Community discussions

MUM Europe 2020
 
taduikis
Member
Member
Topic Author
Posts: 423
Joined: Sat Jul 07, 2007 12:09 pm

CRS125 double tagging (QinQ) support

Sat Apr 04, 2015 9:26 pm

Greetings folks,

I was wondering if anyone had success with simple QinQ setups using CRS switches? When I say simple, I do not mean 802.1ad Q-in-Q implementation using Service and Customer tags, but simply double 802.1q tagging (two TPID=0x8100 headers). So the example demonstrated in MT wiki doesn't fit in this case.

Basically I have three tagged vlan's arriving on sfp1 interface (say 1001, 1002 and 1003). 1001 and 1002 need to pass remaining tagged 1001&1002 to ports ether2 and ether4 (this is done quite simply and works great), while VLAN 1003 carries multiple vlan's inside that I'd rather not configure on CRS itself, but just let it pass transparently having outer tag (1003) stripped while leaving port ether6, so I don't need to configure double tagging on router connected to this port.

Currently I have such setup using software bridge:
/interface ethernet
set [ find default-name=ether2 ] master-port=sfp1
set [ find default-name=ether4 ] master-port=sfp1

/interface vlan
add interface=sfp1 name=vlan_1003 vlan-id=1003

/interface bridge
add disabled=no name=bridge1 protocol-mode=none
/interface bridge port
add bridge=bridge1 interface=vlan_1003
add bridge=bridge1 interface=ether6
This gives me the required functionality, but I'd like wire-speed configuration with proper isolation between vlan's using switch chip features. Does anyone have some ideas or hints on this one? I had quite a few attempts to configure this one without success so far :(
 
taduikis
Member
Member
Topic Author
Posts: 423
Joined: Sat Jul 07, 2007 12:09 pm

Re: CRS125 double tagging (QinQ) support

Tue Apr 07, 2015 12:13 pm

In fact, any info on simple q-in-q double tagging with CRS would be appreciated.. And if it's even possible. I do have some D-Link L3 managed switches, that are documented quite well and are working ok in similar setups. I could use them instead, but I already have CRS125 with dual PSU in place and I'd rather keep it there.
 
mainTAP
newbie
Posts: 36
Joined: Tue Oct 02, 2012 4:01 am

Re: CRS125 double tagging (QinQ) support

Thu Apr 09, 2015 12:50 pm

+1

More information and documentation on QinQ for Cloud Router Switches would be more than welcome.

Cheers
 
taduikis
Member
Member
Topic Author
Posts: 423
Joined: Sat Jul 07, 2007 12:09 pm

Re: CRS125 double tagging (QinQ) support

Thu Apr 09, 2015 1:27 pm

Yeah. Documentation would be awesome, but simple answer if CRS can handle stacked VLAN's as I described above would be a great start for me. Currently I'm not sure if it's possible even and is it worth bothering at all.
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4051
Joined: Wed May 11, 2011 6:08 pm

Re: CRS125 double tagging (QinQ) support

Thu Apr 09, 2015 3:37 pm

I seem to recall reading in another thread that the wirespeed ethernet switch does not support q-in-q.
I imagine that it would pass through the stacked-tag frames just fine. It just can't be the edge switch that encapsulates/decapsulates the tunnel.

While you can do some really great stuff with Mikrotik and RouterOS, I pretty much limit them to router type roles. They're really not very great as a true switch if you want any switch features beyond the basics. (they don't have igmp snooping, even though there is a growing number of protesters outside MT headquarters right now, chanting IGMP Snooping! IGMP Snooping! IGMP Snooping!) :lol:

I'm sticking to Cisco/Adtran/HP/Brocade for switches, but when it comes to awesome routing, Mikrotik is definitely in my toolbox.
When given a spoon,
you should not cling to your fork.
The soup will get cold.
 
mainTAP
newbie
Posts: 36
Joined: Tue Oct 02, 2012 4:01 am

Re: CRS125 double tagging (QinQ) support

Thu Apr 09, 2015 4:10 pm

It terms of vlan tag modification / removing , it looks CRS treats .1q tags just as if there was just one and if you send stacked .1q tags to the interface you can modify / remove the outer .1q tag , also you can put an extra .1ad tag on the top.

as the frames leave a port, you can do the same , modify / remove the outer .1q tag or add/modify/remove the .1ad tag

the above can be done by ingress and egress vlan translation

so I believe your scenario should be achievable on the CRS, however :

-i still struggle to figure out how to the port to vlan assignment works in different modes ( service vlan / customer vland bridge )

it theory I believe if you add port to a VLAN :
/interface ethernet switch vlan
add ports=ether1 vlan-id=200 learn=yes
it should tag the incoming traffic with this tag ( in case of customer bridge, it should use .1q tags , and if service bridge is used, it should use .1ad tags )

if the traffic leaves the port ether1, it should strip the corresponding tag (.1q in customer bridge , .1ad in service bridge mode ).

unfortunately I cannot get this quite working and therefore I am not sure if my assumption is correct or not :(

also , in case of egress vlan translation I am struggeling to assign a new customer tag (.1q) instead it just strips off the tags from traffic with one .1q tag and leaves the traffic with two .1q tags untouched .. this seems to be a bug to me.

