Q & A for Q-in-Q part 1

In this two part blog series, we will cover some of the basics around double-stacked VLAN tagging, otherwise known as Q-in-Q, or by it’s formal IEEE definition, 802.1ad.

What is VLAN tagging?

There are two types of ports on network switches.  Most vendors use terms such as “Trunk Port” and “Access Port” to differentiate them.  Access ports define a port where a single VLAN ID is carried whereas Trunk ports carry traffic destined for multiple VLANs.  Trunk Ports require a policy to determine which traffic is to be sent within which VLAN identifier.  For these purposes, a technical standard defining VLAN tagging 802.1q was developed. These VLAN tags contains information such as VLAN ID and other information that is specified by the 802.1q standard.

What does the technical outline of 802.1q (single tagged VLAN frames) look like?

An Ethernet frame (a physical layer communications transmission unit) that belongs to a VLAN which is carried through a Trunk Port will have a 802.1q header added.  See the following diagram:



What is Q-in-Q?

Q-in-Q (formally defined as 802.1ad) is developed based around 802.1q (VLAN tagging) to provide an additional layer of flexibility when dealing with Layer 2 networking.  It was originally designed to allow Network Service Providers (NSPs) flexibility in handling trunk port capability but spanning multiple customer connections that may wish to re-use the same VLAN. Q-in-Q tunnelling allows NSPs to consolidate all VLAN traffic into a single VLAN by adding an additional VLAN tag to already tagged traffic sent to and from customers. The additional tag helps NSPs to identify and separate different customer traffic.

Within an Ethernet Frame, these two tags are often known as “Inner tag” and “Outer tag”.  “Inner tags” contain VLAN information that belong to the traffic of the NSP’s customers.   The “Outer tags” contains information relating to the NSP’s VLAN networks. Though Q-in-Q/802.1ad was designed originally for NSPs to add/remove transparently to a customer (so called ‘pushing’ and ‘popping’ of outer tags) it is routinely utilised to carry a range of VLANs across a single VXC. This would allow for example a partner utilising Megaport to aggregate traffic on behalf of multiple customer networks and carry them transparently as a single VXC between two network locations, even where other customers using the same aggregator may utilise a similar group of VLAN identifiers.

What is a Q-in-Q Frame Build (802.1ad)?


Tag in light grey = Outer Tag

Tag in dark grey = Inner Tag

How can I differentiate the inner tag from the outer tag? Does it matter?

As you can imagine there is a definite need to isolate the double stacked tags. You might have heard the story about the great thing about standards – there’s a few of them so pick the one that suits you best! To differentiate the different tags under the 802.1ad standard the inner commonly uses  EtherType 0x8100 and outer 0x88a8 whilst the Cisco definition of Q-in-Q is for both inner and outer EtherTypes to be 0x8100. It is important to note that the Megaport specification of double-tagged frames is for both inner and outer tags to be 0x8100.

This double tagged VLAN concept is also frequently used in direct connectivity to cloud computing resources such as that presented by the Microsoft ExpressRoute product offering.  In this specific instance “Inner tags” (or C-TAGs) belong to the Microsoft customer’s multiple VLANs (Azure private, Azure public and Microsoft peering) and “Outer tags” (Service Provider tags, or S-TAGs) belong to the Megaport customer’s A-end VLAN that is requested to be set on their Megaport.

In part two of this series we will explore further the use of this concept for Microsoft ExpressRoute and how to configure redundant connectivity to Azure primary and secondary router presentations. Click here to read part 2.

Jason Bordujenko

Author: Jason Bordujenko

Solutions Architect, APAC

Related Posts

Microsoft Ignite 2018: Announcements and Insights All the announcements coming up at Microsoft Ignite 2018 that you need to know about. Microsoft is gearing up for its annual tech conference, Ignite, where the industry congregates to get the latest insights and skills from leaders and practitioners...
Connecting to Microsoft Office 365 via Megaport’s Internet Exchange Microsoft Office 365 has become a staple cloud application for enterprise businesses globally. Microsoft Office 365 has become a staple business productivity solution for enterprise companies globally. As more and more businesses access and increa...
How Virtual Routing Solves BGP Challenges for Hybrid Cloud Remove the complexities of connecting your on-premise and public cloud environments with Megaport Cloud Router’s virtual networking capabilities. Like many other enterprise companies, you have probably made significant investments in your on-premise...
1 Comment

Comments are closed.

  1. […] our last post (https://www.megaport.com/blog/q-in-q-questions-answered-part-1/) where we discussed the concept of stacked VLAN tags (Q-in-Q), in this second part we will focus […]

©2019 Megaport. Megaport, Virtual Cross Connect, VXC and MegaIX are registered trademarks of Megaport (Services) Pty Ltd ACN 607 432 646.

Log in with your credentials

Forgot your details?