Solved: Re: selective qinq, qinq, layer 2,

milo34 · ‎06-29-2025

Hello everyone,

I hope everyone is doing well.

I was looking at some q-in-q concepts and if anyone can tell me what i am doing wrong i would be forever grateful.

Topology:

SW1:

interface GigabitEthernet1/0/8
switchport access vlan 1024
switchport mode access

interface GigabitEthernet1/0/3
switchport access vlan 1067
switchport mode access

interface GigabitEthernet1/0/2
switchport mode trunk

SW2

interface GigabitEthernet1/0/2
 switchport mode trunk
 switchport vlan mapping 1024 dot1q-tunnel 269
 switchport vlan mapping 1067 dot1q-tunnel 269

interface GigabitEthernet1/0/8
 switchport access vlan 269
 switchport mode access

Should i be able to ping 10.1.10.254?

Switch#show vlan mapping
Total no of vlan mappings configured: 2
Interface Gi1/0/2:
VLANs on wire                    Translated VLAN     Operation
------------------------------   ---------------     --------------
1024                                  269            selective QinQ
1067                                  269            selective QinQ

this seems to be ok, but

PC1> ping 10.1.10.254

host (10.1.10.254) not reachable

however if i do static mapping works.

Switch(config)#int g1/0/2
Switch(config-if)#switchport mode trunk
Switch(config-if)#switchport vlan mapping 1024 269
Interface Gi1/0/2:
VLANs on wire                    Translated VLAN     Operation
------------------------------   ---------------     --------------
1024                                  269            1-to-1

PC1>
PC1> ping 10.1.10.254

10.1.10.254 icmp_seq=1 timeout
84 bytes from 10.1.10.254 icmp_seq=2 ttl=254 time=227.387 ms
84 bytes from 10.1.10.254 icmp_seq=3 ttl=254 time=220.625 ms
84 bytes from 10.1.10.254 icmp_seq=4 ttl=254 time=223.253 ms
84 bytes from 10.1.10.254 icmp_seq=5 ttl=254 time=208.197 ms

With other words i would like to "dump" multiple vlans into a single one.

What are your thoughts? what am i missing?

Kind regards,

Ramblin Tech · ‎06-30-2025

What service is being offered to the three CEs (PC1, PC2, PC3)? Your discussion of QinQ and VLAN translation implies an L2 transport service (L2VPN), but I just want to confirm that you are interested in delivering Ethernet frames from one CE to another (Carrier Ethernet) as opposed to really being interested in delivering the L3 packets encapsulated by those frames.

Let's assume you need an L2VPN: should it be multipoint-to-multipoint (all CEs communicating with each other) or point-to-multipoint/rooted-multipoint/E-Tree (PCs 1 and 3 both communicate with PC2, but not directly with each other)? Also, what flexibility is there with the CE VLAN IDs? That is, why does all traffic have to be "dumped" into VLAN 269 at PC2?

There are a number of different transport technologies implemented in Carrier Ethernet (QinQ, VPLS, EVPN, EoMPLS, STP, PBB, etc) that might be available, depending on the answers to questions above (and questions not yet asked).

Disclaimers: I am long in CSCO. Bad answers are my own fault as they are not AI generated.

View solution in original post

Ramblin Tech · ‎06-30-2025

OK, got it. Let's make it a little more realistic: PC 2 (let's call it CE-2) might represent some server at a data center, while PCs 1 & 3 (CE-1, CE-3) are client devices. Let's also assume that there is no requirement for direct communication between CE-1 and CE-3.

For a VLAN-based service (as opposed to a port-based service), the Carrier Ethernet SP (aka, Ethernet Service Provider or ESP) usually sets the VLAN ID to be used by the CEs. For simplicity, let's just re-use your VLAN IDs 1024 and 1067. That is, the EVC from CE-1 to CE-2 will use VLAN ID 1024 at its two UNIs (g1/0/8 on XE9000v-sw1, g1/0/8 on XE9000v-sw2) as the discriminator to mux/demux frames for multiple EVCs at a UNI. Likewise, the EVC from CE-3 to CE-2 will use VLAN ID 1067 at its two UNIs (g1/0/3 on XE9000v-sw1, g1/0/8 on XE9000v-sw2). The g1/0/8 UNI port on XE9000v-sw2 is configured for two EVCs using VLAN ID 1024 and 1067, as is CE-2's UNI port (e0). The ESP would not ordinarily translate VLAN IDs between UNIs for the same EVC, as this would make their own troubleshooting, as well as the customer's, more difficult, and most modern gear supports VLAN IDs that are localized to each port (ie, the need for VLAN translation has diminished over time).

We just need now an implementation technology to transport VLAN-tagged frames appropriately between the SW1 and SW2 UNIs in a p2p manner. I do not know what is actually supported by the XE9000v, but two technologies come readily to mind: Selective QinQ and EoMPLS. As you mentioned an MPLS core, EoMPLS might be most appropriate.

