F-HZGYX-A-PersonalPON-5800E-02#show
running-config
fttx
FTTX current configuration:
!ROAP
Version
ISCOM5800E-SMCB_1.44.6_20160701
!command
in
fttx_mode
vlan
translation-rule
1
old
963
0
new
963
0
vlan
translation-rule
2
old
963
0
new
970
0
vlan
translation-rule
3
old
963
0
new
971
0
vlan
translation-rule
4
old
963
0
new
972
0
vlan
translation-rule
5
old
963
0
new
973
0
vlan
translation-rule
6
old
963
0
new
974
0
vlan
translation-rule
7
old
963
0
new
975
0
vlan
translation-rule
8
old
963
0
new
976
0
vlan
translation-rule
101
old
963
0
new
2101
0
//前面是撥號的內層vlan,後面是點播的轉換的內層vlan-yes
同時做了VLAN轉換。
vlan
translation-rule
102
old
963
0
new
2102
0
vlan
translation-rule
103
old
963
0
new
2103
0
vlan
translation-rule
104
old
963
0
new
2104
0
vlan
translation-rule
105
old
963
0
new
2105
0
vlan
translation-rule
106
old
963
0
new
2106
0
........
vlan
translation-rule
1001
old
963
0
new
3001
0
......
//點播接數專的配置:是否可以理解為--撥號1001QINQ轉為804
,點播是先963轉為3001
然後3001QINQ轉為956??
onu內層配置撥號都是1001??點播都是2101對的!!
區別於:
interface
onu
1
/4/2
description
jianguonanyuan
sla
pir
204800
uni
ethernet
1
vlan
mode
tagged
native
vlan
402
quit
uni
ethernet
2
vlan
mode
tagged
native
vlan
2402
//這種就直接轉為956
這種不接數專
quit
uni
ethernet
3
vlan
mode
tagged
native
vlan
402
quit
uni
ethernet
4
vlan
mode
tagged
native
vlan
402
/<code>
故而:做了QinQ,上行只需要透傳外層VLAN(內層VLAN被隱藏 ),配置簡單,在不適用VxLAN的情況下進一步擴充了VLAN資源,緩解了VLAN資源不足的現狀。
最後附上一張總圖:(以VPN業務做QinQ為例)
畫的夠簡單明瞭哈
對網絡技術或者Python開發感興趣的可加下關注,本人會不定期發佈相關技術文章。
