Subinterface VLAN configuration
When the vlan-tagging parameter is set to true for a network interface, the interface can accept ethertype 0x8100 frames with one or more VLAN tags. The interface can be configured with up to 4096 subinterfaces, each with a separate index number.
The following example enables VLAN tagging for an interface and configures two
subinterfaces. Single-tagged packets received on subinterface
ethernet-2/1.2 are encapsulated with VLAN ID 101.
--{ * candidate shared default }--[ ]--
# info interface ethernet-2/1
interface ethernet-2/1 {
admin-state enable
vlan-tagging true
subinterface 1 {
admin-state enable
vlan {
encap {
single-tagged {
vlan-id 100
}
}
}
}
subinterface 2 {
admin-state enable
vlan {
encap {
single-tagged {
vlan-id 101
}
}
}
}
}
Null encapsulated bridged subinterfaces
Untagged bridged and routed subinterfaces are supported on all platforms that support bridged subinterfaces, including 7220 IXR-Dx, 7215 IXS-A1, 7250 IXR, and 7730 SXR platforms.
When a subinterface is untagged bridged and routed, the Ethernet interface is configured as vlan-tagging false.
Only one untagged subinterface is supported on an Ethernet interface.
All incoming frames on the interface are classified into the untagged subinterface whether the frames are tagged or untagged.
Untagged interface configuration
--{ * candidate shared default }--[ interface ethernet-1/1 ]--
A:srl1# info
admin-state enable
vlan-tagging false
subinterface 1 {
type bridged
}Dot1q tagged bridged subinterfaces
Dot1q tagged bridged subinterfaces are supported on 7220 IXR-Dx, 7215 IXS-A1, 7250 IXR, and 7730 SXR platforms.
When a bridged subinterface is Dot1q tagged, the Ethernet interface is configured as vlan-tagging true and multiple subinterfaces are supported on the same interface.
Ingress traffic is classified into a subinterface based on the associated Dot1q tagging.
| Subinterface type | VLAN ID configuration | Description | Platform support |
|---|---|---|---|
|
subinterface vlan encap untagged |
— |
Untagged traffic is classified into the subinterface. On 7220 IXR-Dx and 7215 IXS-A1 platforms, frames tagged with vlan-id=0 are also classified into this subinterface. |
7220 IXR-Dx 7215 IXS-A1 7250 IXR 7730 SXR |
|
subinterface vlan encap single-tagged |
vlan-id = 1 to 4094 |
Dot1q tagged traffic is classified into the subinterface. When vlan-id is configured to a specific value, it is popped on ingress and pushed on egress (default). The vlan-id is service-delimiting. |
7220 IXR-Dx 7215 IXS-A1 7250 IXR 7730 SXR |
|
subinterface vlan encap single-tagged |
vlan-id = optional |
Dot1q tagged and untagged traffic is classified into the subinterface. If vlan-id = optional, any non-specified value (or untagged value) is classified into the subinterface. There are no service-delimiting VLAN tags on the subinterface. |
7220 IXR-Dx 7215 IXS-A1 7250 IXR 7730 SXR |
|
subinterface vlan encap single-tagged |
vlan-id = any |
Dot1q tagged traffic is classified into the subinterface. If vlan-id = any, any non-specified value (but a tag must always exist) is classified into the subinterface. There are no service-delimiting VLAN tags on the subinterface. |
7730 SXR |
Dot1q VLAN ranges on bridged subinterfaces
Bridged subinterfaces support Dot1q VLAN ranges. When a bridged subinterface is configured for a Dot1q VLAN range, traffic matching any VLAN in the range is associated with the bridged subinterface.
For example, you can configure a bridged subinterface with the Dot1q VLAN range 10 to 100. When an attached device sends traffic that has a VLAN ID in the range 10 through 100, the traffic is associated with the bridged subinterface.
A bridged subinterface can support a single VLAN range or multiple VLAN ranges. The following figure shows a configuration with a single VLAN range.
In this figure, the Bare Metal (BM) server is attached to a MAC VRF, and LAG-bridged subinterfaces are associated with the Dot1q VLAN range 1-4000. Traffic issued by the BM server with a VLAN ID matching any value in the configured range is associated with the bridged subinterface. VLAN IDs 4001-4095 are not associated with the subinterface.
