qinq stacking with multiple services

Unanswered Question
Jun 3rd, 2007

I am connecting a multilink site to a client. I am using qinq stacking and assigning them a vlan based off that stack. The problem come when adding another service such as Internet connectivity. I was going to assign an ip to the vlan i am using as the extra tag, but that presents a problem with possible security. If they have untagged trafic going through my stack, it will get the default vlan and present a problem. The only thing I can think of doing is having two vlans for both services:

1) to connect their sites

2) for their Internet traffic that is shared through one of their sites.

Anyone have any thoughts on if this is the way it should be done or have another opinion? Thank you!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
jbayuka Fri, 06/08/2007 - 07:07

802.1Q tunneling* (QinQ), also known as tag stacking, allows the deployment of secure TLS by building on the standard capabilities of the IEEE 802.1Q protocol (please see reference 2) that is included on all Cisco switches. In particular, 802.1Q tunneling or tag stacking enables service providers to offer "virtual private LANs" that appear as a logical wire or pipe to their customers. Although some customers use overlapping VLAN ranges, traffic remains isolated from one customer to another customer. Point-to-point and point-to-multipoint topologies are possible and easy to deploy. With the introduction of Layer 2 Protocol Tunneling (L2PT), resilient network designs can be implemented. See the following sections for more details on L2PT.

The main advantage of 802.1Q tunneling is that it enables service providers to segregate traffic from different size (enterprise, medium, or small) customers in their infrastructure, while significantly reducing the number of VLANs required to support individual customer connections. Multiple customer VLANs can be transparently carried inside a single provider VLAN configured on a Cisco Catalyst 6500 Series without losing their unique VLAN IDs. In addition, the number of VLANs required to support 802.1Q tunnels in the service provider network can be reduced significantly, while the aggregate number of available VLANs can jump from 4096 up to a theoretical maximum of more than 16 million (= 40962). By using these Layer 2 tunnels, it is possible to deliver enterprise-scale connectivity deployed on a shared infrastructure with the same security, prioritization, reliability, and manageability of a private network

jwilde Fri, 06/08/2007 - 08:31

Can you tell me what sections you are talking about? Also, my question was more in regard to services offered. I know how to segregate the traffic, but my question is to break the qinq with internet traffic. My feeling is you need to have a separate vlan for the Internet traffic vs. the network connectivity vlan.


This Discussion