Double Tagged VLAN Termination

selvakumar.vec · ‎01-11-2020

Dear Guys,

We are planning to provide multiple services over a single vlan. For that, our access provider is giving double tagged VLANs as per the rough diagram. They are giving via Aggregation CPE (Huawei Switch) as trunk link with double tagged vlans. And they will be giving multiple outer vlans (two for Each Exchanges Eg. 1570,1571) and all outer vlans will be having 4 inner vlans (11,12,13,14) to give multiple services.

We are planning to direct these double tagged outer vlans (1570 & 1571) and inner vlans 13 & 14 to our CISCO7206VXR Cisco Router R2. So these double tagged traffic will be going via S1 & S2 switches to Our router R2 from the provider CPE as per the attached diagram.

To implement this setup, I have few queries. Could you guys advise me to move further.

1.To process double tagged vlans, I hope Switch needs MTU of 1504 than default 1500. So Should I change the system MTU and System MTU jumbo size to 1504 in my switches S1 & S2.
2. Whether I need to change MTU in switches S3 & S4 also. They will not be handling any double tagged vlan traffic. They are handling only single dot1q frames and running with default 1500 MTU size. With this default MTU, Whether any incompatibility will be there between S1 & S3. In a switched Network, Whether switches with different MTU can connect each other as long as they are sending frames within lowest configured MTU size on one switch.
3. In provider facing interface of Switch S1, Can I configure the interface as trunk to accept the outer vlans only or any other special configurations needed to accept those double tagged vlan traffic.

Sample config:

interface GigabitEthernet1/0/9
switchport trunk allowed vlan (outervlans)
switchport mode trunk

4. Whether the trunk link between Switches S1 & S2 will be accepting double tagged vlans from provider received via Provider CPE in addition to single tagged vlans received via Switch S3.

5. Similarly, I am going to create subinterfaces on R2 for each outer and inner vlan combinations as below.

interface g0/3.131570
encapsulation dot1Q 1570 second-dot1q 13
ip address x.x.x.x 255.255.255.0

interface g0/3.131571
encapsulation dot1Q 1571 second-dot1q 13
ip address y.y.y.y 255.255.255.0

and in the main interface, I will be configuring as below

interface g0/3
no ip address

Any other configuration is required apart from the above to accept double tagged vlans in router side.

6.Can we able to create subinterfaces for single tagged and double tagged vlans in the same physical interface of router.

Kindly check the above and guide me to implement the above setup. Also provide me any documentations if you have for this setup.

Note: All the connections shown in my network between switches and router are trunk links.

Thanks,
Selva

selvakumar.vec · ‎01-12-2020

Dear @Leo Laohoo & @Giuseppe Larosa @Joseph W. Doherty ,

Could you guys please advise on my queries. It will be really helpful for me to move further.

Thanks,
Selva

Joseph W. Doherty · ‎01-12-2020

Sorry, I have little experience with double tagged VLANs, certainly not with the kind of topology you hope to implement.

selvakumar.vec · ‎01-14-2020

Thanks for your kind reply @Joseph W. Doherty

Giuseppe Larosa · ‎01-13-2020

Hello Selva,

your understanding is correct I have followed a customer migrating from C7200VXR to ASR 1000.

The scenario that you describe is called PBB (Provider Backbone Bridge) in metro ethernet forum

see

https://wiki.mef.net/display/CESG/PBB-TE+Support+for+Carrier+Ethernet+Services

The C7200VXR is able to process double vlan tagged frames and to provide a L3 subinterface on the inner Vlan.

My recommendation is to use the so called Vlan normalization: make consistent the presentation of traffic to the CPE.

in my case ASR 1000 had issues when traffic was a mix of single tagged frames and double tagged frames.

As the C7200VXR will be substituted with an ASR 1000 (X) in the future:

Use 802.1Q tunneling to add a second tag to single tagged Vlans and presents all traffic with double Vlan tags to your CPE.

This will work in the future on ASR 1000 X IOS XE.

