How to Handle Q-in-Q Packets in Maps

In software versions prior to 4.7, for traffic that matched the map pass rule shown in Figure 1, only Q-in-Q packets of TPID ethertype 0x8100 were passed and all tagged packets with a TPID ethertype other than 0x8100, such as 0x88A8 and 0x9100, were dropped:

Figure 38 VLAN Pass Rule

Conversely, for traffic that matched the map drop rule shown in Figure 2, only Q-in-Q packets of TPID ethertype 0x8100 were dropped:

Figure 39 VLAN Drop Rule

Starting in software version 4.7, the rules shown in Figure 1 and Figure 2 will pass (or drop) TPID ethertypes 0x8100, 0x88A8, and 0x9100.

You do not specify TPID EtherTypes 0x8100, 0x88A8, and 0x9100 explicitly in a rule. If you specify these values in the Value field an EtherType rule, the map is blocked and one of the following error messages is displayed:

Invalid ethertype : '0x8100'. Please use attribute 'vlan' instead.

Invalid ethertype : '0x88A8'. Please use attribute 'vlan' instead.

Invalid ethertype : '0x9100'. Please use attribute 'vlan' instead.

Note:  The Value field accepts values with out the leading 0x only.

In summary, for single-tagged (0x8100) or double-tagged (0x88A8 and 0x9100) VLAN packets, you only configure the VLAN as the matching criteria, not the ethertype.

For handling of priority tagged packets, refer to Priority Tagged Packets.

For filtering of Q-in-Q packets on inner VLAN tag, refer to Flow Mapping® on Inner VLAN Tags.

Upgrade Note

If you had previously defined TPID EtherTypes in the earlier software version, during an upgrade to 4.7, they will be converted (or removed) as follows:

■   In earlier software version, rules with both a TPID EtherType and VLAN such as the rules shown in Figure 3 will be converted in 4.7 to the rules shown in Figure 4 Rules Converted in version 4.7 (with the TPID EtherTypes removed from the rule).

Figure 40 Rules with both TPID EtherType and VLAN in Earlier Software Version

Figure 41 Rules Converted in version 4.7
■   In the earlier software version, rules with only a TPID EtherType Value, such as 88a8 or 9100, will be removed from the map in version 4.7.

It is recommended that you revisit your configuration after the upgrade.

Comparison of Q-in-Q Tagging

The following table details the various combinations and corresponding behaviors for software versions 4.7 and higher compared to 4.6.01 and earlier releases.

 

4.7 and Higher

4.6.01 and Earlier

Packet Content

Rule: pass vlan 100

Rule: pass ethertype 0x8000

Rule: pass vlan 100 ethertype 0x0800

Rule: pass vlan 100

Rule: pass ethertype 0x8000

Rule: pass vlan 100 ethertype 0x0800

No tags, ethertype 0800

drop

pass

drop

drop

pass

drop

One tag: TPID 8100, VID 100, ethertype 0800

pass

pass

pass

pass

pass

pass

One tag: TPID 9100, VID 100, ethertype 0800

pass

pass

pass

drop

drop

drop

One tag: TPID 88a8, VID 100, ethertype 0800

pass

pass

pass

pass

pass

pass

Two tags: outer TPID 8100 VID 100,        inner TPID 8100 VID 200, ethertype 0800

pass

pass

pass

drop

drop

drop

Two tags: outer TPID 9100 VID 100,        inner TPID 8100 VID 200, ethertype 0800

pass

pass

pass

drop

drop

drop

Two tags: outer TPID 88a8 VID 100,        inner TPID 8100 VID 200, ethertype 0800

drop

pass

drop

drop

pass

drop

Two tags: outer TPID 8100 VID 200,        inner TPID 8100 VID 100, ethertype 0800

drop

pass

drop

drop

drop

drop

Two tags: outer TPID 8100 VID 100,        inner TPID 88a8 VID 100, ethertype 0800

drop

pass

drop

drop

drop

drop

Two tags: outer TPID 88a8 VID 200,         inner TPID 8100 VID 100, ethertype 0800

drop

pass

drop

drop

drop

drop

Two tags: outer TPID 8100 VID 100,        inner TPID 88a8 VID 100, ethertype 0800

pass

drop

drop

pass

drop

drop

Two tags: outer TPID 8100 VID 100,        inner TPID 9100 VID 100, ethertype 0800

pass

drop

drop

pass

drop

drop

Priority Tagged Packets

Starting in software version 5.3, priority tagged packets are handled by the GigaVUE node. These packets have a user priority of 0 to 7 in the packet. Single tagged packets or double tagged packets with a VLAN ID of zero or a non-zero value will be sent accordingly to the tool ports.

Flow Mapping® on Inner VLAN Tags

Starting in software version 5.2, flow mapping on inner VLAN tags is supported for filtering on Q-in-Q traffic.

For packets that have both an inner and an outer VLAN tag, the outer tag is detected when the ethertype is 0x8100, 0x88A8, or 0x9100. The inner tag is detected only when the ethertype is 0x8100.

To specify an inner VLAN tag, add a new map rule (pass or drop) of type Inner VLAN.

Select a VLAN (Min) or a range of VLANs (Min and Max). Subset, even or odd, is optional.

The inner VLAN range is supported with any other qualifier with a range, such as VLAN or portsrc.

Note:  There is no filtering after the two VLAN tags (inner and outer).

Filtering on inner VLAN uses application filter resources. To track resource usage, go to Chassis > Quick Port Editor for a particular box ID, card and slot.

Each map rule uses a number of entries. A single inner VLAN uses one entry per map rule. A range of inner VLANs uses two or more entries per map rule. For the same map source leader in a bidirectional clock relationship (formerly master), identical inner VLAN or inner VLAN range spread across different rules will consume the same map rule resources.

A maximum of 454 application filter resource entries is available if no other application filters are using resources. The number of entries in the output of Application Filter Resources might be impacted by the other applications listed, such as GSD or Discovery.

The application filter resources are as follows:

■   GSD—for GigaSMART tunnels
■   Map Src—for network port source local to the node or slot (one entry per unique network port source). Note that 50 is always reserved per node or slot.
■   Map Rule—for each inner VLAN rule
■   Discovery—for LLDP/CDP

The following GigaVUE nodes have a maximum limit of 454 entries (the limit of 504 minus the 50 reserved):

■   GigaVUE TA Series—per node
■   GigaVUE‑HC1—per node
■   GigaVUE‑HC2—per node
■   GigaVUE‑HC3—per slot

Inner VLAN Limitation

Overlapped inner VLAN range is not supported within a map or set of maps that has the same network source. An identical VLAN range (and values) is supported.

For example, the following two rules are not supported because the inner VLAN range overlaps:

■   Rule1: rule add pass inner-vlan 100 portsrc 1000
■   Rule2: rule add pass inner-vlan 100..110 portsrc 1100

To overcome this, specify the rules as follows:

■   Rule1: rule add pass inner-vlan 100 portsrc 1000
■   Rule2: rule add pass inner-vlan 100 portsrc 1100
■   Rule3: rule add pass inner-vlan 101..110 portsrc 1100

Note:  You cannot use map rule editing to change an existing inner VLAN range to a range that overlaps with the original range. To edit an inner VLAN range, delete the rule and create a new rule with the new range.