cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6253
Views
0
Helpful
13
Replies

QinQ for connection into Azure Express Route

Nathan Farrar
Level 1
Level 1

I have a Cat9k that I've connecting into an Azure Express Route circuit via my ISP. They have told me that it is ready to do and that my customer VLAN is 4001. I've setup the VLAN in Azure as 1001. To me, that means that the outer tag is 4001 and the inner tag is 1001. Simple enough. But I'm having issues getting it to work. Not sure if there is an issue on the provider's side or if it is a configuration issue I'm having. I am trying to peer BGP with Azure from an SVI in VLAN 1001 on the switch. Here is my config. 

 

vlan 1001

vlan 4001

 

interface vlan1001

 ip add 10.10.10.1 255.255.255.252

 

vlan dot1q-tag native

 

interface te1/1/1

  switchport mode dot1q-tunnel

  switchport access vlan 4001

 

With this configuration, VLAN 1001 never comes up. I'm guessing that I'm doing QinQ wrong but it seems to jive with documentation I've read.

 

The service provider is setup like this:

interface GigabitEthernet0/0/0/17

mtu 9216

transceiver permit pid all

!

interface GigabitEthernet0/0/0/17.4001 l2transport

encapsulation dot1q 4001

rewrite ingress tag pop 1 symmetric

 

Any thoughts?

 

Thanks!

 

 

 

1 Accepted Solution

Accepted Solutions

julian.bendix
Level 3
Level 3

Hi!

I also don't think you need to use QinQ at all.

Did somebody from ISP or Azure side tell you that you will need to use it?

If not, I think you can just see the link between your Cat9k and Azure as a transit link in VLAN 4001.
You shouldn't have to care about what the ISP is doing.
For you it should appear like a cable going from the Cat9k to the Azure Cloud :)

Tell me what you think.

Best regards
Julian

View solution in original post

13 Replies 13

Reza Sharifi
Hall of Fame
Hall of Fame

Not Familiar with Azure but why can't you just use vlan tag 4001 on both sides of the connection without any QinQ?

Also, you may want to open a ticket with them as QinQ may not be supported on their side.

HTH

The service provider is setup like this:

 

interface GigabitEthernet0/0/0/17

mtu 9216

transceiver permit pid all

!

interface GigabitEthernet0/0/0/17.4001 l2transport

encapsulation dot1q 4001

rewrite ingress tag pop 1 symmetric

Maybe I don't understand your case but the service provider should not have anything to do with your connection to Azure.

The service provider simply hand out a physical connection to you, you connect that to your switch and peer with Azure via BGP or static route. What service provider is doing on their side should be transparent to you.

HTH

That's what I figured as well but it doesn't seem to be working. They gave me the outside "s-tag" as being 4001 and I setup the private tag in Azure as 1001. So that would lead me to believe we need to participate in the QinQ process. Their support has been slow and not super helpful so far. Trying to get someone with more insight.

Megaport is the last hop provider into Azure. They are using 4001 with our local service provider.

Megaport is the last hop provider into Azure. They are using 4001 with our local service provider.

Megaport should not have anything to do with your peering with Azure. We use AWS the same way and it is BGP between us and AWS  We configure a sub-interface on our router (e.g sub-interface 2000) with an IP and than configure the same thing on  AWS side (vlan tag 2000).Megaport just hand off a connection to you and you just have to configure Azure on their portal if that is like AWS and than peer it Again, Megaport just provide a connection to you and their config should be transparent to you.

HTH

This is usually if you are doing a "port" with megaport witch costs $500 per month for 1 or 10Gig.

Ports

Your gateway for connectivity to the clouds, between data centres, and anywhere you want to go on our network.

1Gbps Port

$500 per month

10Gbps Port

$500 per month

Pricing values reflect both USD and AUD, visit portal.megaport.com for accurate pricing in your currency. Excludes taxes and regulatory fees

 

Not interested in pricing, this isn’t a marketing forum. No where in my question did I ask what a port was or how much it would cost.

julian.bendix
Level 3
Level 3

Hi!

I also don't think you need to use QinQ at all.

Did somebody from ISP or Azure side tell you that you will need to use it?

If not, I think you can just see the link between your Cat9k and Azure as a transit link in VLAN 4001.
You shouldn't have to care about what the ISP is doing.
For you it should appear like a cable going from the Cat9k to the Azure Cloud :)

Tell me what you think.

Best regards
Julian

Turns out it was an issue with Megaport. They had some weird stuff going on, lots of hops along the way. But, you are correct. It was just a trunk port heading to them and us tagging on the internal VLAN setup in Azure.

Thanks!

Hi!

Glad to hear that! :)

Let me know if you need anything else.

Have a nice day!

Best regards
Julian

Hi All,

 

Thanks for the explanation - I'm running currently a similar approach with the Azure Expressroute - our device is getting two Vlans 524 (S-TAG) and 321 (Dot1q plain internet) at one port on a Cisco Cat. 6500.

 

I configured the Port from the Service Provider as a trunk port and created the interface vlan 1108(Azure Internal Vlan) and gave it the needed IP - How does the Vlan nows where to go and where to send the traffic to ? 

 

I'm pretty lost in this topic.

 

Best Regards

Frederik

Hi Nathan,

 

Trying to setup the same with a provider (not Megapath) on my Cat9300 and was given similar information, the outer vlan ID. I followed QinQ configuration since everything led me to believe that is necessary but this thread makes it seem like it isn't. Wondering what config you ended with in the end. Thanks.

@Nathan Farrar  How does the configuration look like? We want to land our express route on a stacked pair of Cat9300.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: