[c-nsp] IEEE 802.1ad vs Cisco's Q-in-Q

Tassos Chatzithomaoglou achatz at forthnet.gr
Tue Nov 14 16:23:43 EST 2006

sthaug at nethelp.no wrote on 14/11/2006 9:39 μμ:
>> Does anybody know when (and if) is Cisco going to support the offical
>> 802.1ad?
> No idea.
>> If i understand correctly, Cisco's Q-in-Q implementation doesn't
>> support different ethertypes for inner & outer tags, which probably
>> means that Cisco switches don't care whether a frame is single or
>> double-tagged, as long as the outer ethertype is 0x8100 (or equal to
>> the one configured).
> Why would you *want* to check this? Are you sure other vendors check?

I think 802.1ad defines 0x88a8 as the prefered outer tag (different from 0x8100 of 802.1q), which 
makes it much easier for switches to know whether this is a single or a double-tagged frame.
And i think Extreme & Juniper follow this.

On the other hand, Cisco uses what i would call a "hack", since it seems to support double-tagging 
by just using the single-tagging code (checking if the ethertype is 8100).

IMHO, the best solution would be to be able to configure both inner/outer ethertypes manually.

> We have a significant installed base of Extreme switches using a non
> 8100 Ethertype for the outer tag. It's a royal PITA to use, and we're
> moving all new installations to simply using 8100 for outer and inner
> Ethertypes. Much more flexible, saves us lots of headaches. We have
> assumed from the start that the switches only look at the Ethertype
> of the outer tag, and based our network architecture on that.

That's exactly what i'm also doing (common inner/outer ethertype), but some ip dslam vendors seem to 
have problems setting them equal (although this is not 100% verified yet).

>> So, are there any performance limitations when a double-tagged frame
>> passes through a 6500 (or other switch)? What happens if the inside of
>> every frame has to be checked (because of QoS) and a double-tagged
>> frame is found? Does the switch send the double-tagged frame to the
>> cpu because it cannot recognise the protocol inside it?  -- Tassos
> As far as I know the outer tag is checked, and that's it. Nothing from
> the inner tag is checked. No performance issues with double tagged
> frames, because the switches simply inspect the outer tag and forward
> based on that.

I'm actually talking about switches which are capable of looking into the ip header. So, what 
happens if i'm using a class-map which is matching on src/dst ip and the ip packet is double-tagged?

I know that Cisco switches cannot check the ip header in double-tagged frames (that is not a problem 
for me), but don't they get "confused" when they look into single & double-tagged frames since they 
cannot differentiate them?

 From what i know, when 0x8100 is found as ethertype in a frame, the switch just looks 4 bytes after 
the tag, in order to get the frame length. But what happens if there is another tag there instead of 
the length? Do all switches know how to react in such situations?

> If you need equipment which can look at both outer and inner tag, Cisco
> will be happy to sell you GSR linecards which can do it, Juniper has the
> IQ PICs (which we use heavily), etc. You might be able to find high end
> switches which can do something sensible based on inspection of both
> outer and inner tags - but don't expect "normal" switches to do it.
> Steinar Haug, Nethelp consulting, sthaug at nethelp.no


More information about the cisco-nsp mailing list