Subscribe via RSS Feed Connect on Google Plus Connect on LinkedIn
1 Star2 Stars3 Stars4 Stars5 Stars (2 votes, average: 4,50 out of 5)
Loading...Loading...

Q-in-Q

21 de setembro de 2013 0 Comments
ShareTweet about this on TwitterShare on TumblrShare on LinkedInShare on Google+Share on FacebookPin on PinterestEmail this to someonePrint this page

Também conhecido como pelo padrão IEEE 802.1ad, o Q-in-Q, como o próprio nome já diz, é 802.1q em cima de 802.1q. A figura abaixo ilustra bem onde é inserido o novo campo de tag no frame Ethernet.


O Q-in-Q permite o uso de um número maior de vlans (4096×4096=16777216).
Para os provedores de serviços essa funcionalidade é muito útil pois com ela é possível ter uma vlan para cada cliente e dentro desta vlan o cliente pode usar todas as suas vlans (de 1 a 4094) sem interferir com o outro cliente ou com provedor de serviço. Essa vlan, que é definida para o cliente, chamamos de “tunnel port” como ilustra a figura abaixo.


O segundo tag é inserido na porta do cliente no “ingress” e retirado na outra ponta no “egress” da porta do cliente. Links entre “802.1q trunk” e “tunnel ports (double tagging) são chamados de “asymmetric link”.

Vlans de clientes que usam protocolos que usam PDUs (Layer 2 protocol data units), ex. CDP, STP ou VTP, precisam que seja habilitado o L2 Protocol Tunneling no provedor de serviços para que seja transportado esses PDUs para o outro site do cliente.

Para o Q-in-Q funcionar também é necessário aumentar o tamanho do frame para no mínimo 1526 bytes (pacote ip = 1500 bytes + ethernet header = 18 bytes + 802.1q = 4 + 802.1q = 4 bytes).

 

Estudo de caso

ClienteX precisa que suas vlans de 1 a 900 sejam extendidas do Site1 para o Site2. 

ClienteY precisa que suas vlans de 1 a 1500 sejam extendidas do Site1 para o Site2.

ISP precisa transportar as vlans dos clientes de forma independente em um único link. 

 

 

Configuração (Juniper JUNOS)

A configuração da porta do ClienteX e ClienteY, ge-0/0/0 e ge-0/0/1 respectivamente,  é um trunk 802.1q normal, ou seja, não há nenhuma configuração de Q-in-Q na ponta do Cliente. 

 

ISP-SW1


Configuração da interface

set interfaces ge-0/0/41 description clienteX
set interfaces ge-0/0/41 mtu 9198
set interfaces ge-0/0/41 unit 0 family ethernet-switching

set interfaces ge-0/0/42 description clienteY
set interfaces ge-0/0/42 mtu 9198
set interfaces ge-0/0/42 unit 0 family ethernet-switching


Configuração da Vlan definida para o Cliente e Vlans do Cliente que serão tuneladas em cima desta vlan


set vlans vlan1001 description clienteX
set vlans vlan1001 vlan-id 1001
set vlans vlan1001 interface ge-0/0/41.0
set vlans vlan1001 dot1q-tunneling customer-vlans 1-4094
set vlans vlan1001 dot1q-tunneling customer-vlans native


set vlans vlan1002 description clienteY
set vlans vlan1002 vlan-id 1002
set vlans vlan1002 interface ge-0/0/42.0
set vlans vlan1002 dot1q-tunneling customer-vlans 1-4094
set vlans vlan1002 dot1q-tunneling customer-vlans native

set vlans vlan2001 description nativa-isp-sw1-sw2
set vlans vlan2001 vlan-id 2001


Configuração da interface trunk com as vlans do ISP entre o ISP-SW1 e ISP-SW2


set interfaces ge-0/0/47 description ISP-SW2
set interfaces ge-0/0/47 mtu 9198
set interfaces ge-0/0/47 unit 0 family ethernet-switching port-mode trunk
set interfaces ge-0/0/47 unit 0 family ethernet-switching vlan members vlan1001
set interfaces ge-0/0/47 unit 0 family ethernet-switching vlan members vlan1002

set interfaces ge-0/0/47 unit 0 family ethernet-switching native-vlan-id 2001

 


ISP-SW2


Configuração da interface

set interfaces ge-0/0/47 description ISP-SW1
set interfaces ge-0/0/47 mtu 9198
set interfaces ge-0/0/47 unit 0 family ethernet-switching

set interfaces ge-0/0/46 description ISP-SW3
set interfaces ge-0/0/46 mtu 9198
set interfaces ge-0/0/46 unit 0 family ethernet-switching


Configuração da Vlans L2


set vlans vlan1001 description clienteX
set vlans vlan1001 vlan-id 1001


set vlans vlan1002 description clienteY
set vlans vlan1002 vlan-id 1002

set vlans vlan2001 description nativa-isp-sw1-sw2
set vlans vlan2001 vlan-id 2001

set vlans vlan2002 description nativa-isp-sw2-sw3
set vlans vlan2002 vlan-id 2002

 

Configuração da interface trunk com as vlans do ISP entre os switches do ISP. Colocamos três switches propositalmente na topologia. Notem que não há e nem é necessária configuração alguma de tunel q-in-q no switch que está no meio da topologia! 