.. actually , testing right now and it really seems that the engress vlan translation is bugged .. I set a rule to change the .1ad tag to the value of .1q tag , ( ther is traffic with two stacked .1q vlans and one .1ad vlan coming out of the port ) this worked fine and it changed the .1ad tag to the outer .1q tag , if I remove the rule, it keeps the previous .1ad tag , however if I now change the setting of new-service tag to for instance 999 , it still keep changing the .1ad tag to the outer .1q tag's vaule ..

well , anyway .. I will try to do more testing but the switch doens't seem to be functioning quite right ..

However , if it was, i believe your scenario would be possible to implement on the CRS
 
mainTAP
newbie
Posts: 36
Joined: Tue Oct 02, 2012 4:01 am

Re: CRS125 double tagging (QinQ) support

Thu Apr 09, 2015 6:34 pm

I can confirm there is a bug with egress-vlan-translations if you try to assign a customer-tag as a new service tag, it does what it suppose to but then you cannot change it back ( it changes the config but doesn't work ).
One then have to remove the rule and create a new one to make it work.

But, you can strip the outer .1q tag and let just the inner tag leave the port. using egress-vlan-translation

Another suggestion when messing around with CRS and you cannot get the configuration to do what is intended to , then reboot the device and it might pick it up.
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4051
Joined: Wed May 11, 2011 6:08 pm

Re: CRS125 double tagging (QinQ) support

Thu Apr 09, 2015 7:03 pm

http://wiki.mikrotik.com/wiki/Manual:CR ... 8Q-in-Q.29

Here is the documentation example, using service tags.
(not the same as simple vlan tag stacking, though)
When given a spoon,
you should not cling to your fork.
The soup will get cold.
 
mainTAP
newbie
Posts: 36
Joined: Tue Oct 02, 2012 4:01 am

Re: CRS125 double tagging (QinQ) support

Thu Apr 09, 2015 7:19 pm

That example is a bit confusing, how does the switch in the middle knows what ports are assigned to what service-vlan ?

I also tried adding a port to egress-vlan-tag to attach the service tag, but nothing was attached :
/interface ethernet switch egress-vlan-tag
add tagged-ports=ether9 vlan-id=400
add tagged-ports=ether9 vlan-id=500
http://wiki.mikrotik.com/wiki/Manual:CR ... 8Q-in-Q.29

Here is the documentation example, using service tags.
(not the same as simple vlan tag stacking, though)
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4051
Joined: Wed May 11, 2011 6:08 pm

Re: CRS125 double tagging (QinQ) support

Thu Apr 09, 2015 7:32 pm

The switch in the middle doesn't see the QinQ anymore. To the middle switch, the "service" vlan is just any other regular VLAN. This traffic will be forwarded everywhere the service vlan exists and is permitted. When doing q-in-q, only the edge switches have anything special.

well - not 100% true - the middle switch needs to have at least 4 more bytes of l2mtu than a standard trunk to make room for the second 802.1q header... So a vlan sub-interface for the service vlan would need l2mtu >= 1504, (extra 4 for customer vlan tag) and the physical interface would need at least 1508. (an additional 4 to carry the service vlan tag as well)
When given a spoon,
you should not cling to your fork.
The soup will get cold.
 
taduikis
Member
Member
Topic Author
Posts: 423
Joined: Sat Jul 07, 2007 12:09 pm

Re: CRS125 double tagging (QinQ) support

Fri Apr 10, 2015 9:51 am

Sorry guys, I'm currently out of office so don't have access to the switch, and cannot try to test anything.
But, you can strip the outer .1q tag and let just the inner tag leave the port. using egress-vlan-translation
Well, this is exactly what I need. To strip the outer .1q tag (vlan-id=1003) exiting some port and leave the inner tags as they were. While at the same time having vlans 1001 and 1002 passing to some other ports..
 
manyax
just joined
Posts: 6
Joined: Fri Jun 17, 2016 12:23 pm

Re: CRS125 double tagging (QinQ) support

Tue Mar 14, 2017 3:23 pm

Hi, how have you solve this? Is it possible to do double tagging(0x8100) in the switch chip ?
 
taduikis
Member
Member
Topic Author
Posts: 423
Joined: Sat Jul 07, 2007 12:09 pm

Re: CRS125 double tagging (QinQ) support

Tue Mar 14, 2017 6:06 pm

Hi,

nop, I've ditched the CRS and used D-Link instead. Had no time for that kind of puzzle.
 
manyax
just joined
Posts: 6
Joined: Fri Jun 17, 2016 12:23 pm

Re: CRS125 double tagging (QinQ) support

Tue Mar 28, 2017 9:28 am

It can be done with CRS viewtopic.php?f=2&t=120020&p=590958#p590958.
Will you please give some examples of D-link models are you using?

Who is online

Users browsing this forum: dad2312, Egert143, gkk, svmk and 117 guests