一篇掌握高级交换技术原理与配置(三):QINQ
一、概述
随着以太网技术在网络中的大量部署,利用VLAN对用户进行隔离和标识受到很大限制。因为IEEE802.1Q中定义的VLAN Tag域只有12个比特,仅能表示4096个VLAN,无法满足城域以太网中标识大量用户的需求,于是QinQ技术应运而生。
QinQ(802.1Q-in-802.1Q)技术是一项扩展VLAN空间的技术,通过在802.1Q标签报文的基础上再增加一层802.1Q的Tag来达到扩展VLAN空间的功能,可以使私网VLAN透传公网。由于在骨干网中传递的报文有两层802.1Q Tag(一层公网Tag,一层私网Tag),即802.1Q-in-802.1Q,所以称之为QinQ协议。图为QINQ的封装格式:
QINQ的工作原理:
在公网的传输过程中,设备只根据外层VLAN Tag转发报文,并根据报文的外层VLAN Tag进行MAC地址学习,而用户的私网VLAN Tag将被当作报文的数据部分进行传输。即使私网VLAN Tag相同,也能通过公网VLAN Tag区分不同用户。
想要华为数通配套实验拓扑和配置笔记的朋友们点赞+关注,评论区留下邮箱发给你!
二、实验配置
1、实验环境: 某运营商接了公司A和公司B的网络,现需要使用qinq技术实现公司A、公司B的私有网络能够使用运营商网络互通。公司A使用灵活的qinq让内部网络的vlan 10映射为公网vlan2进行数据转发,vlan20映射为vlan3进行数据转发。公司B使用基本的qinq让内部网络所有vlan 映射为公网vlan 4进行数据转发。
2、实验目的:
掌握灵活qinq和基本qinq的配置
3、实验拓扑:
实验拓扑如图所示:
4、实验步骤
步骤1:配置公司A和公司B的私有网络,创建对应的vlan,并且接口的链路类型
S3:
[huawei]sysname s3
[s3]vlan batch 10 20
[s3]interface g0/0/2
[s3-GigabitEthernet0/0/2]port link-type access
[s3-GigabitEthernet0/0/2]port default vlan 10
[s3]interface g0/0/3
[s3-GigabitEthernet0/0/3]port link-type access
[s3-GigabitEthernet0/0/3]port default vlan 20
[s3]interface g0/0/1
[s3-GigabitEthernet0/0/1]port link-type trunk
[s3-GigabitEthernet0/0/1]port trunk allow-pass vlan 10 20
S4:
[Huawei]sysname s4
[s4]vlan batch 10 20
[s4]interface GigabitEthernet0/0/1
[s4-GigabitEthernet0/0/1] port link-type trunk
[s4-GigabitEthernet0/0/1] port trunk allow-pass vlan 10 20
[s4-GigabitEthernet0/0/1]interface GigabitEthernet0/0/2
[s4-GigabitEthernet0/0/2] port link-type access
[s4-GigabitEthernet0/0/2] port default vlan 10
[s4-GigabitEthernet0/0/2]interface GigabitEthernet0/0/3
[s4-GigabitEthernet0/0/3] port link-type access
[s4-GigabitEthernet0/0/3] port default vlan 20
S5:
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname s5
[s5]vlan 10
[s5]interface g0/0/2
[s5-GigabitEthernet0/0/2]port link-type access
[s5-GigabitEthernet0/0/2]port default vlan 10
[s5]interface g0/0/1
[s5-GigabitEthernet0/0/1]port link-type trunk
[s5-GigabitEthernet0/0/1]port trunk allow-pass vlan 10
S6:
[s6]interface GigabitEthernet0/0/1
[s6-GigabitEthernet0/0/1] port link-type trunk
[s6-GigabitEthernet0/0/1] port trunk allow-pass vlan 10
[s6-GigabitEthernet0/0/1]interface GigabitEthernet0/0/2
[s6-GigabitEthernet0/0/2] port link-type access
[s6-GigabitEthernet0/0/2] port default vlan 10
想要华为数通配套实验拓扑和配置笔记的朋友们点赞+关注,评论区留下邮箱发给你!
