VLAN Translation with QoS

VLAN translation provides flexibility in managing VLANs and Metro Ethernet-related services.

Layer2 VPN services are required to be deployed in the following Ethernet service type constructs:

  • Ethernet Line (E-Line) in E-line remote services: Provides a point-to-point Ethernet Virtual Circuit (EVC).
  • Ethernet LAN (ELAN) in E-line remote services: Provides a multipoint-to-multipoint EVC.

  • ELAN local

  • ELAN remote

All the remote services are transported over Ethernet Over Multi Protocol Label Switching (EoMPLS) (point-to-point) or Virtual Private LAN Service VPLS (multipoint-to-multipoint) cloud. Each service can accommodate the traffic coming from the customer either with 1 tag or 2 tags. The CoS from the customer must be passed transparently through the service to the other CPEs (UNIs).

Benefits of VLAN Translation

Earlier, the router supported Rewrite Push and Pop operations to push and remove 1 or more 802.1Q tags from the service frames only. The CoS transparency could not be achieved along with VLAN tag manipulation.

This problem is solved with the VLAN Translation feature. The current implementation of the feature allows one or more 802.1Q tags to be replaced with other 802.1Q tags and thus the desired tag manipulation can be achieved. In a scenario with two EFPs egressing the same interface, each EFP can have a different VLAN rewrite operation, which is more flexible.

VLAN translation feature includes the following functionalities:

  • 1:1 VLAN translation - The VLAN of the incoming traffic (CE VLAN) is replaced by another VLAN (PE VLAN). The specification of the VLAN translation happens during the creation of the service request. The CoS field of the new tag is set to the same value as the CoS field of the existing VLAN tag.

  • 2:1 VLAN translation - The double tagged (Q-in-Q) traffic at the U-PE UNI port can be mapped to different flows to achieve service multiplexing. The CoS field of the new tag is set to the inner CE-VLAN (second tag) CoS value.

  • 1:2 VLAN translation - The outermost tag can be replaced with two tags. The CoS field of the new tags is set to the same value as the CoS field of the incoming 802.1Q VLAN tag.

  • 2:2 VLAN translation - The outermost two tags can be replaced with other two tags. The CoS field of the new tags is set to the same value as the CoS field of the incoming Q-in-Q (outer and inner tag CoS) service frame.

Scenarios showing VLAN Translation

The following scenarios show the VLAN translation.

Scenario 1 - 1:1 VLAN Translation

Figure 1. 1:1 VLAN Translation

In the scenario above, t he broadcast or multicast from CPE1 has to be sent to CPE2 and CPE3. The incoming tag in the frame has a CoS value of 3. The service needs to be created that enables the CoS value to pass transparently to the other sites with the desired VLAN translation.

This behavior can be achieved using the 1:1 VLAN translation command on the service instance attached to CPE1. The Egress Service instance on Remote UPE device should be configured with the right encapsulation or Rewrite operation to achieve the correct tagging behavior (VLAN 50 on outgoing tag) for CPE3. As there is no inner tag here, the outer CoS is propagated in the newly added tag to both CPE2 and CPE3 ACs.

Scenario 2 - 2:1 VLAN Translation

Figure 2. 2:1 VLAN Translation

The above scenario depicts an instance of a local E-Line service, with one AC (AC1) with double VLAN ID (inner 100 andouter 10) and the other AC (AC2) with VLAN ID (30). The frame with CoS=3 from the inner VLAN 100 in AC1 has to be delivered in AC2 with VLAN 30 and CoS=3. Similarly, for remote instance, we have AC (AC3) with VLAN 50 and same inner CoS 3 should be transparently carried over MPLS cloud to AC3 from AC1. The way we can achieve this behavior on router is with 2:1 VLAN translation command on service instance connected to AC1.

In this particular scenario, since there is a inner Tag present, inner CoS will be propagated in the newly added Tag to both CPE2 and CPE3 ACs.

Limitations for VLAN Translation with QoS

  • Only 1:1 and 2:1 translate rewrites are supported. 1:2 and 2:2 translations are not supported.

  • Translate operation can only be applied to a unique tag matching service instance.

  • VLAN Translation is not supported on TEFP, encapsulation untagged, and BDI interfaces.

  • Any VLAN Translation with rewrite pop2 is not supported.

  • Translation is only supported for 802.1Q (0x8100) encapsulation.

  • Translation is not supported for 802.1AD (0x88A8) and Customer Ethertype (0x9100 and 0x9200).

  • Egress QoS policy is not supported on Trans 2:1 and 1:1 VLAN Translation, if ingress Translation or push EFPs do not have policy.

  • For 1:1 to 1:1 scenario, marking is not supported.

  • Ingress POP 0 or 1:1 CoS marking is not supported.

Configuring 1:1 VLAN Translation

Procedure


Step 1

enable

Enables privileged EXEC mode.
  • Enter your password if prompted.

