Application of VLAN ID-based Selective QinQ
As shown in Figure 6-5, in a data center, tenants lease office and production service servers. Production services are transmitted in VLANs 10 to 30, and office services are transmitted in VLANs 31 to 50. Tenants are located in positions A and B, and tenant devices are connected through SwitchA and SwitchB of the core/backbone network. To ensure service security and save VLAN IDs of the core/backbone network, it is required that traffic in positions A and B be transmitted through the core/backbone network, users using the same service be allowed to communicate, and users using different services be isolated. You can configure selective QinQ to meet the requirements.
Table 6-2 shows the planning of outer VLAN IDs.
Service Name |
Range of VLAN IDs |
Outer VLAN |
|---|---|---|
Production service |
10-30 |
100 |
Office service |
31-50 |
200 |
Configure selective QinQ on SwitchA and SwitchB so that users using the same service in different branches are allowed to communicate, and users using different services are isolated.
On SwitchA, add VLAN 100 to packets that have inner VLAN IDs 10 to 30 and enter Interface1, and VLAN 200 to packets that have inner VLAN IDs 31 to 50 and enter Interface1.
On SwitchB, add VLAN 100 to packets that have inner VLAN IDs 10 to 30 and enter Interface1, and VLAN 200 to packets that have inner VLAN IDs 31 to 50 and enter Interface1.
Configure Interface2 on SwitchA and SwitchB to allow packets from VLAN 100 and VLAN 200.