QinQ技术出现的原因
我们都知道VLAN资源最大支持4096个
(VLAN(802.1Q)标签在以太网帧中占4个字节,只有12bit用于VLAN ID)。作为运营商网络,VLAN资源已经远远不够用了,解决方案是进行QinQ配置,进一步扩充VLAN资源(扩充至4096*4096),有效缓解VLAN ID资源紧张的问题。QinQ(802.1Q in 802.1Q)
QinQ技术是一种基于802.1q封装的二层隧道协议,它将用户私网VLAN(CVLAN)标签封装在公网VLAN(SVLAN)标签中,从而为用户提供二层VPN隧道。
- 华为的QinQ配置:
拓扑如下:
华为S5720 QinQ配置
<code>//华为S5720交换机QinQ配置
//(聚合组里配置,将该端口上来的vlan
1001
到2999数据包打上外层标签3838;vlan101
to
700
及3101
to
3500
的内层标签加上外层标签3932)
interface
Eth-Trunk10
description
To
sw-name
x.x.x.x
Bri1
port
link-type
hybrid
qinq
vlan-translation
enable
port
hybrid
tagged
vlan
2
to
500
3599
//其他不需要做QinQ的打tag进行vlan透传
port
hybrid
untagged
vlan
3851
3932
//下行剥去外层标签
port
vlan-stacking
vlan
1001
to
2999
stack-vlan
3838
//内层标签1001
to
2999
,外层标签3838
port
vlan-stacking
vlan
101
to
700
stack-vlan
3932
//内层标签101
to
700
,外层标签3932
port
vlan-stacking
vlan
3101
to
3500
stack-vlan
3932
需要注意:华为S5720
接口trunk模式无法配置vlan-stacking,只有hybrid接口模式才可以配置。
/<code>
- 华三交换机QinQ配置
<code>vlan-mapping方式做QinQ:
interface
Bridge-Aggregation23
description
To
xxxx
port
link-type
hybrid
undo
port
hybrid
vlan
1
port
hybrid
vlan
3
44
72
118
152
176
247
316
to
317
320
to
321
325
tagged
//透传内层及外层VLAN
port
hybrid
vlan
328
347
352
354
359
445
527
532
to
537
539
563
tagged
port
hybrid
vlan
574
583
to
584
637
to
638
641
643
to
644
656
662
898
901
998
to
999
tagged
port
hybrid
vlan
1001
to
1003
1434
1444
3169
3197
3461
tagged
port
hybrid
vlan
3828
3926
untagged
//下行剥去外层VLAN
vlan
mapping
nest
range
1001
to
2999
nested-vlan
3828
//vlan
1001
-2999
的内层vlan,打上3838的外层vlan
vlan
mapping
nest
range
101
to
700
3101
to
3500
nested-vlan
3926
//同上
/<code>
- PON设备QinQ配置(以华三76系列PON及瑞思康达5800E为例)
拓扑如下:
1、华三S76系列PON QinQ的配置如下(通过QOS策略的方式进行):
<code>//华三S76系列PON配置QinQ,通过QOS策略的方式如下:
//display
current-configuration
interface
Onu1/0/1:1
interface
Onu1/0/1:1
description
x.x.x.x
bind
onuid
xxxx.xxxx.xxxx
upstream-sla
maximum-bandwidth
3200
uni
1
port-isolate
uni
1
vlan-mode
translation
pvid
2701
963
to
701
//业务A
pvid内层vlan2701
,业务B:将vlan963转为701,内层pvid
701
uni
2
port-isolate
uni
2
vlan-mode
translation
pvid
2701
963
to
701
uni
3
port-isolate
uni
3
vlan-mode
translation
pvid
2701
963
to
701
uni
4
port-isolate
uni
4
vlan-mode
translation
pvid
2701
963
to
701
port
link-type
trunk
//display
current-configuration
interface
Olt
1
/0/1
interface
Olt1/0/1
description
XXXX
using
onu
1
to
32
port
link-type
hybrid
undo
port
hybrid
vlan
1
port
hybrid
vlan
963
970
to
976
tagged
//不做QinQ的VLAN直接透传
port
hybrid
vlan
801
955
untagged
//外层VLAN
untag也即下行得剥离外层标签
port
hybrid
pvid
vlan
801
broadcast-suppression
pps
1000
qinq
enable
//使能qinq
qinq
transparent-vlan
963
970
to
976
//不做QinQ的VLAN
qos
apply
policy
QINQ
inbound
//olt接口入方向应用qos
QINQ策略
port-isolate
enable
//OLT口隔离
//display
current-configuration
configuration
qospolicy
qos
policy
QINQ
classifier
CVLAN
behavior
SVLAN
//对应的流匹配对应的行为
classifier
HD_CVLAN
behavior
IPTV_SVLAN
//display
current-configuration
configuration
classifier
traffic
classifier
CVLAN
operator
or
//配置数据流,vlan是2000
to
4000
的数据流
if-match
customer-vlan-id
2000
to
4000
traffic
classifier
HD_CVLAN
operator
or
//配置数据流,vlan是xx(如下vlan-id)的数据流
if-match
customer-vlan-id
100
to
962
if-match
customer-vlan-id
964
to
969
if-match
customer-vlan-id
977
to
1900
//display
current-configuration
configuration
behavior
//配置行为
traffic
behavior
SVLAN
nest
top-most
vlan-id
801
//SVLAN
也即外层是801
traffic
behavior
HD_SVLAN
nest
top-most
vlan-id
955
//HD_SVLAN外层是955
策略的作用是将onu上行至olt的数据包,若数据包vlan是2000-4000的,给打上外层标签801。
//OLT再上层设备就只认外层VLAN(也即801),这样就隐藏了内层vlan,进而也同时缩小了广播域。
//华三S76系列PON配置QinQ,通过vlan-mapping方式如下:
interface
Olt2/0/16
description
1528Z-DX
port-isolate
enable
group
1
using
onu
1
to
32
broadcast-suppression
pps
1000
port
link-type
hybrid
undo
port
hybrid
vlan
1
port
hybrid
vlan
8
tagged
//内层vlan不需要tag透传
port
hybrid
vlan
3816
3902
untagged
vlan
mapping
nest
single
217
nested-vlan
3816
vlan
mapping
nest
range
1001
to
2999
nested-vlan
3816
vlan
mapping
nest
range
101
to
700
3101
to
3500
nested-vlan
3902
/<code>
2、瑞思康达5800E系列PON的QinQ配置如下:
<code>HZPON-5800E#show
running-config
onu
3
/2/1
//有vlan
translation-rule
2
都是混合业务
做QINQ
interface
onu
3
/2/1
sla
pir
204800
uni
ethernet
1
vlan
mode
translation
native
vlan
1001
//拨号做QINQ,点播机顶盒接数专的混合模式!