Step 2

configure terminal

Enters global configuration mode.

Step 3

interface <interface-number>

Enters the interface configuration mode for the interface connected to the service-provider network. You can enter a physical interface or an EtherChannel port channel.

Step 4

service instance id ethernet {evc-id}

Configures an Ethernet service instance on the interface and enters Ethernet service configuration mode.
  • The Ethernet service instance identifier is a per-interface service identifier and does not map to a VLAN.

Step 5

encapsulation dot1q {vlan-id}

Configures the encapsulation. Defines the matching criteria that maps the ingress dot1q or untagged frames on an interface for the appropriate service instance.

Step 6

rewrite ingress tag translate 1-to-1 dot1q vlan-id symmetric

Specifies the encapsulation adjustment that is to be performed on the frame ingress to the service instance.

Step 7

bridge-domain domain-number

Binds a service instance to a bridge domain instance.

Step 8

end

Returns to privileged EXEC mode.


Configuring 2:1 VLAN Translation

Procedure


Step 1

enable

Example:

Device> enable
Enables privileged EXEC mode.
  • Enter your password if prompted.

Step 2

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.

Step 3

interface <interface-number>

Enters the interface configuration mode for the interface connected to the service-provider network. You can enter a physical interface or an EtherChannel port channel.

Step 4

service instance id ethernet {evc-id}

Configures an Ethernet service instance on the interface and enters Ethernet service configuration mode.
  • The Ethernet service instance identifier is a per-interface service identifier and does not map to a VLAN.

Step 5

encapsulation dot1q {vlan-id} second-dot1q {vlan-id}

Configures the encapsulation. Defines the matching criteria that maps the ingress dot1q or untagged frames on an interface for the appropriate service instance.
  • Use the second-dot1q keyword and the vlan-id argument to specify the VLAN tags to be terminated on the subinterface.

Step 6

rewrite ingress tag translate 2-to-1 dot1q vlan-id symmetric

Specifies the encapsulation adjustment that is to be performed on the frame ingress to the service instance.

Step 7

bridge-domain domain-number

Binds a service instance to a bridge domain instance.

Step 8

end

Returns to privileged EXEC mode.


Configuring policy for ingress QoS

Procedure


Step 1

enable

Enables privileged EXEC mode.
  • Enter your password if prompted.

Step 2

configure terminal

Enters global configuration mode.

Step 3

class-map match-all cos value

Determine how packets are evaluated when the packets meet all of the match criteria.

Step 4

match cos value

Matches a packet on the basis of a layer 2 CoS marking,

Step 5

policy-map policy-name

Creates or specifies the name of the traffic policy and enters policy-map configuration mode.

Step 6

class class-name

Specifies the name of a traffic class and enters policy-map class configuration mode.

Step 7

set cos cos value

Sets the Class of Service (CoS) value of an outgoing packet.

Step 8

police cir value

Need Information.

Step 9

interface interface-number

Enters the interface configuration mode for the interface connected to the service-provider network. You can enter a physical interface or an EtherChannel port channel.

Step 10

no ip address

Removes an IP address or disable IP processing.

Step 11

load-interval seconds

Changes the sampling interval for statistics collections on interfaces

Step 12

service instance id ethernet evc-id

Configures an Ethernet service instance on the interface and enters Ethernet service configuration mode.
  • The Ethernet service instance identifier is a per-interface service identifier and does not map to a VLAN.

Step 13

encapsulation dot1q vlan-id second-dot1q vlan-id

Configures the encapsulation. Defines the matching criteria that maps the ingress dot1q or untagged frames on an interface for the appropriate service instance.
  • Use the second-dot1q keyword and the vlan-id argument to specify the VLAN tags to be terminated on the subinterface.

Step 14

rewrite ingress tag translate 2-to-1 dot1q vlan-id symmetric

Specifies the encapsulation adjustment that is to be performed on the frame ingress to the service instance.

Step 15

service-policy input policy-map-name

Attaches a policy map to an interface.

Step 16

bridge-domain domain-number

Binds a service instance to a bridge domain instance.

Step 17

end

Returns to privileged EXEC mode.


Configuration Example for 1:1 VLAN Translation

The following example shows the sample configuration for 1:1 VLAN Translation.

service instance 50 ethernet
encapsulation dot1q 50 
rewrite ingress tag translate 1-to-1 dot1q 500 symmetric
bridge-domain 50

Configuration Example for 2:1 VLAN Translation

The following example shows the sample configuration for 2:1 VLAN Translation.

service instance 50 ethernet
encapsulation dot1q 10 second-dot1q 20
rewrite ingress tag translate 2-to-1 dot1q 500 symmetric
bridge-domain 50

Configuration Example for policing ingress QoS

The following example shows the sample configuration of policing ingress QoS.

class-map match-all cos6
match cos 6
class-map match-all cos3
match cos 3
policy-map mark_cos3to6
class cos3
set cos 6
police cir 900000000
interface TenGigabitEthernet0/0/12
no ip address
load-interval 30
service instance 1 ethernet
encapsulation dot1q 10 second-dot1q 20
rewrite ingress tag translate 2-to-1 dot1q 30 symmetric
service-policy input mark_cos3to6
bridge-domain 1


Configuration Verifications for VLAN Translation with QoS

The following sections show the configuration verifications for VLAN Translation with QoS.

