cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
624
Views
0
Helpful
10
Replies
Beginner

QinQ for connection into Azure Express Route

I have a Cat9k that I've connecting into an Azure Express Route circuit via my ISP. They have told me that it is ready to do and that my customer VLAN is 4001. I've setup the VLAN in Azure as 1001. To me, that means that the outer tag is 4001 and the inner tag is 1001. Simple enough. But I'm having issues getting it to work. Not sure if there is an issue on the provider's side or if it is a configuration issue I'm having. I am trying to peer BGP with Azure from an SVI in VLAN 1001 on the switch. Here is my config. 

 

vlan 1001

vlan 4001

 

interface vlan1001

 ip add 10.10.10.1 255.255.255.252

 

vlan dot1q-tag native

 

interface te1/1/1

  switchport mode dot1q-tunnel

  switchport access vlan 4001

 

With this configuration, VLAN 1001 never comes up. I'm guessing that I'm doing QinQ wrong but it seems to jive with documentation I've read.

 

The service provider is setup like this:

interface GigabitEthernet0/0/0/17

mtu 9216

transceiver permit pid all

!

interface GigabitEthernet0/0/0/17.4001 l2transport

encapsulation dot1q 4001

rewrite ingress tag pop 1 symmetric

 

Any thoughts?

 

Thanks!

 

 

 

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Beginner

Re: QinQ for connection into Azure Express Route

Hi!

I also don't think you need to use QinQ at all.

Did somebody from ISP or Azure side tell you that you will need to use it?

If not, I think you can just see the link between your Cat9k and Azure as a transit link in VLAN 4001.
You shouldn't have to care about what the ISP is doing.
For you it should appear like a cable going from the Cat9k to the Azure Cloud :)

Tell me what you think.

Best regards
Julian

View solution in original post

10 REPLIES 10
Highlighted
VIP Expert

Re: QinQ for connection into Azure Express Route

Not Familiar with Azure but why can't you just use vlan tag 4001 on both sides of the connection without any QinQ?

Also, you may want to open a ticket with them as QinQ may not be supported on their side.

HTH

Highlighted
Beginner

Re: QinQ for connection into Azure Express Route

The service provider is setup like this:

 

interface GigabitEthernet0/0/0/17

mtu 9216

transceiver permit pid all

!

interface GigabitEthernet0/0/0/17.4001 l2transport

encapsulation dot1q 4001

rewrite ingress tag pop 1 symmetric

Highlighted
VIP Expert

Re: QinQ for connection into Azure Express Route

Maybe I don't understand your case but the service provider should not have anything to do with your connection to Azure.

The service provider simply hand out a physical connection to you, you connect that to your switch and peer with Azure via BGP or static route. What service provider is doing on their side should be transparent to you.

HTH

Highlighted
Beginner

Re: QinQ for connection into Azure Express Route

That's what I figured as well but it doesn't seem to be working. They gave me the outside "s-tag" as being 4001 and I setup the private tag in Azure as 1001. So that would lead me to believe we need to participate in the QinQ process. Their support has been slow and not super helpful so far. Trying to get someone with more insight.

Megaport is the last hop provider into Azure. They are using 4001 with our local service provider.
Highlighted
VIP Expert

Re: QinQ for connection into Azure Express Route

Megaport is the last hop provider into Azure. They are using 4001 with our local service provider.

Megaport should not have anything to do with your peering with Azure. We use AWS the same way and it is BGP between us and AWS  We configure a sub-interface on our router (e.g sub-interface 2000) with an IP and than configure the same thing on  AWS side (vlan tag 2000).Megaport just hand off a connection to you and you just have to configure Azure on their portal if that is like AWS and than peer it Again, Megaport just provide a connection to you and their config should be transparent to you.

HTH

Highlighted
VIP Expert

Re: QinQ for connection into Azure Express Route

This is usually if you are doing a "port" with megaport witch costs $500 per month for 1 or 10Gig.

Ports

Your gateway for connectivity to the clouds, between data centres, and anywhere you want to go on our network.

1Gbps Port

$500 per month

10Gbps Port

$500 per month

Pricing values reflect both USD and AUD, visit portal.megaport.com for accurate pricing in your currency. Excludes taxes and regulatory fees

 
Highlighted
Beginner

Re: QinQ for connection into Azure Express Route

Not interested in pricing, this isn’t a marketing forum. No where in my question did I ask what a port was or how much it would cost.

Highlighted
Beginner

Re: QinQ for connection into Azure Express Route

Hi!

I also don't think you need to use QinQ at all.

Did somebody from ISP or Azure side tell you that you will need to use it?

If not, I think you can just see the link between your Cat9k and Azure as a transit link in VLAN 4001.
You shouldn't have to care about what the ISP is doing.
For you it should appear like a cable going from the Cat9k to the Azure Cloud :)

Tell me what you think.

Best regards
Julian

View solution in original post

Highlighted
Beginner

Re: QinQ for connection into Azure Express Route

Turns out it was an issue with Megaport. They had some weird stuff going on, lots of hops along the way. But, you are correct. It was just a trunk port heading to them and us tagging on the internal VLAN setup in Azure.

Thanks!
Highlighted
Beginner

Re: QinQ for connection into Azure Express Route

Hi!

Glad to hear that! :)

Let me know if you need anything else.

Have a nice day!

Best regards
Julian

CreatePlease to create content
Content for Community-Ad