if I have 2 routers, with a cable in between them. and this cable is an access port, could I use qinq to pass vlan through the port? Currently I am using eoip over the interface added to a bridge. But this is a local link, 1gb ptp fiber, its only in the access mode. is there any other option than using a vpn here?
i have 7 interfaces all with any vlan (trunking/no vlan filtering) and an additional port with only untagged (no vlan). would i just need to set the service tag and add this access port to the bridge (volia qinq) ?? if i change the ether type, what effect will this have on the already trunking ports ? effectively i would like to use this access port as s trunkng port, is that posisble ?
Are there multiple VLANs on the bridges currently interconnected using EoIP? If yes, it indeed does make sense to use an additional VLAN tag instead of EoIP, as that requires less overhead than EoIP both byte-wise and CPU-wise. If the “access” ports of the routers that are interconnected using the dark fiber are not member ports of any bridge, the following will be enough: /interface vlan add interface=etherX vlan-id=1234 use-service-tag=yes name=etherX.S1234
/interface bridge port remove [find where interface=eoipX]
/interface bridge port add bridge=bridgeY interface=etherX.S1234
But you may also create yet another C-VLAN on the bridge for the data that currently flow tagless across the fiber, and make the fiber-facing interfaces untagged members of that new VLAN and tagged members of all the other VLANs, saving even the 4 bytes of the S-VLAN tag.
thanks for the reply. Yes, and I have 2 RB4011iGS+ specifically for this link.
All of the ports on these 2 devices are trunking (bridging w/no vlan filter) with the exception of just 1 port, which is the in access mode. this port comes from a service provider: its a dedicated ptp link with jumbo framing. As a result of the access mode port, I have effectively only swapped it with eoip which allows bridging the vlans, but exactly as you state, due to cpu use (20% at 200mb) I was looking for another option, which im suspecting is really only qinq?
from your reply, your still using the vlan tagging that i cant. i need vlan 1-4096 to be vlan 1-4096 on both side of the access mode port without using vlans in between (hence the use of eoip here, eoip makes the link over the access mode port and then this eoip port bridges the vlans on either side).
do i simply just enable the service tag on this access mode port, add it too the bridge, and volia qinq is now enabled for that specific port ?
Sorry, I did not understand from your OP that the link between the two 4011 was an active one, i.e. that the two 4011s are not connected just by dark fiber but there is some other equipment between them. If so, it depends on your contract with the service provider what type of traffic you can send through it, as in the best case they filter frames with “wrong” ethertype on ingress and in the worst case your S-VLAN tagged frames would get forwarded to some other customer. So rather than blindly trying, talk to the service provider about what kinds of traffic they accept. QinQ is VLAN tagging, the only difference is that the first VLAN tag is followed by another one, and that the first one may be an S one (so the proper name would actually b Q-in-ad).
If they do not accept 0x88a8 ethertype, you have to stay with L2 tunneling via L3 as you do now. If you run RouterOS 7, you can try VxLAN instead of EoIP, but I don’t think the CPU load will change significantly. And even if the QinQ way was possible, adding&stripping the S-VLAN tag would still be handled by CPU, so even in such case expect the CPU load to decrease at most by a few tens of percent as compared to the current EoIP state.
thanks a lot for your help, i think i see what ive misunderstood; i wasnt thinking of qinq as an extension to the vlan, rather, i was considering it more like a vpn. loosely put, the qinq is my feature in vlanning and not yours (if you are a client to me i can allow you to trunk). In my case, i am the client and the qinq is then for the service provider, and this is why all of the documentation references the use of the vlan when enabling it. im confused simply because i dont have a tag (access mode), but here the provider will have. i wasnt thinking of the provider, im thinking qinq will replace and act just like eoip, but this is not what the ‘q’ in the q is.
The ptp itself is a long winded story, it was supposed to be a trunk, but never worked out that way; a rushed install, with eoip over big mtu as the failsafe. i will ultimately speak with the operator to see if we can have it corrected. thanks again.
I’m pretty sure that if your ISP is skilled enough, they can provide you an MPLS path between your branches instead of VLAN, so you can just have direct L2 over their routers with full MTU (correct me, I may be wrong).