Verifying the VLAN configuration

The show running-config interface [number] command displays and verifies the VLAN configuration.

#show running-config interface gigabitEthernet 0/0/5
interface GigabitEthernet0/0/5
 no ip address
 media-type auto-select
 negotiation auto
 service instance 1 ethernet
  encapsulation dot1q 1
  rewrite ingress tag translate 1-to-1 dot1q 2 symmetric
  bridge-domain 1
 end

Verifying policy-map on ingress QoS

The show policy-map interface command verifies the policy-map on ingress QoS.

show policy-map interface gig0/0/3 service instance 1
 GigabitEthernet0/0/3: EFP 1 

  Service-policy input: in_policy_cos

    Class-map: cos3 (match-all)  
      7077065 packets, 452932160 bytes
      30 second offered rate 19984000 bps, drop rate 0000 bps
      Match: cos  3 
      QoS Set
        cos 4
          Marker statistics: Disabled

    Class-map: class-default (match-any)  
      0 packets, 0 bytes
      30 second offered rate 0000 bps, drop rate 0000 bps
      Match: any 

Verifying policy-map on egress QoS

The show policy-map interface command verifies the policy-map on egress QoS.

show policy-map interface gig0/0/4 service instance 1
 GigabitEthernet0/0/4: EFP 1 

  Service-policy output: classify_policy

    Class-map: class_cos4 (match-all)  
      6891220 packets, 468602960 bytes
      30 second offered rate 21359000 bps
      Match: cos  4 

    Class-map: class-default (match-any)  
      0 packets, 0 bytes
      30 second offered rate 0000 bps, drop rate 0000 bps
      Match: any 

Verifying the QoS Labels

The show platform hardware pp active feature qos label structs command displays the QoS labels in use.

#show platform hardware pp active feature qos label structs
PRINTING BIT LIST OF LABELS IN USE
0-3,8-15,125-127
Qos Label = 1, Ref_count = 1, Set_ref_count =1, edir = 0
Label Key is as follows -
outer_dscp = 0, inner_dscp = 0,outer_cos = 0, inner_cos = 0
 outer_cfi = 0, inner_cfi = 0,outer_exp = 0, inner_exp = 5
mpls_tunnel_bit = 1, qos_group = 0,discard_class = 0, rwtype = 0, set_action = 1
Match criteria bit list for this label:
8,11
PRINTING BIT LIST OF LABELS IN USE
0-3,8-15,125-127
Qos Label = 2, Ref_count = 1, Set_ref_count =1, edir = 0
Label Key is as follows -
outer_dscp = 0, inner_dscp = 0,outer_cos = 0, inner_cos = 0
 outer_cfi = 0, inner_cfi = 0,outer_exp = 0, inner_exp = 0
mpls_tunnel_bit = 1, qos_group = 0,discard_class = 0, rwtype = 0, set_action = 1
Match criteria bit list for this label:
8,11

Verifying Egress TCAM Details

The show platform hardware pp active feature qos tcam eqos 0 all command displays and verifies the egress TCAM details.

#show platform hardware pp active feature qos tcam eqos 0 all 
FIELD 0: total 125, used 60, min 125, first_entry 0, hole:0, size:0
=========================================================================
FIELD 1: total 0, used 0, min 0, first_entry 125, hole:0, size:0
=========================================================================
FIELD 2: total 799, used 0, min 0, first_entry 125, hole:0, size:0
=========================================================================
FIELD 3: total 50, used 0, min 50, first_entry 924, hole:0, size:0
=========================================================================
index 0: 1 contiguous entries in same hw_handle, aclType EGRESSCLASSIFY,lookupTable NA
index 1: 1 contiguous entries in same hw_handle, aclType EGRESSCLASSIFY,lookupTable NA
index 2: 1 contiguous entries in same hw_handle, aclType EGRESSCLASSIFY,lookupTable NA
index 3: 1 contiguous entries in same hw_handle, aclType EGRESSCLASSIFY,lookupTable NA
index 4: 1 contiguous entries in same hw_handle, aclType EGRESSCLASSIFY,lookupTable NA

Verifying TCAM Index Details

The show platform hardware pp active feature qos tree service-instance <num> port-number <num> input tcam-info command displays the TCAM index details pertaining to the specified interface.

Tcam-handle=2253 
        First-Index=184
        Last-Index=249 
        Total-Count=66