华为Qinq实例
QINQ能够实现私网VLAN透传到公网,达到二层***的应用效果,同时保证用户原有的VLAN功能与特性。用户可以规划自己私网VLAN> QINQ的基本思想是在基于802.1Q封装的报文的Tag前再加上一个Tag以增加Tag数量或以前一个Tag来区分隧道(用户)的一种形象化的称呼。HUAWEI称为VLAN ***,Cisco称为802.1Q Tunneling。但总的思想都是将用户私网VLAN TAG封装在公网VLAN TAG中,报文带着两层TAG穿越服务商的骨干网络,从而为用户提供一种较为简单的二层***隧道上。QINQ的优点:
1.QINQ可以简单认为是报文携带了两层802.1QTag。
2.QINQ技术的出现让运营商可以以较低成本为客户提供二层***。QINQ完全在运营商网络上实施,用户对QINQ不感知。
3.在运营商网络中的报文,内层Tag为客户私有VLAN标识,外层Tag为运营商分配给客户的VLAN。客户可以独立规划自己的VLANID,运营商网络的变化不影响客户网络。
4.QINQ不需要单独的信令协议,只需要静态配置,简洁稳定。
5.QINQ 扩展了VLAN资源,为运营商按VLAN 区分接入用户提供了可能。
实验拓扑:
灵活QINQ
1、6509上联配置及测试环境搭建
6509与9303的互联端口
interfaceGigabitEthernet3/11
speed nonegotiate
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 88,90
switchport mode trunk
interfaceVlan88
ip address 8.8.8.9 255.255.255.0
interfaceVlan90
ip address 9.9.9.10 255.255.255.0
2、6509接入9303_A的QINQ配置
vlan 2 /*外层 VLAN> trafficclassifier qinq-t
if-matchvlan-id 10 to 100 /* 配置报文匹配规则,即指定报文的内层VLAN> trafficbehavior qinq-t
nest top-most vlan-id 2 /*配置流行为,即指定外层封装VLAN> trafficpolicy qinq-t
> interfaceGigabitEthernet1/0/24
undo negotiation auto
port hybrid untagged vlan 2 /*拆除外层VLAN 标签,此端口类型为hybrid模式。
traffic-policy qinq-t inbound /* 将策略应用到端口
3、9303-A与9303-B的互联端口放行vlan 2
93-A
interfaceGigabitEthernet1/0/12
port link-type trunk /*互联端口必须为trunk
port trunk allow-pass vlan 2 /*放行带有外层标签的VLAN> 93-B
interfaceGigabitEthernet1/0/12
port link-type trunk /*互联端口必须为trunk
port trunk allow-pass vlan 2 /*放行带有外层标签的VLAN> 4、同理93-B 为建立流策略
vlan 2 /*外层 VLAN> trafficclassifier qinq-t
if-matchvlan-id 10 to 100 /* 配置报文匹配规则,即指定报文的内层VLAN> trafficbehavior qinq-t
nest top-most vlan-id 2 /*配置流行为,即指定外层封装VLAN> trafficpolicy qinq-t
> interfaceGigabitEthernet1/0/24
undo negotiation auto
port hybrid untagged vlan 2 /*拆除外层VLAN 标签,此端口类型为hybrid模式。
traffic-policy qinq-t inbound /* 将策略应用到端口
5、与5328互联端口配置
interfaceGigabitEthernet1/0/24
undo negotiation auto
port hybrid untagged vlan 2 /*拆除外层VLAN 标签,此端口类型为hybrid模式。
traffic-policy qinq-t inbound /* 将策略应用到端口
6、5328上联端口配置
interfaceGigabitEthernet0/0/21
port link-type trunk
port trunk allow-pass vlan 88 90
测试IP配置
interfaceVlanif88
ip address 8.8.8.8 255.255.255.0
interfaceVlanif90
ip address 9.9.9.9 255.255.255.0
测试
ping 8.8.8.9
PING 8.8.8.9: 56data bytes,press CTRL_C to break
Reply from 8.8.8.9: bytes=56 Sequence=1 ttl=255 time=1 ms
Reply from 8.8.8.9: bytes=56 Sequence=2 ttl=255 time=1 ms
Reply from 8.8.8.9: bytes=56 Sequence=3 ttl=255 time=1 ms
Reply from 8.8.8.9: bytes=56 Sequence=4 ttl=255 time=1 ms
Reply from 8.8.8.9: bytes=56 Sequence=5 ttl=255 time=1 ms
---8.8.8.9 ping statistics ---
5packet(s) transmitted
5packet(s) received
0.00% packet loss
round-trip min/avg/max = 1/1/1 ms
ping 9.9.9.10
PING 9.9.9.10: 56data bytes,press CTRL_C to break
Reply from 9.9.9.10: bytes=56 Sequence=1 ttl=255 time=1 ms
Reply from 9.9.9.10: bytes=56 Sequence=2 ttl=255 time=1 ms
Reply from 9.9.9.10: bytes=56 Sequence=3 ttl=255 time=1 ms
Reply from 9.9.9.10: bytes=56 Sequence=4 ttl=255 time=1 ms
Reply from 9.9.9.10: bytes=56 Sequence=5 ttl=255 time=1 ms
---9.9.9.10 ping statistics ---
5packet(s) transmitted
5packet(s) received
0.00% packet loss
round-trip min/avg/max = 1/1/1 ms
页:
[1]