Hope to help

Giuseppe

selvakumar.vec · ‎01-14-2020

Thanks @Giuseppe Larosa for your advice. It really helped a lot.

My provider is confirming that they will be sending double tagged packets with 1500 bytes MTU. Whether can we process the double tagged packets with our cisco switch default 1500 MTU size.

You faced this mixed vlan issue while sending doubled tagged and single tagged packets to the same physical interface of ASR 1000 Router. If we use different physical ports like one port for single tagged and other for double tagged vlan packets, then can we overcome the mixed vlan issue.

Can cisco switches (C9300 & 3750X) able to handle both single and double tagged packets in the same trunk ports?

Thanks,

Selva

Giuseppe Larosa · ‎01-14-2020

Hello Selva,

>> My provider is confirming that they will be sending double tagged packets with 1500 bytes MTU. Whether can we process the double tagged packets with our cisco switch default 1500 MTU size.

you need

conf t

system mtu 1508

>> You faced this mixed vlan issue while sending doubled tagged and single tagged packets to the same physical interface of ASR 1000 Router. If we use different physical ports like one port for single tagged and other for double tagged vlan packets, then can we overcome the mixed vlan issue.

your understanding is correct.

>> Can cisco switches (C9300 & 3750X) able to handle both single and double tagged packets in the same trunk ports?

I don't think so ME3400 ME3600X and ME3800X are able to process EVCs. These switches are focused on metro ethernet / carrier ethernet and they are capable to run VPLS. H-VPLS and to use EVCs.

The classic C3750X is enterprise oriented. C9300 might support it but again it is an enterprise oriented switch.

Hope to help

Giuseppe

selvakumar.vec · ‎01-15-2020

Dear @Giuseppe Larosa ,

Today we started testing those double tagged packets scenario, Switches can able to process those double tagged packets with default 1500 MTU Size and also both single and double tagged packets passed through same trunk port of the switch 3750x without any issue.

I will update you regarding the status and performance after final testing.

I have one more doubt.

Can we allocate same subnet to multiple subinterfaces. Like multiple subinterfaces of router should share the same IP subnet. Is that possible.

I tried the option "IP Unnumbered" . But it is not helping on 7200 router. Whether IP Unnumbered command on Cisco ASR 1001-X router will help to allocate one subnet for multiple subinterfaces.Because in the below second link, I can able to see below option.

Feature Name Releases Feature Information

VLANs over IP Unnumbered Subinterfaces

Cisco IOS XE Release 3.9S

The VLANs over IP Unnumbered Subinterfaces feature allows IP unnumbered interface support to be configured on Ethernet VLAN subinterfaces. This feature also provides support for DHCP on VLAN subinterfaces. Configuring Ethernet VLANs on IP unnumbered subinterfaces can save IPv4 address space and simplify configuration management, address management, and migration for DSL providers from ATM networks to IP.

The following command was modified:

ip unnumbered

I will check with ASR Router and I will update you whether this is working or not.

IP Unnumbered links below

https://www.cisco.com/c/en/us/support/docs/ip/hot-standby-router-protocol-hsrp/13786-20.html

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/lanswitch/configuration/xe-16-10/lanswitch-xe-16-10-book/lsw-cfg-vlan-ip-unnum-subint.pdf

Thanks,

Selva

selvakumar.vec · ‎05-03-2020

Dear @Giuseppe Larosa ,

Default MTU size of 1500 bytes is so far working good. But we faced some issues for IPsec VPN traffic, when keeping the default MTU size of 1500.

As per your advice, we are planning to increase the MTU size. I have below queries. Could you please help me.

1. For double tagged packets, there will be 4 extra bytes for extra VLAN tag than the normal 1500 bytes MTU. Then is it enough if we increase the MTU to 1504. Why you advised to increase the MTU to 1508 bytes. Is there any reason.

2. Whether we need to increase the MTU size on the router interface also. Or is it enough, if we increase the MTU size in switches alone.

Thanks,

Selva