vlan
translation-rule
2
quit
uni
ethernet
2
vlan
mode
translation
native
vlan
1001
vlan
translation-rule
2
quit
uni
ethernet
3
vlan
mode
translation
native
vlan
1001
vlan
translation-rule
2
quit
uni
ethernet
4
vlan
mode
translation
native
vlan
1001
vlan
translation-rule
2
HZGYX-A-PersonalPON-5800E-02#show
running-config
interface
port
10
System current configuration in port mode:
interface
port
10
switchport
trunk
allowed
vlan
804
,963,970-976
//trunk(tag)模式的,点播接数专!!!特别注意!!!
switchport
trunk
untagged
vlan
remove
1
switchport
trunk
untagged
vlan
add
804
switchport
mode
trunk
switchport
protect
switchport
vlan-mapping
acl
3
add-outer
804
HZGYX-A-PersonalPON-5800E-02#
HZGYX-A-PersonalPON-5800E-02#show
running-config
fttx
FTTX current configuration:
!ROAP
Version
ISCOM5800E-SMCB_1.44.6_20160701
!command
in
fttx_mode
vlan
translation-rule
1
old
963
0
new
963
0
//vlan
转换,963转为963
&
970
-976
8
个vlan
vlan
translation-rule
2
old
963
0
new
970
0
vlan
translation-rule
3
old
963
0
new
971
0
vlan
translation-rule
4
old
963
0
new
972
0
vlan
translation-rule
5
old
963
0
new
973
0
vlan
translation-rule
6
old
963
0
new
974
0
vlan
translation-rule
7
old
963
0
new
975
0
vlan
translation-rule
8
old
963
0
new
976
0
换了:
HZGYX-A-PersonalPON-5800E-02#show
running-config
interface
port
10
interface
port
10
description
2427E-CC
switchport
trunk
allowed
vlan
804
,956,963,970-976
switchport
trunk
untagged
vlan
remove
1
switchport
trunk
untagged
vlan
add
804
,956
//804是拨号的外层vlan,956是点播的外层vlan
switchport
mode
trunk
switchport
protect
switchport
vlan-mapping
ingress
outer
2100
-3700
add-outer
956
//内层是2000以上就走的SR
switchport
vlan-mapping
ingress
outer
100
-960
,990-1700
add-outer
804
1F-HZGYX-A-PersonalPON-5800E-02#show
running-config
fttx
FTTX current configuration:
!ROAP
Version
ISCOM5800E-SMCB_1.44.6_20160701
!command
in
fttx_mode
vlan
translation-rule
1
old
963
0
new
963
0
vlan
translation-rule
2
old
963
0
new
970
0
vlan
translation-rule
3
old
963
0
new
971
0
vlan
translation-rule
4
old
963
0
new
972
0
vlan
translation-rule
5
old
963
0
new
973
0
vlan
translation-rule
6
old
963
0
new
974
0
vlan
translation-rule
7
old
963
0
new
975
0
vlan
translation-rule
8
old
963
0
new
976
0
vlan
translation-rule
101
old
963
0
new
2101
0
//前面是拨号的内层vlan,后面是点播的转换的内层vlan-yes
同时做了VLAN转换。
vlan
translation-rule
102
old
963
0
new
2102
0
vlan
translation-rule
103
old
963
0
new
2103
0
vlan
translation-rule
104
old
963
0
new
2104
0
vlan
translation-rule
105
old
963
0
new
2105
0
vlan
translation-rule
106
old
963
0
new
2106
0
........
vlan
translation-rule
1001
old
963
0
new
3001
0
......
//点播接数专的配置:是否可以理解为--拨号1001QINQ转为804
,点播是先963转为3001
然后3001QINQ转为956??
onu内层配置拨号都是1001??点播都是2101对的!!
区别于:
interface
onu
1
/4/2
description
jianguonanyuan
sla
pir
204800
uni
ethernet
1
vlan
mode
tagged
native
vlan
402
quit
uni
ethernet
2
vlan
mode
tagged
native
vlan
2402
//这种就直接转为956
这种不接数专
quit
uni
ethernet
3
vlan
mode
tagged
native
vlan
402
quit
uni
ethernet
4
vlan
mode
tagged
native
vlan
402
/<code>
故而:做了QinQ,上行只需要透传外层VLAN(内层VLAN被隐藏 ),配置简单,在不适用VxLAN的情况下进一步扩充了VLAN资源,缓解了VLAN资源不足的现状。
最后附上一张总图:(以VPN业务做QinQ为例)
画的够简单明了哈
对网络技术或者Python开发感兴趣的可加下关注,本人会不定期发布相关技术文章。
