Wednesday , April 25 2018

QinQ termination on subinterfaces to support DHCP Relay

So far you have learned basic and selective QinQ on Huawei swiches. They seem like a simple Layer 2 VPN solution, which we can use to connect 2 or more offices. And of course, it is truth.

But, sometimes, we want to have an access to external services or just to the Internet, instead of connecting 2 branch offices. And, still we can use QinQ technology, why not?

The only thing we should do is to terminate QinQ VLAN Tag on a router. Just create L3 subinterface and let the router to use IP routing table to forward packets.

In our LAB, I am going to show you how to terminate QinQ to use DHCP server, located outside our network. In this case DHCP Relay feature must be used.

So let’s get to the point!

QinQ termination on subinterfaces to support DHCP Relay on Huawei

Topology of QinQ to support DHCP Relay

Read More »

selective QinQ on Huawei switches

Let’s go ahead with QinQ technology. In the last post you had the opportunity to know basic QinQ tunneling on Huawei switches. The QinQ tunnel attaches the same outer tag to all the frames entering the Layer 2 QinQ interface.

In this lab I would like to attach different outer tags, to the frames entering the Layer 2 QinQ interface, according to different inner tags. It is useful when packets are going to be differentiated in a provider’s network. Why? Because of service type, user’s application etc.

In this case we have 1 enterprise network with branch office located in another city. Customer network is divided into 2 VLANs to differentiate existing services. Our task is to transparently transmit packets, through ISP network, paying attantion to not allowing traffic between VLAN10 and VLAN20.

Selective QinQ topology

Read More »

basic QinQ configuration on Huawei switches

In traditional 802.1Q protocol, service provider should assign different VLAN IDs to users of different VLANs. The numer of VLANs is limited to 4094 IDs. In addition, different users cannot use the same VLAN ID.

A simple method to solve this is to implement QinQ. The QinQ technology improves the utilization of VLANs by adding another 802.1Q tag to a packet with an 802.1Q tag. In this manner, services from the private VLAN can be transparently transmitted through the public network. The ISP network only provides one VLAN ID for different VLANs from the same user network. This saves VLAN IDs of an ISP. Meanwhile, the QinQ provides a simple Layer 2 VPN solution to a small MAN or a local area networks.

QinQ tunneling on Huawei switches

Let’s assume that we have two enteprise networks. Each enterprise has two branch offices, located in different cities. As an ISP, we cannot force these enterprises to use different VLAN planning. In our case, both use VLAN 10 and our task is to transparently transmitt traffic, through ISP network, between remote offices.

What we want to achieve is to ensure communication between remote offices of each enterprise and to block communication between Enterprise_1 and Enterprise_2. We can use basic QinQ tunneling in this case. It adds the same outer VLAN tag to all the frames entering a Layer 2 port.

Read More »

RIP loop protection

I am going to show you how RIP loop protection works. Let’s take the topology from the previous post to demonstrate the features.

RIP topology

There are 2 methods of loop protection: Split Horizon and Poison Reverse.

Split Horizon

It prohibits a router to advertise a route back to neighbors, through the interface that receives the routes. Split Horizon is enabled by default on Huawei routers:

[R1]display rip 1 interface Serial 0/0/0 verbose
Serial0/0/0(192.168.20.1)
State : UP MTU : 500
Metricin : 0
Metricout : 1
Input : Enabled Output : Enabled
Protocol : RIPv2 Multicast
Send version : RIPv2 Multicast Packets
Receive version : RIPv2 Multicast and Broadcast Packets
Poison-reverse : Disabled

Authentication type : None
Replay Protection : Disabled

Split Horizon is disabled

Read More »

basic concept of RIP

Routing Information Protocol RIP is an interior gateway protocol IGP, implemented based on a distance-vector algorithm.

RIPv1 characteristics
  1. A classful routing protocol
  2. Uses broadcast address to update routes
  3. Uses UDP port 520 to send and receive packets

Let’s look at the captured request and response packets of RIPv1:

RIPv1_request

RIPv1_response

Read More »