Table of Contents

1 QinQ Configuration ···································································································································1-1

Introduction to QinQ ································································································································1-1
Background ·····································································································································1-1
QinQ Mechanism and Benefits········································································································1-1
QinQ Frame Structure ·····················································································································1-2
Implementations of QinQ·················································································································1-3
Modification of the TPID Value in VLAN Tags·················································································1-3
Configuring Outer VLAN Tag Priority ······························································································1-4
Configuring Basic QinQ ··························································································································1-5
Configuring Selective QinQ·····················································································································1-5
Configuring the TPID of a VLAN Tag······································································································1-7
Configure Outer VLAN Tag Priority·········································································································1-7
QinQ Configuration Example ··················································································································1-9

i
1 QinQ Configuration

When configuring QinQ, go to these sections for information you are interested in:
z Introduction to QinQ
z Configuring Basic QinQ
z Configuring Selective QinQ
z Configuring the TPID of a VLAN Tag
z Configure Outer VLAN Tag Priority
z QinQ Configuration Example

z Throughout this document, customer network VLANs (CVLANs), also called inner VLANs, refer to
the VLANs that a customer uses on the private network; and service provider network VLANs
(SVLANs), also called outer VLANs, refer to the VLANs that a service provider uses to carry VLAN
tagged traffic for customers.
z QinQ requires configurations only on the service provider network, not on the customer network.

Introduction to QinQ
Background

In the VLAN tag field defined in IEEE 802.1Q, only 12 bits are used for VLAN IDs, so a device can
support a maximum of 4094 VLANs. In actual applications, however, a large number of VLANs are
required to isolate users, especially in metropolitan area networks (MANs), and 4094 VLANs are far
from satisfying such requirements.

QinQ Mechanism and Benefits

QinQ provided by the S7500E series is a flexible, easy-to-implement Layer 2 VPN technique, which
enables the access point to encapsulate an outer VLAN tag in Ethernet frames from customer networks
(private networks), so that the Ethernet frames will travel across the service provider’s backbone
network (public network) with double VLAN tags. The inner VLAN tag is the customer network VLAN tag
while the outer one is the VLAN tag assigned by the service provider to the customer. In the public
network, frames are forwarded based on the outer VLAN tag only, with the source MAC address learned
as a MAC address table entry for the VLAN indicated by the outer tag, while the customer network
VLAN tag is transmitted as part of the data in the frames.
QinQ enables a service provider to use a single SVLAN to serve customers who have multiple CVLANs.
As shown in Figure 1-1, customer network A has CVLANs 1 through 10, while customer network B has
CVLANs 1 through 20. The SVLAN allocated by the service provider for customer network A is SVLAN
3, and that for customer network B is SVLAN 4. When a tagged Ethernet frame of customer network A

1-1
 enters the service provider network, it is tagged with outer VLAN 3; when a tagged Ethernet frame of
customer network B enters the service provider network, it is tagged with outer VLAN 4. In this way,
there is no overlap of VLAN IDs among customers, and traffic from different customers does not
become mixed.
Figure 1-1 Schematic diagram of the QinQ feature

Customer network A
VLAN 1~10

Customer network A
VLAN 1~10

Service provider
network
VLAN 3 VLAN 3

Network
VLAN 4 VLAN 4

Customer network B Customer network B

VLAN 1~20 VLAN 1~20

By tagging tagged frames, QinQ expands the available VLAN space from 4094 to 4094 × 4094 and thus
satisfies the requirement for VLAN space in MAN. It mainly addresses the following issues:
z Releases the stress on the SVLAN resource.
z Enables customers to plan their CVLANs without conflicting with SVLANs.
z Provides an easy-to-implement Layer 2 VPN solution for small-sized MANs or intranets.

QinQ Frame Structure

A QinQ frame is transmitted double-tagged over the service provider network. The inner VLAN tag is the
CVLAN tag while the outer one is the SVLAN tag that the service provider has allocated to the customer.
Figure 1-2 shows the structure of single-tagged and double-tagged Ethernet frames.