set interfaces ge-0/0/47 description ISP-SW1
set interfaces ge-0/0/47 mtu 9198
set interfaces ge-0/0/47 unit 0 family ethernet-switching port-mode trunk
set interfaces ge-0/0/47 unit 0 family ethernet-switching vlan members vlan1001
set interfaces ge-0/0/47 unit 0 family ethernet-switching vlan members vlan1002
set interfaces ge-0/0/47 unit 0 family ethernet-switching native-vlan-id 2001

set interfaces ge-0/0/46 description ISP-SW3
set interfaces ge-0/0/46 mtu 9198
set interfaces ge-0/0/46 unit 0 family ethernet-switching port-mode trunk
set interfaces ge-0/0/46 unit 0 family ethernet-switching vlan members vlan1001
set interfaces ge-0/0/46 unit 0 family ethernet-switching vlan members vlan1002
set interfaces ge-0/0/47 unit 0 family ethernet-switching native-vlan-id 2002

 

ISP-SW3


Configuração da interface

set interfaces ge-0/0/41 description clienteX
set interfaces ge-0/0/41 mtu 9198
set interfaces ge-0/0/41 unit 0 family ethernet-switching

set interfaces ge-0/0/42 description clienteY
set interfaces ge-0/0/42 mtu 9198
set interfaces ge-0/0/42 unit 0 family ethernet-switching


Configuração da Vlan definida para o Cliente e Vlans do Cliente que serão tuneladas em cima desta vlan


set vlans vlan1001 description clienteX
set vlans vlan1001 vlan-id 1001
set vlans vlan1001 interface ge-0/0/41.0
set vlans vlan1001 dot1q-tunneling customer-vlans 1-4094
set vlans vlan1001 dot1q-tunneling customer-vlans native


set vlans vlan1002 description clienteY
set vlans vlan1002 vlan-id 1002
set vlans vlan1002 interface ge-0/0/42.0
set vlans vlan1002 dot1q-tunneling customer-vlans 1-4094
set vlans vlan1002 dot1q-tunneling customer-vlans native


set vlans vlan2002 description nativa-isp-sw2-sw3
set vlans vlan2002 vlan-id 2002

 

Configuração da interface trunk com as vlans do ISP entre o ISP-SW1 e ISP-SW2


set interfaces ge-0/0/46 description ISP-SW2
set interfaces ge-0/0/46 mtu 9198
set interfaces ge-0/0/46 unit 0 family ethernet-switching port-mode trunk
set interfaces ge-0/0/46 unit 0 family ethernet-switching vlan members vlan1001
set interfaces ge-0/0/46 unit 0 family ethernet-switching vlan members vlan1002

set interfaces ge-0/0/46 unit 0 family ethernet-switching native-vlan-id 2002

 

Comandos de verificação

isp-netadm> show vlans vlan1001 extensive 
VLAN: vlan1001, Created at: Wed Jul 20 20:01:30 2011
802.1Q Tag: 1001, Internal index: 57, Admin State: Enabled, Origin: Static
Description: clienteX
Dot1q Tunneling status: Enabled
Customer VLAN ranges:
      0-0
      1-4094

Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 1 (Active = 1), Untagged  1 (Active = 1)
      ge-0/0/47.0*, tagged, trunk
      ge-0/0/41.0*, untagged, access

 

 

isp-netadm> show ethernet-switching interfaces ge-0/0/41 detail     
Interface: ge-0/0/41.0, Index: 68, State: up, Port mode: Access
Ether type for the interface: 0x8100
VLAN membership:
    vlan1001, 802.1Q Tag: 1001, dot1q-tunneled, untagged, msti-id: 0, unblocked
Number of MACs learned on IFL: 2

 

Tunelando PDUs

 

Por default, nos equipamentos Junipers, não são tunelados PDUs. O comando abaixo habilita o tunelamento de PDUs:

isp-netadm# set vlans vlan1001 dot1q-tunneling layer2-protocol-tunneling ?
Possible completions:
  802.1x               Tunnel 802.1X PDUs
  802.3ah              Tunnel 802.3AH (Ethernet Link OAM) PDUs
  all                  Tunnel all layer-2 protocol PDUs
+ apply-groups         Groups from which to inherit configuration data
+ apply-groups-except  Don't inherit configuration data from these groups
  cdp                  Tunnel CDP PDUs
  e-lmi                Tunnel E-LMI PDUs
  gvrp                 Tunnel GVRP PDUs
  lacp                 Tunnel LACP PDUs
  lldp                 Tunnel LLDP PDUs
  mmrp                 Tunnel MMRP PDUs
  mvrp                 Tunnel MVRP PDUs
  stp                  Tunnel STP PDUs
  vstp                 Tunnel VSTP PDUs
  vtp                  Tunnel VTP PDUs
{master:0}[edit]

 

 

Referências:

http://www.cisco.com/en/US/products/hw/switches/ps663/products_tech_note09186a00801350c8.shtml#topic2
http://www.juniper.net/techpubs/en_US/junos11.1/topics/example/l2pt-ex-series.html#jd0e210
http://packetlife.net/blog/2008/jul/2/layer-two-protocol-tunneling/
http://www.juniper.net/techpubs/software/junos/junos92/swconfig-routing/configuring-layer-2-protocol-tunneling.html
http://en.wikipedia.org/wiki/IEEE_802.1ad
http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_25_see/configuration/guide/swtunnel.html#wp1001068

 

Seu ip é:
54.81.88.93

ShareTweet about this on TwitterShare on TumblrShare on LinkedInShare on Google+Share on FacebookPin on PinterestEmail this to someonePrint this page

About the Author:

O autor trabalha com tecnologia de redes há 13 anos, participa de congressos no Brasil e no mundo, e contribui para melhoria de protocolos e sistemas com fabricantes de equipamentos de rede.