QinQ basics, VLAN double-layer TAG, learn in one minute

1. Introduction to QinQ

The VLAN ID field defined by IEEE 802.1Q has 12 bits, which can provide up to 4094 VLANs. However, in practical applications, especially in metropolitan area networks, a large number of VLANs are needed to isolate users, and 4094 VLANs are far from meeting the demand. QinQ enables the entire network to provide up to 4094×4094 VLANs, meeting the metropolitan area network's demand for the number of VLANs.

QinQ is the abbreviation of 802.1Q in 802.1Q, which is a relatively simple Layer 2 VPN protocol based on IEEE 802.1Q technology.

By encapsulating a layer of VLAN Tag into the private network message, it carries two layers of VLAN Tags and passes through the operator's backbone network (also known as the public network), allowing the operator to use one VLAN to provide services for user networks containing multiple VLANs.

QinQ has the following advantages:

• Alleviate the problem of increasingly scarce public network VLAN resources.
• Users can plan their own private network VLAN without causing conflicts with public network VLAN.
• Provides users with a simple and flexible Layer 2 VPN solution.
• When the operator is planning VLAN, the user network does not need to change the original configuration, making the user network highly independent.

2. Working Principle of QinQ

QinQ packets are transmitted in the carrier network with double VLAN tags:

• Inner VLAN Tag: It is the user's private network VLAN Tag, Customer VLAN Tag (CVLAN for short). The device relies on this tag to transmit messages in the private network.
• Outer VLAN Tag: It is the public network VLAN Tag assigned by the operator to the user, Service VLAN Tag (SVLAN for short). The device relies on this Tag to transmit QinQ packets in the public network.

During the transmission process on the public network, the device only forwards the message according to the outer VLAN Tag, and the inner VLAN Tag will be transmitted as the data part of the message.

3. QinQ Network Topology

The private VLANs of user networks A and B are VLAN 1 to 10 and VLAN 1 to 20 respectively. The public VLANs allocated by the operator to user networks A and B are VLAN 3 and VLAN 4 respectively.

• When the packets with private network VLAN tags in user networks A and B enter the operator network, the public network VLAN tags of VLAN 3 and VLAN 4 will be encapsulated on the outside of the packets respectively.
• Messages from different user networks are isolated when transmitted in the operator network. Even if the VLAN ranges of these user networks overlap, no conflict will occur when transmitted in the operator network because the public network VLANs assigned to them are different.
• When the message passes through the operator network and reaches the PE (Provider Edge) device on the other side of the operator network, the message is stripped of the public network VLAN Tag and then transmitted to the CE (Customer Edge) device of the user network.

How QinQ is implemented

When the QinQ function is configured on a port, the device will add the default VLAN tag of the port to the message, regardless of whether the message received from the port has a VLAN tag or not:

• If the received message is a message with a VLAN tag, the message becomes a message with two layers of tags;
• If a message without a VLAN Tag is received, the message becomes a message with the default VLAN Tag of this port.