VLAN Subinterfaces

VLANs enable a device to carry multiple discrete broadcast domains, allowing a single switch to function as if it were multiple switches. VLANs are commonly used for network segmentation in the same way that multiple switches can be used: To place hosts on a specific segment, isolated from other segments. Where trunking is employed between switches, devices on the same segment need not reside on the same switch. Devices that support trunking can also communicate on multiple VLANs through a single physical port.

TNSR supports VLANs primarily through subinterfaces, though a variety of VLAN tag rewriting options are available directly on interfaces (Configure Interfaces). Using subinterfaces, TNSR can send and receive VLAN tagged traffic on one or more interfaces. The device to which TNSR is connected must also tag traffic in the same way as TNSR.

TNSR also supports multiple levels of VLAN tagged subinterfaces, commonly known as QinQ or 802.1ad. This is used to transport multiple VLANs inside another VLAN-tagged outer frame. Intermediate equipment only sees the outer tag, and the receiving end can pop off the outer tag and use the multiple networks inside independently as if it had a direct layer 2 connection to those networks. In this way, providers can isolate multiple tenants on the same equipment, allowing each tenant to use whichever VLAN tags they require, or achieve other goals such as using greater than the default limit of 4096 VLANs.

Note

TNSR can forward packets it receives on a QinQ interface or route packets out a QinQ interface, but the router-plugin does not currently support QinQ so features such as ping will not work against the subinterface directly.

VLAN Subinterface Configuration

A few pieces of information are necessary to create a VLAN subinterface (“subif”):

  • The parent interface which will carry the tagged traffic, e.g. GigabitEthernet3/0/0

  • The subinterface ID number, which is a positive integer that uniquely identifies this subif on the parent interface. It is commonly set to the same value as the VLAN tag

  • The VLAN tag used by the subif to tag outgoing traffic, and to use for identifying incoming traffic bound for this subif. This is an integer in the range 1-4095, inclusive. This VLAN must also be tagged on the corresponding switch configuration for the port used by the parent interface.

Creating a VLAN Subinterface

The interface subif <parent> <subinterface id> command creates a new subif object with the given identifier. This command enters config-subif mode. That mode contains the following commands:

default

Default subinterface, will match any traffic that does not match another subinterface on the same parent interface.

untagged

This subinterface will match frames without any VLAN tags.

exact-match

Specifies whether to exactly match the VLAN ID and the number of defined VLAN IDs. When this is not set, frames with more VLAN tags will also be matched. Layer 3/routed interfaces must use exact-match, it is optional for unrouted/L2 interfaces.

dot1q (<vlan-id>|any)

The VLAN tag to match for this subinterface.

inner-dot1q (<vlan-id>|any)

An inner 802.1q VLAN tag for use with QinQ

outer-dot1ad (<vlan-id>|any)

An outer 802.1ad VLAN tag for use with QinQ

outer-dot1q (<vlan-id>|any)

An outer 802.1q VLAN tag for use with QinQ

vlan <vlan-id>

VLAN ID for tag rewriting

Note

Where multiple similar options are present, generally this is for compatibility with other equipment that requires using those specific options. Consult the documentation for the peer device to find out which options it prefers.

After creating the interface, it will be available in TNSR. The name of this interface is composed of the parent interface name and the subif id, joined by a .. For example, TenGigabitEthernet6/0/0.70.

VLAN Subinterface Examples

VLAN Example

First, create a new subif object. In this example, both the subif id and the 802.1q VLAN tag are the same, 70:

tnsr(config)# interface subif TenGigabitEthernet6/0/0 70
tnsr(config-subif)# dot1q 70
tnsr(config-subif)# exact-match
tnsr(config-subif)# exit

Upon commit, this creates a corresponding subif interface which appears with the parent interface name and the subif id, joined by a .:

tnsr(config)# interface TenGigabitEthernet6/0/0.70
tnsr(config-interface)#

At this point, it behaves identically to regular interface in that it may have an IP address, routing, and so on.

QinQ Example

This example creates a QinQ subinterface with an inner tag of 100 and an outer tag of 200. The subinterface ID number can be any arbitrary unsigned 32-bit integer, but in this case it makes the purpose more clear to have it match the outer and inner VLAN tags of the subinterface:

tnsr(config)# subif GigabitEthernet0/b/0 200100
tnsr(config-subif)# inner-dot1q 100
tnsr(config-subif)# outer-dot1q 200
tnsr(config-subif)# exit
tnsr(config)# exit