1-2
 Figure 1-2 Single-tagged frame structure vs. double-tagged Ethernet frame structure

Implementations of QinQ

There are two types of QinQ implementations: basic QinQ and selective QinQ.
1) Basic QinQ
Basic QinQ is a port-based feature, which is implemented through VLAN VPN.
With the VLAN VPN feature enabled on a port, when a frame arrives on the port, the switch will tag it
with the port’s default VLAN tag, regardless of whether the frame is tagged or untagged. If the received
frame is already tagged, this frame becomes a double-tagged frame; if it is an untagged frame, it is
tagged with the port’s default VLAN tag.
2) Selective QinQ
Selective QinQ is an implementation more flexible than basic QinQ. In addition to all the functions of
basic QinQ, selective QinQ can tag frames with different outer VLAN tags based on their inner VLAN
IDs.
The S7500E series implements selective QinQ by using customer VLAN IDs as match criteria to
classify frames and then tagging the frames that match a certain VLAN ID with the outer VLAN tag
defined in the associated traffic behavior.

Modification of the TPID Value in VLAN Tags

A VLAN tag uses the tag protocol identifier (TPID) field to identify the protocol type of the tag. The value
of this field, as defined in IEEE 802.1Q, is 0x8100.
Figure 1-1 shows the 802.1Q-defined tag structure of an Ethernet frame.
Figure 1-3 VLAN Tag structure of an Ethernet frame

1-3
 An S7500E switch determines whether a received frame is VLAN tagged by comparing its own TPID
with the TPID field in the received frame. If they match, the frame is considered as a VLAN tagged
frame. If not, the switch tags the frame with the default VLAN tag of the receiving port.
The systems of different vendors may set the TPID in the outer VLAN tag of QinQ frames to different
values. For compatibility with these systems, the S7500E series switches allow you to modify the TPID
values in the VLAN tags in QinQ frames, including:
z The TPID value in customer network VLAN tags. The switch uses it to determine whether a frame
received from the customer network is VLAN tagged. If the frame is considered as VLAN untagged,
the switch tags the frame with the default VLAN tag of the receiving port. This default VLAN tag
uses the TPID that you have configured.
z The TPID value in service provider network VLAN tags. The switch uses it to determine whether a
frame received from the service provider network is VLAN tagged. In addition, the switch uses the
configured TPID in the outer VLAN tag for customer network frames for compatibility with
third-party devices.
The TPID in an Ethernet frame has the same position with the protocol type field in a frame without a
VLAN tag. To avoid problems in packet forwarding and handling in the network, you cannot set the TPID
value to any of the values in the table below.

Table 1-1 Reserved protocol type values

Protocol type Value

ARP 0x0806
PUP 0x0200
RARP 0x8035
IP 0x0800
IPv6 0x86DD
PPPoE 0x8863/0x8864
MPLS 0x8847/0x8848
IPX/SPX 0x8137
IS-IS 0x8000
LACP 0x8809
802.1x 0x888E
Cluster 0x88A7

Reserved 0xFFFD/0xFFFE/0xFFFF

Configuring Outer VLAN Tag Priority

By default, when tagging a tagged frame, the H3C S7500E series Ethernet switches copy the priority
carried in the inner VLAN tag to the outer VLAN tag of the frame and uses the priority as the
transmission priority of the frame in the service provider network. When there are a large number of
users connected to the switch and many types of packets, the packet priority you configured may
conflict with the data transmission policy in the service provider network. In this case, you can use the
QoS policy function provided by the S7500E series switch to configure the priority in the outer VLAN tag
for frames in the following two ways:
1-4
 z Inner VLAN-to-outer VLAN tag priority mapping: classify traffic based on inner VLAN; configure an
action of marking traffic with outer VLAN tag priority in the traffic behavior.
z Inner-to-outer VLAN tag priority mapping: classify traffic based on inner VLAN tag priority;
configure an action of marking traffic with outer VLAN tag priority in the traffic behavior.

Configuring Basic QinQ

Follow these steps to configure basic QinQ:

To do... Use the command... Remarks

Enter system view system-view —
Enter Required
interface interface-type
Ethernet port Use either command.
interface-number
view
z Settings made in Ethernet
Enter interface view take effect only on
Layer-2 interface the current port.
Enter aggregate bridge-aggregation z Settings made in Layer-2
interface interface interface-number aggregate interface view take
view or port view effect on the Layer-2 aggregate
group view interface and the member ports
in the aggregation group
port-group { manual corresponding to the Layer-2
Enter port aggregate interface.
port-group-name |
group view z Settings made in port group view
aggregation agg-id }
take effect on all ports in the port
group.
Required
Enable QinQ on the port(s) qinq enable
Disabled by default

It is recommended that you do not configure QinQ on an RRPP-enabled port, because RRPP packets
may be transmitted to the wrong VLANs, causing RRPP to become invalid. If you really need to
configure QinQ on an RRPP-enabled port, you can configure VLAN mapping on the port and configure
the RRPP control VLANs as the CVLANs and SVLANs at the same time. In this way, the RRPP packets
can skip QinQ operations and continue to be transmitted in the control VLANs. For detailed information
about RRPP control VLANs, refer to the RRPP module in the Access Volume.