步骤2:在公网设备配置公网vlan,并且配置qinq
S1:
[Huawei]sysname s1
[s1]vlan batch 2 3 4
[s1]interface g0/0/1
[s1-GigabitEthernet0/0/1]port link-type hybrid
[s1-GigabitEthernet0/0/1]port hybrid untagged vlan 2 3
[s1-GigabitEthernet0/0/1]qinq vlan-translation enable
[s1-GigabitEthernet0/0/1]port vlan-stacking vlan 10 stack-vlan 2
[s1-GigabitEthernet0/0/1]port vlan-stacking vlan 20 stack-vlan 3
[s1]interface g0/0/3
[s1-GigabitEthernet0/0/3]port link-type dot1q-tunnel
[s1-GigabitEthernet0/0/3]port default vlan 4
S2:
[s2]interface g0/0/2
[s2-GigabitEthernet0/0/2]port link-type hybrid
[s2-GigabitEthernet0/0/2]port hybrid untagged vlan 2 3
[s2-GigabitEthernet0/0/2]qinq vlan-translation enable
[s2-GigabitEthernet0/0/2]port vlan-stacking vlan 10 stack-vlan 2
[s2-GigabitEthernet0/0/2]port vlan-stacking vlan 20 stack-vlan 3
[s2]interface g0/0/3
[s2-GigabitEthernet0/0/3]port link-type dot1q-tunnel
[s2-GigabitEthernet0/0/3]port default vlan 4
步骤3:配置公网设备互联端口的链路类型,放行公网vlan流量通过
S1:
[s1]interface g0/0/2
[s1-GigabitEthernet0/0/2]port link-type trunk
[s1-GigabitEthernet0/0/2]port trunk allow-pass vlan 2 3 4
S2:
[s2]interface g0/0/1
[s2-GigabitEthernet0/0/1]port link-type trunk
[s2-GigabitEthernet0/0/1]port trunk allow-pass vlan 2 3 4
测试PC1和PC2 、PC5和PC6、PC3和PC4的连通性,并且在S1的G0/0/2口抓包
PC1pingPC2
PC>ping 10.1.1.2
Ping 10.1.1.2: 32 data bytes, Press Ctrl_C to break
From 10.1.1.2: bytes=32 seq=1 ttl=128 time=125 ms
From 10.1.1.2: bytes=32 seq=2 ttl=128 time=156 ms
From 10.1.1.2: bytes=32 seq=3 ttl=128 time=109 ms
From 10.1.1.2: bytes=32 seq=4 ttl=128 time=141 ms
From 10.1.1.2: bytes=32 seq=5 ttl=128 time=125 ms
--- 10.1.1.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 109/131/156 ms
可以看到外层标签为2(公网vlan的标签)、内层标签为10(私有网络vlan的标签)
PC5pingPC6
PC>ping 10.1.1.6
Ping 10.1.1.6: 32 data bytes, Press Ctrl_C to break
From 10.1.1.6: bytes=32 seq=1 ttl=128 time=156 ms
From 10.1.1.6: bytes=32 seq=2 ttl=128 time=125 ms
From 10.1.1.6: bytes=32 seq=3 ttl=128 time=109 ms
From 10.1.1.6: bytes=32 seq=4 ttl=128 time=110 ms
From 10.1.1.6: bytes=32 seq=5 ttl=128 time=125 ms
--- 10.1.1.6 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 109/125/156 ms
通过图4-8,可以看出外层标签为3,内层标签为20 .说明灵活qinq实现了不同的私网vlan映射到不同的公网vlan上
PC3pingPC4
PC>ping 10.1.1.4
Ping 10.1.1.4: 32 data bytes, Press Ctrl_C to break
From 10.1.1.4: bytes=32 seq=1 ttl=128 time=125 ms
From 10.1.1.4: bytes=32 seq=2 ttl=128 time=109 ms
From 10.1.1.4: bytes=32 seq=3 ttl=128 time=140 ms
From 10.1.1.4: bytes=32 seq=4 ttl=128 time=109 ms
From 10.1.1.4: bytes=32 seq=5 ttl=128 time=110 ms
--- 10.1.1.4 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 109/118/140 ms
通过下图,可以看出内网标签为10,外网标签为4。说明基本qinq无论内网标签是多少,映射的外网标签都是固定同一个。
想要华为数通配套实验拓扑和配置笔记的朋友们点赞+关注,评论区留下邮箱发给你!