SONiC was purpose built for the cloud environment where multitenancy is key. Dell Enterprise SONiC stays true to this offering by delivering Q-in-Q, one of the most user-friendly, and well-known service provider features where a service provider VLAN can be used to switch multiple end-user services.
Q-in-Q and VLAN translation allows cloud providers and service providers to support many customers or tenants inside a common fabric by isolating each tenant for security and manageability benefits.
With Q-in-Q, two VLAN IDs are used, a user or internal VLAN ID which carries a specific service and a service provider VLAN ID to switch or transmit the end-user data across the service or cloud provider network.
VLAN translation differs from Q-in-Q in that single or double tagged customer VLAN (C-VLAN) is swapped with a service provider VLAN (S-VLAN) at the ingress provider edge device. The customer traffic is then forwarded based on the service provider VLAN in the provider infrastructure.
To enable VLAN translation, VLAN stacking must be enabled first followed by a reboot on the following switches: Z9432F and S5448F. The configuration details can be found in the Dell Enterprise SONiC 4.1 Q-in-Q VLAN Tunneling chapter.
If VxLAN is used as an overlay with the service provider, the customer traffic is identified by a service provider (S-VLAN), this VLAN is then mapped to a VxLAN network identifier (VNI) and forwarded based on the VNI.
The connections from the customer edge to the provider edge switches are a Layer 2 tagged link.
The following figure shows two tenants, A, and B. Each tenant has been assigned a unique VLAN (100 = A, 200 = B). A common service provider VLAN 300 has been configured to transport both tenant's data.
In this scenario, two use cases are shown. Use case 1 has identical services such as VoIP (Voice over IP) from each tenant but remain separate. Use case 2 has two different services from each tenant (A = VoIP, B = Video) and leverage a single service provider VLAN.
The following figure shows Q-in-Q tunneling with VxLAN. In this scenario, the customer VLAN (CVLAN) is mapped to a service provider VLAN (SVLAN). The SVLAN maps to a VNI which is used inside the service provider's VxLAN infrastructure and switched across. At egress, only the customer VLAN is retained and used to reach its destination.
The following figure shows VLAN translation without VxLAN overlay. In this scenario, a single or double tagged customer VLAN (CVLAN) is mapped or translated with a service provider VLAN (SVLAN).
The customer traffic is switched within the service provider infrastructure using the service provider VLAN (SVLAN). Upon egress, the customer VLAN is reapplied and forwarded to the proper customer edge switch.
The following figure shows VLAN translation with VxLAN. In this scenario, the customer vlan (CVLAN 10) is replaced with the service provider VLAN (SVLAN 100) which is then mapped to a VxLAN VNI (VNI 200) and then forwarded within the service provider infrastructure VxLAN overlay using this VNI.
At the egress of the provider network, the VNI is then mapped back to a customer VLAN by the PE device and forwarded to the respective customer edge switch.
Deployment best practices
The following guidelines should be followed when deploying Q-in-Q and VLAN translation:
- Q-in-Q guidelines
-
- Configuration of the same S-VLAN for Q-in-Q and VLAN translation is not supported on an interface or port channel.
- Only Layer 2 traffic is supported on an S-VLAN; Layer 3 configuration is not supported.
- Spanning-Tree and IGMP snooping are not supported on an S-VLAN used for Q-in-Q tunneling.
- Only Tag Protocol Identifier (TPID) 0x8100 is supported.
- VLAN stacking must be enabled on the Z9432F and S5448F before enabling Q-in-Q. Other platforms do not require these steps.
- Customer edge switch ports connecting to the provider edge switch must be configured as trunk ports.
- VLAN Translation guidelines
-
- Configuration of the same S-VLAN for both Q-in-Q and VLAN translation is not supported on an interface or port channel.
- Configuration of an S-VLAN for more than one VLAN translation is not supported.
- Only Layer 2 traffic is supported on an S-VLAN; Layer 3 configuration is not supported.
- VLAN stacking must be enabled on the Z9432F and S5448F before enabling VLAN translation.
- Customer edge switch ports connecting to the provider edge switch must be configured as trunk ports.