QinQ vs VLAN vs VXLAN
VLAN (virtual local area network) technology allows users to communicate without being restricted to distance and physical locations, which greatly simplify network management. However, as the numbers of devices and users grow in large scale, due to the limited scalability to a maximum 4094 VLANs, and the inefficient use of available network links, VLAN no longer meets the increasing demand for network scales. Then VXLAN (virtual extensible LAN) and QinQ technologies come into being. In this post, the three technologies will be illustrated and compared.
Overview of VLAN, VXLAN and QinQ
VLAN
VLAN is a technology to segment network into several broadcast domains. In each broadcast domain, users can communicate with each other freely. As for connections between different VLANs, VLAN tagging and inter VLAN routing are two necessary terms that users must know. VLAN tagging is to add a special tag into the frame when it passes through the VLAN trunk port which allows frames from different VLANs to cross. And one of its tagging methods is IEEE 802.1Q. In CLI and Web user interface, VLAN configuration is simple and easy. The following video shows how to configure VLAN (virtual LAN) via CLI (command-line interface) and Web user interface on FS S5800/S5850/S8050 series network switches. More about VLAN, you can read this artical:VLAN: How Does It Change Your Network Management?
QinQ
QinQ, also known as stacking VLAN or double VLAN, is standardized by IEEE 802.1ad. It encapsulated the VLAN tag with two layers—an inner tag of a private network and an outer tag of the public network. As there are increasing users in networks, which require large numbers of VLANs ID. The traditional VLAN tagging that uses IEEE 802.1Q is unable to identify and isolate users’ data on expanding metro Ethernet works. Therefore, QinQ is used to extend the VLAN numbers up to 4096×4096, which can save public VLAN IDs effectively.
QinQ packets have a fixed format. Usually an 802.11Q tagged packet is encapsulated in another 802.1Q tag, which is the name “QinQ” derives from. During transmission, packets are forwarded on the basis of the outer VLAN tag on the public network. The inner VLAN tag is taken as data that also transmitted on the public network. With this double tag form, QinQ packets have four more bytes than common 802.1Q VLAN tagged packets.
There are two kinds of QinQ implementations—basic QinQ and selective QinQ.
Basic QinQ is a tagging way based on port. When a packet arrives at the interface that has VLAN VPN enabled, the switch will tag the packet with its default VLAN tag. It doesn’t matter whether the incoming packet is tagged or not. If it has been tagged, then it will have double VLAN tags; if not, it will have a single VLAN tag with the switch port.
Selective QinQ Selective QinQ owns the functions of basic QinQ, but it is more flexible. It can identify the inner VLAN tag of the packets according to the MAC address, IP protocol, source IP address and VLAN tag, then determine which tag it should be added.
VXLAN
VXLAN, also called virtual extensible LAN , is designed to provide layer 2 overlay networks on top of a layer 3 network by using MAC address-in-user datagram protocol (MAC-in-UDP) encapsulation. In simple terms, VXLAN can offer the same services as VLAN does, but with greater extensibility and flexibility. Similar to QinQ, VXLAN packets have a relatively fixed format too. With VXLAN MAC-in-UDP encapsulation, the original packets will be added on a VXLAN header and then placed in an UDP-IP packet. Here is a simple illustration.
VXLAN header: it consists of a 24-bit VNID which is used to identify layer 2 segments and to maintain layer 2 isolation between the segments. And all 24 bits in VNID define the number of LAN segments up to 16 million that VXLAN can support.
Outer UDP header: the VTEP (VXLAN Tunnel Endpoint) assigns the source port in the UDP header, and the destination port is typically the UDP port 4789.
Outer IP header: it has a source IP address of the source VETP associated with the inner frame source.
Outer Ethernet header: The outer Ethernet header has a source MAC address of the VTEP associated with the inner frame source.
QinQ vs VLAN vs VXLAN: What’s the Difference?
VLANs have been used to solve different problems like Layer 2 network isolation, flood and as routing interface. VLAN supporting function is now available in most systems and network equipment such as Ethernet switches, routers and firewalls. However, the comparison in this post mainly focuses on VLAN tagging. To realize communication between different VLANs, VLAN tagging is an essential part.
As has mentioned above, VLAN tagging uses the protocol IEEE 802.1Q or ISL (Inter-Switch Link) to tag frames flowing through different VLANs. Frames that are tagged with this method have only one tag. However, QinQ technology is more flexible when compared with VLAN. On one hand, it can add tags to the incoming frames or packets selectively. On the other hand, the outer VLAN tag solves the problem of limited VLAN IDs. And the unique inner tag avoids conflict between the private VLAN IDs and the public VLAN IDs, providing a simple layer 2 VPN solution for small-scale or large enterprise networks.
Notes: VLAN belongs to public network.
When it comes to VXLAN, it offers the same functions as QinQ in some degree, but its working layer is more extensible. VXLAN encapsulates packets by MAC-in-UDP, extending layer 2 networks greatly. As we know, with the advancement of cloud computing, tenants have more demanding requirements for network builds, especially for the virtualized data center, which enhances the need for layer 2 networks. MAC-in-UDP supports the use of 24-bit VINDs, which allows a data center to accommodate multiple tenants and to break the physical distance restriction and deployment. That’s why VXLANs are becoming more popular in cloud computing and virtualization data center in recent years. However, compare to VLAN and QinQ, VXLAN technology is more expensive and complicated. Therefore, not all VLAN switches support this function. FS.com N series data center switches like N5860-48SC (48 x 10Gb SFP+, with 8 x 100Gb QSFP28 Uplinks) and N8560-48BC (48 x 25Gb SFP28, with 8 x 100Gb QSFP28 Uplinks) support VXLAN and other data center features designed to offered high performance for layer 2/3 networks.
Conclusion
As the fast development of VLAN technology and layer 2/3 networks, more higher network management technologies will arise definitely. Like the QinQ and VXLAN, not all technologies are created equally. All of them are born to solve problems at present and will bring more convenience for today and future networks.