Configuring Selective QinQ

Follow these steps to configure selective QinQ:

To do... Use the command... Remarks

Enter system view system-view —
Required
traffic classifier
Create a class and enter class By default, the relationship
classifier-name [ operator
view between the match criteria in a
{ and | or } ]
class is logical AND.

1-5
 To do... Use the command... Remarks
Specify the inner VLAN ID(s) of if-match customer-vlan-id
Required
matching frames vlan-id-list
Exit to system view quit —
Create a traffic behavior and traffic behavior
Required
enter traffic behavior view behavior-name
Specify an outer VLAN ID nest top-most vlan-id vlan-id Required
Exit to system view quit —

Create a QoS policy and enter

qos policy policy-name Required
QoS policy view
Tag the frames that carry a
specified inner VLAN ID with
classifier classifier-name
the specified outer VLAN ID by Required
behavior behavior-name
associating the traffic behavior
with the class
Exit to system view quit —
Enter Ethernet interface interface-type Required
port view interface-number Use either command.
Enter Layer-2 z Settings made in Ethernet
interface bridge-aggregation
aggregate interface view take effect
interface-number
interface view only on the current port.
Enter the
z Settings made in Layer-2
Ethernet port
aggregate interface view
view of the
take effect on the Layer-2
customer
aggregate interface and the
network-side
port-group { manual member ports in the
port Enter port
port-group-name | aggregation group
group view corresponding to the
aggregation agg-id }
Layer-2 aggregate interface.
z Settings made in port group
view take effect on all ports
in the port group.
Enable basic QinQ qing enable Required
Apply the QoS policy in the qos apply policy policy-name
Required
inbound direction inbound

z Before enabling selective QinQ on a port, enable basic QinQ on the port first. Selective QinQ
enjoys higher priority than basic QinQ. Therefore, a received frame will be tagged with an outer
VLAN ID based on basic QinQ only after it fails to match the match criteria defined in the traffic
class.
z Selective QinQ is achieved through QoS policies. For detailed information about QoS policies,
refer to the part talking about QoS in the QoS Volume.

1-6
Configuring the TPID of a VLAN Tag
Follow these steps to configure the TPID value of a VLAN tag:

To do... Use the command... Remarks

Enter system view system-view —
Configure the TPID in the Optional
qinq ethernet-type
customer network VLAN
customer-tag hex-value 0x8100 by default.
tags
Enter Required
interface interface-type
Ethernet Use either command.
interface-number
port view
z Settings made in Ethernet
Enter interface view take effect only
Enter Layer-2 on the current port.
interface bridge-aggregation
Ethernet port aggregate z Settings made in Layer-2
interface-number
view or port interface aggregate interface view take
group view of view effect on the Layer-2
a service aggregate interface and the
provider-side member ports in the
port or ports aggregation group
Enter port port-group manual corresponding to the Layer-2
group view port-group-name aggregate interface.
z Settings made in port group
view take effect on all ports in
the port group.
Configure the TPID in the Optional
qinq ethernet-type service-tag
service provider network
hex-value 0x8100 by default
VLAN tags

Configure Outer VLAN Tag Priority

Following these steps to configure outer VLAN tag priority:

To do... Use the command... Remarks

Enter system view system-view —

traffic classifier Required

Create a class and enter class view classifier-name [ operator By default, the keyword and
{ and | or } ] is used.
Configure to
classify traffic if-match customer-vlan-id
based on inner vlan-id-list
Configure the VLAN Required
matching
criteria Configure to Use either command.
classify traffic if-match customer-dot1p
based on inner 8021p-list
VLAN tag priority
Quit to system view quit —

Create a traffic behavior and enter traffic behavior

Required
traffic behavior view behavior-name
Configure the action of marking
traffic with the outer VLAN tag remark dot1p 8021p Required
priority (that is, 802.1p priority)

