Hi,
I'm looking a while for informations about differences between vlan VID 802.1q X/X and ethernet-services svlan VID nni X/X.
Right now switches are configured with vlan 802.1q, but i need to connect old lan (with no capable Q-in-Q switches) to new one, with vlan autonomy. To do so, i used ethernet-services to translate vlans between two switches. But when i tried to push tagged uni port through already trunked port (configured as multiple vlan 802.1q), the error messages stated "port state error". Using ethernet-services svlan to trunk multiple vlans works fine.
I dont have more switches to test compatibility with alcatel stp 1x1 rstp, and other features like: mstp, link aggregation, qos and others.
If someone has any expirence with ethernet-services in production environment to trunk multiple vlans between internal switches, could post his expirence would be wonderful.
Thank You,
vlan 802.1q vs ethernet-services
-
benny
Re: vlan 802.1q vs ethernet-services
Hi Tom,
QinQ is pretty advanced, not sure this should be the way to go.
Alcatel-Lucent 1x1 STP is "standard based" dot1d/dot1w per VLAN. If the "new switch" added to the network just has one VLAN it should inter-op fine.
It is going to be difficult if you dot1Q multiple VLANs to that switch as then it would have to handle multiple BPDUs. MSTP (dot1s) would be prefered then, but is also not trivial to implement.
If possible I recommend to add another OmniSwitch in the network which will then use DHL (Dual-Home-Linkagg) to connect to the core network. At least you can avoid a very large STP domain that way....
B
QinQ is pretty advanced, not sure this should be the way to go.
Alcatel-Lucent 1x1 STP is "standard based" dot1d/dot1w per VLAN. If the "new switch" added to the network just has one VLAN it should inter-op fine.
It is going to be difficult if you dot1Q multiple VLANs to that switch as then it would have to handle multiple BPDUs. MSTP (dot1s) would be prefered then, but is also not trivial to implement.
If possible I recommend to add another OmniSwitch in the network which will then use DHL (Dual-Home-Linkagg) to connect to the core network. At least you can avoid a very large STP domain that way....
B
-
tom
Re: vlan 802.1q vs ethernet-services
We have a plan to impelent MSTP, because we already had some problems with nortel switch from ibm blade. In my opinion good implementation of MSTP is even more advanced than Q-in-Q tagging, specially when the environment is with mixed vlan which we will have.benny wrote:Hi Tom,
QinQ is pretty advanced, not sure this should be the way to go.
Alcatel-Lucent 1x1 STP is "standard based" dot1d/dot1w per VLAN. If the "new switch" added to the network just has one VLAN it should inter-op fine.
It is going to be difficult if you dot1Q multiple VLANs to that switch as then it would have to handle multiple BPDUs. MSTP (dot1s) would be prefered then, but is also not trivial to implement.
If possible I recommend to add another OmniSwitch in the network which will then use DHL (Dual-Home-Linkagg) to connect to the core network. At least you can avoid a very large STP domain that way....
B
Example:
Rack 1 - vlans : 5,6,7
Rack 2 - vlans: 5,10,11
Rack 3 - vlans: 5,10,15
But STP is not a problem right now, there is no chance for a loop occurred on a single link carrying few vlans.
I think i wasn't clear enough with my question. So once again, is there any difference between:
ethernet-service svlan 202 nni 3/5
and
vlan 202 802.1q 3/5 ?
Both carries tagged packets for vlan 202 through port 3/5, but output of show vlan port:
For ethernet-service
-> show vlan ports
202 3/5 vstkQtag forwarding
For vlan 802.1
-> show vlan ports
202 3/5 802.1Q forwarding
regards
-
benny
Re: vlan 802.1q vs ethernet-services
Hi Tom,
Please make sure that the ISL ports of the blade-center switches are not active, those can cause loops if MSTP/STP is not properly implemented (assuming that the second switch in the blade-center is connected to network).
I recommend you go for "normal" tagging (802.1Q) as "ethernet-service" / svlan stuff is meant for 802.1ad/802.1QinQ "Provider Bridging".
Basically 802.1Q is a single tag, while 802.1QinQ can carry an SVLAN and "stacks" another 802.1Q-tagged frame.
If you want to create a 802.1Q tag, then use 802.1Q.
If you want to build a Transparent LAN Service for multiple customer VLANs and double-tag frames then use 802.1QinQ / 802.1ad / ethernet-service.
-b
Please make sure that the ISL ports of the blade-center switches are not active, those can cause loops if MSTP/STP is not properly implemented (assuming that the second switch in the blade-center is connected to network).
I recommend you go for "normal" tagging (802.1Q) as "ethernet-service" / svlan stuff is meant for 802.1ad/802.1QinQ "Provider Bridging".
Basically 802.1Q is a single tag, while 802.1QinQ can carry an SVLAN and "stacks" another 802.1Q-tagged frame.
If you want to create a 802.1Q tag, then use 802.1Q.
If you want to build a Transparent LAN Service for multiple customer VLANs and double-tag frames then use 802.1QinQ / 802.1ad / ethernet-service.
-b
-
tom
Re: vlan 802.1q vs ethernet-services
Hello Benny,
Even the second switch is connected there is not way to loop occur, because they aren't connected with each other (no link that passes l2 packets, www.redbooks.ibm.com/abstracts/redp3586.html).
-> vlan 202 802.1q 1/1
ERROR: 202 is an svlan
-> ethernet-service svlan 202 nni 1/1
ERROR: Wrong port state for port 1001, cannot transition
So if i need to transmit that vlan with other vlans, i need need to use ethernet-services all way through switches.
That's why i'm looking for technical information about the vstkQtag tagging, and problems that this solution could cause in the future.