Disclaimers: I am long in CSCO. Bad answers are my own fault as they are not AI generated.

View solution in original post

Jens Albrecht · ‎06-30-2025

Hello @milo34,

Selective QinQ and Static Vlan Mapping are 2 different techniques that serve different purposes.

Selective QinQ is a tunneling technique to bridge the same Vlan over a foreign network. This allows e.g. 2 branch offices to use the same vlans which are bridged together over a provider network. Selective QinQ adds a second tag to the frames when entering the provider from Branch A, which will then be removed when the frame leaves the provider network to Branch B. So it uses double-tagging and the original tag is preserved.

So in your example the frames from Vlans 1024 and 1067 will be double-tagged with Vlan 269 when entering int Gi1/0/2 on Sw2.
Int Gi1/0/8 connected to your PC is configured as an access port in Vlan 269 so that only the outer tag will be removed and the PC receives frames tagged for Vlans 1024 and 1067 which will be dropped, of course.

Static Vlan Mapping on the other hand replaces the tag for Vlan X with a tag for Vlan Y.
So in your example the tags for Vlans 1024 and 1067 get replaced with the tag for Vlan 269 and the PC will get untagged frames so it can understand the frame and send an answer.

Therefore, in order to "dump" multiple vlans into a single one you can use Static Vlan mapping but Selective QinQ does not work as you noticed.

HTH!

Ramblin Tech · ‎06-30-2025

What service is being offered to the three CEs (PC1, PC2, PC3)? Your discussion of QinQ and VLAN translation implies an L2 transport service (L2VPN), but I just want to confirm that you are interested in delivering Ethernet frames from one CE to another (Carrier Ethernet) as opposed to really being interested in delivering the L3 packets encapsulated by those frames.

Let's assume you need an L2VPN: should it be multipoint-to-multipoint (all CEs communicating with each other) or point-to-multipoint/rooted-multipoint/E-Tree (PCs 1 and 3 both communicate with PC2, but not directly with each other)? Also, what flexibility is there with the CE VLAN IDs? That is, why does all traffic have to be "dumped" into VLAN 269 at PC2?

There are a number of different transport technologies implemented in Carrier Ethernet (QinQ, VPLS, EVPN, EoMPLS, STP, PBB, etc) that might be available, depending on the answers to questions above (and questions not yet asked).

Disclaimers: I am long in CSCO. Bad answers are my own fault as they are not AI generated.

milo34 · ‎06-30-2025

Hi,

Thank you all for you answers.

It was a my liitle weekend lab to expand my knowledge.

The idea was to provide L2 connectivity over an mpls core.

This was meant to be the entry point where i get the tagged frames from different carriers and i was looking different posibilities.

Ramblin Tech · ‎06-30-2025

OK, got it. Let's make it a little more realistic: PC 2 (let's call it CE-2) might represent some server at a data center, while PCs 1 & 3 (CE-1, CE-3) are client devices. Let's also assume that there is no requirement for direct communication between CE-1 and CE-3.

For a VLAN-based service (as opposed to a port-based service), the Carrier Ethernet SP (aka, Ethernet Service Provider or ESP) usually sets the VLAN ID to be used by the CEs. For simplicity, let's just re-use your VLAN IDs 1024 and 1067. That is, the EVC from CE-1 to CE-2 will use VLAN ID 1024 at its two UNIs (g1/0/8 on XE9000v-sw1, g1/0/8 on XE9000v-sw2) as the discriminator to mux/demux frames for multiple EVCs at a UNI. Likewise, the EVC from CE-3 to CE-2 will use VLAN ID 1067 at its two UNIs (g1/0/3 on XE9000v-sw1, g1/0/8 on XE9000v-sw2). The g1/0/8 UNI port on XE9000v-sw2 is configured for two EVCs using VLAN ID 1024 and 1067, as is CE-2's UNI port (e0). The ESP would not ordinarily translate VLAN IDs between UNIs for the same EVC, as this would make their own troubleshooting, as well as the customer's, more difficult, and most modern gear supports VLAN IDs that are localized to each port (ie, the need for VLAN translation has diminished over time).

We just need now an implementation technology to transport VLAN-tagged frames appropriately between the SW1 and SW2 UNIs in a p2p manner. I do not know what is actually supported by the XE9000v, but two technologies come readily to mind: Selective QinQ and EoMPLS. As you mentioned an MPLS core, EoMPLS might be most appropriate.

Disclaimers: I am long in CSCO. Bad answers are my own fault as they are not AI generated.

MHM Cisco World · ‎06-30-2025

Can you add two more SW' this will give you four SW (2 CE SW and 2 PE SW)

CE SW connect to endpoint

CE SW connect to PE SW via trunk config with vlan map + qinq

PE SW to PE SW use normal trunk with allow only one vlan outer vlan

MHM