1-7
 To do... Use the command... Remarks
Quit to system view quit —
Create a QoS policy and enter QoS
qos policy policy-name Required
policy view
Associate the class with the traffic classifier classifier-name
Required
behavior configured above behavior behavior-name
Quit to system view quit —
Enter Ethernet interface interface-type Use either of the three
port view interface-number commands.
Enter Layer-2 interface z Configurations made in
aggregate bridge-aggregation Ethernet port view take
interface view interface-number effect only on the current
port.
z Configurations made in
Layer-2 aggregate
interface view take effect
on the Layer-2 aggregate
interface and the member
Enter the view ports in the aggregation
of the Ethernet group corresponding to
port/Layer-2 the Layer-2 aggregate
aggregate interface. In this process,
interface/port if the configuration on one
group member port in the
connecting to aggregation group fails,
the customer Enter port group port-group manual the system skips the port
networks view port-group-name and continues to
configure other member
port; however, if the
configuration on the
Layer-2 aggregate
interface fails, the system
will not configure the
member ports in the
aggregation group.
z Configurations made in
port group view take
effect on all ports in the
port group.
Enable basic QinQ on the port qinq enable Required
Apply the QoS policy to the qos apply policy
Required
inbound direction of the port policy-name inbound

The configuration of outer VLAN tag priority is achieved through QoS policies. For more information
about QoS policies, refer to the part talking about QoS in the QoS Volume.

1-8
QinQ Configuration Example
Network requirements

z Provider A and Provider B are service provider network access devices.

z Customer A, Customer B, Customer C, and Customer D are customer network access devices.
z Provider A and Provider B are interconnected through a trunk port, which permits the frames of
VLAN 1000, VLAN 2000, and VLAN 3000 to pass through.
z Third-party devices are deployed between Provider A and Provider B, with a TPID value of 0x8200.
The expected result of the configuration is as follows:
z VLAN 10 of Customer A and Customer B can intercommunicate across VLAN 1000 on the public
network.
z VLAN 20 of Customer A and Customer C can intercommunicate across VLAN 2000 on the public
network.
z Frames of the VLANs other than VLAN 20 of Customer A can be forwarded to Customer D across
VLAN 3000 on the public network.

Network diagram

Figure 1-4 Network diagram for QinQ configuration

Customer A Customer D

VLAN 10, VLAN 20

GE2/0/1 GE2/0/3
GE2/0/3 Public network GE2/0/1
Provider A VLAN 1000/2000/3000 Provider B
TPID=0x8200
GE2/0/2 GE2/0/2

VLAN 10 VLAN 20

Customer B Customer C

Configuration procedure

With this configuration, the user must allow the QinQ packets to pass between the devices of the
service providers.

1) Configuration on Provider A
# Enter system view.

1-9
<ProviderA> system-view
z Configuration on GigabitEthernet 2/0/1
# Configure the port as a hybrid port permitting frames of VLAN 1000, VLAN 2000, and VLAN 3000 to
pass through with the outer VLAN tag removed.
[ProviderA] interface gigabitethernet 2/0/1
[ProviderA-GigabitEthernet2/0/1] port link-type hybrid
[ProviderA-GigabitEthernet2/0/1] port hybrid vlan 1000 2000 3000 untagged

# Configure VLAN 3000 as the default VLAN of GigabitEthernet 2/0/1, and enable basic QinQ on
GigabitEthernet 2/0/1. As a result, the frames received on the port are tagged with the outer VLAN tag
3000.
[ProviderA-GigabitEthernet2/0/1] port hybrid pvid vlan 3000
[ProviderA-GigabitEthernet2/0/1] qinq enable
[ProviderA-GigabitEthernet2/0/1] quit

# Create a class A10 to match frames of VLAN 10 of Customer A.

[ProviderA] traffic classifier A10
[ProviderA-classifier-A10] if-match customer-vlan-id 10
[ProviderA-classifier-A10] quit

# Create a traffic behavior P1000 and configure the action of tagging frames with the outer VLAN tag
1000 for the traffic behavior.
[ProviderA] traffic behavior P1000
[ProviderA-behavior-P1000] nest top-most vlan-id 1000
[ProviderA-behavior-P1000] quit

# Create a class A20 to match frames of VLAN 20 of Customer A.

[ProviderA] traffic classifier A20
[ProviderA-classifier-A20] if-match customer-vlan-id 20
[ProviderA-classifier-A20] quit

