How to Handle Q-in-Q Packets in Maps
The Q-in-Q packets in maps are handled as follows:
-
For traffic that matches the map pass rule shown in the following figure, Q-in-Q packets of TPID ethertype 0x8100, 0x88A8, and 0x9100 are passed.
-
For traffic that matches the map drop rule shown in the following figure, Q-in-Q packets of TPID ethertype 0x8100, 0x88A8, and 0x9100 are dropped.
You do not specify TPID EtherTypes 0x8100, 0x88A8, and 0x9100 explicitly in a rule. If you specify these values in the Value field an EtherType rule, the map is blocked and one of the following error messages is displayed:
Invalid ethertype : '0x8100'. Please use attribute 'vlan' instead.
Invalid ethertype : '0x88A8'. Please use attribute 'vlan' instead.
Invalid ethertype : '0x9100'. Please use attribute 'vlan' instead.
Note: The Value field accepts values with out the leading 0x only.
In summary, for single-tagged (0x8100) or double-tagged (0x88A8 and 0x9100) VLAN packets, you only configure the VLAN as the matching criteria, not the ethertype.
For handling of priority tagged packets, refer to Priority Tagged Packets.
For filtering of Q-in-Q packets on inner VLAN tag, refer to Flow Mapping® on Inner VLAN Tags.
Comparison of Q-in-Q Tagging
The following table details the various combinations and corresponding behaviors depending on the packet content:
Packet Content |
Rule: pass vlan 100 |
Rule: pass ethertype 0x0800 |
Rule: pass vlan 100 ethertype 0x0800 |
No tags, ethertype 0800 |
drop |
pass |
drop |
One tag: TPID 8100, VID 100, ethertype 0800 |
pass |
pass |
pass |
One tag: TPID 9100, VID 100, ethertype 0800 |
pass |
pass |
pass |
One tag: TPID 88a8, VID 100, ethertype 0800 |
pass |
pass |
pass |
Two tags: outer TPID 8100 VID 100, inner TPID 8100 VID 200, ethertype 0800 |
pass |
pass |
pass |
Two tags: outer TPID 9100 VID 100, inner TPID 8100 VID 200, ethertype 0800 |
pass |
pass |
pass |
Two tags: outer TPID 88a8 VID 100, inner TPID 8100 VID 200, ethertype 0800 |
pass |
pass |
pass |
Two tags: outer TPID 8100 VID 200, inner TPID 8100 VID 100, ethertype 0800 |
drop |
pass |
drop |
Two tags: outer TPID 8100 VID 200, inner TPID 88a8 VID 100, ethertype 0800 |
drop |
drop |
drop |
Two tags: outer TPID 88a8 VID 200, inner TPID 8100 VID 100, ethertype 0800 |
drop |
pass |
drop |
Two tags: outer TPID 8100 VID 100, inner TPID 88a8 VID 100, ethertype 0800 |
pass |
drop |
drop |
Two tags: outer TPID 8100 VID 100, inner TPID 9100 VID 100, ethertype 0800 |
pass |
drop |
drop |
Priority Tagged Packets
Priority tagged packets are handled by the GigaVUE node. These packets have a user priority of 0 to 7 in the packet. Single tagged packets or double tagged packets with a VLAN ID of zero or a non-zero value will be sent accordingly to the tool ports.
Flow Mapping® on Inner VLAN Tags
Flow mapping on inner VLAN tags is supported for filtering on Q-in-Q traffic.
- For packets that have both an inner and an outer VLAN tag, the outer tag is detected when the ethertype is 0x8100, 0x88A8, or 0x9100. The inner tag is detected only when the ethertype is 0x8100.
- If the inner VLAN tag ethertype is not 0x8100, then further encapsulations are not detected.
To specify an inner VLAN tag:
- Add a new map rule (pass or drop) of type Inner VLAN.
- Select a VLAN (Min) or a range of VLANs (Min and Max). Subset, even or odd, is optional.
The inner VLAN range is supported with any other qualifier with a range, such as VLAN or portsrc.
Note: There is no filtering after the two VLAN tags (inner and outer).
Filtering on inner VLAN uses application filter resources. To track resource usage, go to Chassis > Quick Port Editor for a particular box ID, card and slot.
Each map rule uses a number of entries. A single inner VLAN uses one entry per map rule. A range of inner VLANs uses two or more entries per map rule. For the same map source, identical inner VLAN or inner VLAN range spread across different rules will consume the same map rule resources.
A maximum of 454 application filter resource entries is available if no other application filters are using resources. The number of entries in the output of Application Filter Resources might be impacted by the other applications listed, such as GSD or Discovery.
The application filter resources are as follows:
GSD—for GigaSMART tunnels |
Map Src—for network port source local to the node or slot (one entry per unique network port source). Note that 50 is always reserved per node or slot. |
Map Rule—for each inner VLAN rule |
Discovery—for LLDP/CDP |
The following GigaVUE nodes have a maximum limit of 454 entries (the limit of 504 minus the 50 reserved):
GigaVUE TA Series—per node |
GigaVUE‑HC1—per node |
GigaVUE‑HC2—per node |
GigaVUE‑HC3—per slot |
Inner VLAN Limitation
Overlapped inner VLAN range is not supported within a map or set of maps that has the same network source. An identical VLAN range (and values) is supported.
For example, the following two rules are not supported because the inner VLAN range overlaps:
Rule1: rule add pass inner-vlan 100 portsrc 1000 |
Rule2: rule add pass inner-vlan 100..110 portsrc 1100 |
To overcome this, specify the rules as follows:
Rule1: rule add pass inner-vlan 100 portsrc 1000 |
Rule2: rule add pass inner-vlan 100 portsrc 1100 |
Rule3: rule add pass inner-vlan 101..110 portsrc 1100 |
Note: You cannot use map rule editing to change an existing inner VLAN range to a range that overlaps with the original range. To edit an inner VLAN range, delete the rule and create a new rule with the new range.