Showing results for 
Search instead for 
Did you mean: 
Join Customer Connection to register!

Service Tags/VLANS- Cloud Provider for Azure & AWS

A customer of mine has an infrastructure setup to directly connect end customers into Microsoft Azure via Express Route. My customer uses Nexus 9K spine and leaves.

They currently only offer connectivity into Azure which works fine. The customer is assigned an S-Tag (Vlan) from Microsoft which is configured on my customers leaf switches, and then all VLAN's are trunked through to Microsoft for connectivity into Azure.

They now want to become a connectivity option for AWS Direct Connect. The concept is exactly the same and I have no issues with the configuration, however my concern is that Microsoft and AWS assign the customer their S-Tag (VLAN), which has the potential to clash, so if I am using the same leaf switch for Azure and AWS connectivity, what is the best way for me to set this up when there is the potential of a VLAN clash between Azure and AWS? Or is it simply not possible? Example a customer is assigned S-Tag 2 for Azure, and another S-Tag 2 for AWS.

My main objective is to utilise the existing equipment they have, giving the customers an option of either cloud service.



Reza Sharifi
Hall of Fame Expert

As far as I know, AWS direct connect (DX) can only be done using layer-3 routed port or using sub-interfaces (depending on how many VPCs you have) with static routes or BGP and not just layer-2 trunk.

Can you verify?


Hi Reza

Thanks for your reply.

Yes the end customer and Azure/AWS router end uses a layer 3 port with subinterfaces and BGP configured.

However my client is a Layer 2 connectivity provider (Middle man). An example would be: Customer A's Router plugs into my client layer 2 nexus switch, where the S-Tag is applied to the incoming traffic (Q-in-Q) on a dot1q-tunnel port, then it exits the switch on a trunk to microsofts/AWS router where they strip the S-Tag's their end.

As my customer is a layer 2 provider they are only concerned with the S-Tag's (VLANS), and my concern is that if AWS and Microsoft use conflicting ID's which will definitely happen.



 Hi James,

I have never worked with Microsoft cloud tech support but I know that AWS support is very good and flexible.  You or your customer can work with their support to make sure there are no conflicting IDs.