# Create a traffic behavior P2000 and configure the action of tagging frames with the outer VLAN tag
2000 for the traffic behavior.
[ProviderA] traffic behavior P2000
[ProviderA-behavior-P2000] nest top-most vlan-id 2000
[ProviderA-behavior-P2000] quit

# Create a QoS policy qinq. Associate the class A10 with the traffic behavior P1000, and associate the
class A20 with the traffic behavior P2000 in the QoS policy qinq.
[ProviderA] qos policy qinq
[ProviderA-qospolicy-qinq] classifier A10 behavior P1000
[ProviderA-qospolicy-qinq] classifier A20 behavior P2000
[ProviderA-qospolicy-qinq] quit

# Apply the QoS policy qinq in the inbound direction of GigabitEthernet 2/0/1.
[ProviderA] interface GigabitEthernet 2/0/1
[ProviderA-GigabitEthernet2/0/1] qos apply policy qinq inbound
z Configuration on GigabitEthernet 2/0/2
# Configure VLAN 1000 as the default VLAN.
[ProviderA] interface gigabitethernet 2/0/2

1-10
[ProviderA-GigabitEthernet2/0/2] port access vlan 1000

# Enable basic QinQ. Tag frames from VLAN 10 with the outer VLAN tag 1000.
[ProviderA-GigabitEthernet2/0/2] qinq enable
[ProviderA-GigabitEthernet2/0/2] quit
z Configuration on GigabitEthernet 2/0/3.
# Configure the port as a trunk port, and permit frames of VLAN 1000, VLAN 2000 and VLAN 3000 to
pass.
[ProviderA] interface gigabitethernet 2/0/3
[ProviderA-GigabitEthernet2/0/3] port link-type trunk
[ProviderA-GigabitEthernet2/0/3] port trunk permit vlan 1000 2000 3000

# To enable interoperability with the third-party devices in the public network, set the TPID of the service
provider network VLAN tags to 0x8200. Therefore, the port tags the frames with the outer VLAN tag
whose TPID is 0x8200.
[ProviderA-GigabitEthernet2/0/3] qinq ethernet-type service-tag 8200
2) Configuration on Provider B
z Configuration on GigabitEthernet 2/0/1
# Configure the port as a trunk port, and permit frames of VLAN 1000, VLAN 2000 and VLAN 3000 to
pass.
<ProviderB> system-view
[ProviderB] interface gigabitethernet 2/0/1
[ProviderB-GigabitEthernet2/0/1] port link-type trunk
[ProviderB-GigabitEthernet2/0/1] port trunk permit vlan 1000 2000 3000

# To enable interoperability with the third-party devices in the public network, set the TPID of the service
provider network VLAN tags to 0x8200. Therefore, the port tags the received frames with the outer
VLAN tag whose TPID is 0x8200.
[ProviderB-GigabitEthernet2/0/1] qinq ethernet-type service-tag 8200
[ProviderB-GigabitEthernet2/0/1] quit
z Configuration on GigabitEthernet 2/0/2
# Configure VLAN 2000 as the default VLAN.
[ProviderB] interface GigabitEthernet 2/0/2
[ProviderB-GigabitEthernet2/0/2] port access vlan 2000

# Enable basic QinQ. Tag frames from VLAN 20 with the outer VLAN tag 2000.
[ProviderB-GigabitEthernet2/0/2] qinq enable
[ProviderB-GigabitEthernet2/0/2] quit
z Configuration on GigabitEthernet 2/0/3
# Configure VLAN 3000 as the default VLAN.
[ProviderB] interface GigabitEthernet 2/0/3
[ProviderB-GigabitEthernet2/0/3] port access vlan 3000

# Enable basic QinQ to tag frames of all customer VLANs with the outer VLAN tag 3000.
[ProviderB-GigabitEthernet2/0/3] qinq enable
3) Configuration on devices on the public network
As third-party devices are deployed between Provider A and Provider B, what we discuss here is only
the basic configuration that should be made on the devices. Configure that device connecting with

1-11
GigabitEthernet 2/0/3 of Provider A and the device connecting with GigabitEthernet 2/0/1 of Provider B
so that their corresponding ports send tagged frames of VLAN 1000, VLAN 2000 and VLAN 3000. The
configuration steps are omitted here.

1-12