ISL is not support on nortel switches.benny wrote: Please make sure that the ISL ports of the blade-center switches are not active, those can cause loops if MSTP/STP is not properly implemented (assuming that the second switch in the blade-center is connected to network).
Even the second switch is connected there is not way to loop occur, because they aren't connected with each other (no link that passes l2 packets, www.redbooks.ibm.com/abstracts/redp3586.html).
VLAN Stacknig in translation mode, doesn't double-tag a frame. And there is not way to use vlan stacking in translation mode with vlan 802.1q:benny wrote: I recommend you go for "normal" tagging (802.1Q) as "ethernet-service" / svlan stuff is meant for 802.1ad/802.1QinQ "Provider Bridging".
Basically 802.1Q is a single tag, while 802.1QinQ can carry an SVLAN and "stacks" another 802.1Q-tagged frame.
If you want to create a 802.1Q tag, then use 802.1Q.
If you want to build a Transparent LAN Service for multiple customer VLANs and double-tag frames then use 802.1QinQ / 802.1ad / ethernet-service.
-b
-> vlan 202 802.1q 1/1
ERROR: 202 is an svlan
-> ethernet-service svlan 202 nni 1/1
ERROR: Wrong port state for port 1001, cannot transition
So if i need to transmit that vlan with other vlans, i need need to use ethernet-services all way through switches.
That's why i'm looking for technical information about the vstkQtag tagging, and problems that this solution could cause in the future.
-
benny
Re: vlan 802.1q vs ethernet-services
Hi Tom,
You're right, "VLAN Stacking in translation mode" doesn't double-tag a frame - I missed that "translate" part in your initial post.
Regarding the "ISL" statement on Nortel switches. I ran a bunch of HP blade-centers with "Nortel-like" switches, they had "ISL links" on port 18/19. Might differ from vendor to vendor ...
(I also heard rumors that "Nortel-like" switch in the HP blade-center was actually manufactured by DLINK, but couldn't believe it ... )
The only documentation I know regarding QinQ is the official Alcatel-Lucent documentation and Cedric's post on dot1QinQ here: viewtopic.php?f=192&t=13383&p=48012
Maybe you want to do the "translation" the easy way: ALU-side vlan 10 port default 1/1 and connect it to your "legacy network" vlan 20 port default / access port, downside is that you can only "translate" one VLAN per port.
Benny
You're right, "VLAN Stacking in translation mode" doesn't double-tag a frame - I missed that "translate" part in your initial post.
Regarding the "ISL" statement on Nortel switches. I ran a bunch of HP blade-centers with "Nortel-like" switches, they had "ISL links" on port 18/19. Might differ from vendor to vendor ...
(I also heard rumors that "Nortel-like" switch in the HP blade-center was actually manufactured by DLINK, but couldn't believe it ... )
The only documentation I know regarding QinQ is the official Alcatel-Lucent documentation and Cedric's post on dot1QinQ here: viewtopic.php?f=192&t=13383&p=48012
Maybe you want to do the "translation" the easy way: ALU-side vlan 10 port default 1/1 and connect it to your "legacy network" vlan 20 port default / access port, downside is that you can only "translate" one VLAN per port.
Benny
-
tom
Re: vlan 802.1q vs ethernet-services
Hi again Benny,benny wrote:Maybe you want to do the "translation" the easy way: ALU-side vlan 10 port default 1/1 and connect it to your "legacy network" vlan 20 port default / access port, downside is that you can only "translate" one VLAN per port.
Benny
After contacting with people from Alcatel academy, i still have some doubts. They have done some performance/features tests , no problems were found. But they told me that using ethernet-services inside production environment isn't a good idea.
Funny thing i discovered was, when i set ethernet-services on one switch and pushed nni port to the second switch. On the second switch i didn't use "ethernet-service svlan vlan_id slot_port" command but "vlan vlan_id 802.1q slot_port".
After that port between switches on the second switch was in blocking mode with a note "Dispute", even though that were only two ports used on that switch (first for notebook, second for link between switches).
The problem is with bridge mode 1x1 (alcatel-lucent rrstp), if i set the flat mode or "bridge mode pvst+ enable" everything is working. I'm not sure if it is a firmware revision problem (ethernet-service switch has firmware from aug 2009 and the second switch apr 2010).
I will try with newer firmware, and post my results.
P.s. where can i find new firmware, and do i need a special privileges from my reseller to download it (like it is with cisco support) ?
Regards
-
tom
Re: vlan 802.1q vs ethernet-services
I reversed the ethernet-service settings, from
to
And it seems to be working, even with alcatel-lucent rrstp.
3/3 - old vlan source
3/4-5 - are links between new vlans network.
Code: Select all
ethernet-service svlan 201 enable
ethernet-service svlan 201 nni 3/3
ethernet-service sap-profile "sap-201" cvlan-tag translate
ethernet-service service-name "201_202" svlan 201
ethernet-service sap 201 service-name "201_202"
ethernet-service sap 201 sap-profile "sap-201"
ethernet-service sap 201 uni 3/4-5
ethernet-service sap 201 cvlan 202
Code: Select all
ethernet-service svlan 201 nni 3/3
ethernet-service sap-profile "sap-201" cvlan-tag translate
ethernet-service service-name "201_202" svlan 201
ethernet-service sap 201 service-name "201_202"
ethernet-service sap 201 sap-profile "sap-201"
ethernet-service sap 201 uni 3/4-5
ethernet-service sap 201 cvlan 202And it seems to be working, even with alcatel-lucent rrstp.
3/3 - old vlan source
3/4-5 - are links between new vlans network.