The following figure shows a configuration with multiple VLAN ranges associated with a bridged subinterface.
In this figure, VLAN ranges are selectively associated with a mac-vrf. VLAN IDs 1–100 are associated with MAC-VRF 20001 (which uses VNI 20001), and VLAN IDs 101–200 are associated with MAC-VRF 20002 (which uses VNI 20002).
In both figures, it is expected that all the leaf nodes attached to the same BD use the same VLAN ranges on all their bridged subinterfaces for the mac-vrf. The Dot1q VLAN tags of the incoming frames are not stripped off at the ingress subinterface. At the egress subinterface (which is configured with the same VLAN range as the ingress subinterface), no additional Dot1q tag is pushed onto the frames.
An SR Linux system can support up to 8,000 subinterfaces that have VLAN ranges, with up to 8 VLAN ranges per interface.
VLAN ranges can be configured on bridged subinterfaces of a mac-vrf with or without IRB subinterfaces. When an IRB subinterface is present in the same mac-vrf where the VLAN range subinterface is configured, incoming frames containing tags with a MAC DA equal to the IRB and associated with a Dot1q VLAN range subinterface are dropped. On egress, traffic coming from the IRB is not tagged if the destination is associated with a VLAN range subinterface.
VLAN ranges cannot overlap within the same subinterface or across subinterfaces of the same physical interface. In addition, ranges configured in subinterface a and individual VLAN ID values configured in a single-tagged subinterface b cannot overlap if a and b are defined in the same interface.
Configuring Dot1q VLAN ranges on a bridged subinterface
To configure a Dot1q VLAN range, specify the lower and upper values for the range. A subinterface can have multiple ranges associated with it.
The following example configures a range of VLAN IDs associated with a bridged subinterface. Traffic matching any VLAN in the range is associated with the bridged subinterface.
--{ candidate shared default }--[ ]--
# info interface ethernet-1/1
interface ethernet-1/1 {
vlan-tagging true
subinterface 1 {
type bridged
vlan {
encap {
single-tagged-range {
low-vlan-id 10 {
high-vlan-id 100
}
}
}
}
}
}Displaying Dot1q VLAN range information
Check the Encapsulation field of the show interface command
for the configured Dot1q VLAN ranges for the interface.
--{ candidate shared default }--[ ]--
# show interface lag1.1
=================================================================================
lag1.1 is up
Network-instance: MAC-VRF-1
Encapsulation : vlan-id 1-10, 20-30
Type : bridged
=================================================================================
QinQ bridged subinterfaces
SR Linux supports QinQ bridged subinterfaces on 7250 IXR and 7730 SXR platforms. You can configure double-tagged subinterfaces when an Ethernet interface is configured as vlan-tagging true.
The double-tagged command enables QinQ subinterfaces in a given Ethernet interface and is only configured in bridged subinterfaces.
Both inner-vlan-id and outer-vlan-id must be configured.
The following table describes the possible subinterfaces that QinQ traffic is classified into.
| Subinterface type | VLAN ID configuration | Description | Platform support |
|---|---|---|---|
|
subinterface vlan encap double-tagged |
inner-vlan-id = 1 to 4094 outer-vlan-id = 1 to 4094 |
QinQ tagged traffic is classified into the subinterface. Frames matching the specific inner and outer VLAN ID combination are classified into the subinterface. Both inner-vlan-id and outer-vlan-id are considered service-delimiting and are popped on ingress and pushed on egress. |
7250 IXR and 7730 SXR |
|
subinterface vlan encap double-tagged |
inner-vlan-id = any outer-vlan-id = 1 to 4094 |
QinQ tagged traffic is classified into the subinterface. If inner-vlan-id = any, any frames with a non-specified value in the inner tag (but a tag must always exist) and a specified outer tag value are classified into the subinterface. In this case, only the outer-vlan-id is considered service-delimiting, therefore only the outer tag is popped on ingress and pushed on egress. |
7730 SXR |
|
subinterface vlan encap double-tagged |
inner-vlan-id = optional outer-vlan-id = optional |
Untagged, Dot1q, and QinQ tagged traffic is classified into the subinterface. If inner-vlan-id = any, and outer-vlan-id = any, untagged frames or tagged frames with non-specified values in the outer tag and inner tag are classified into the subinterface. There are no service-delimiting tag values in this case, therefore no tags are popped or pushed on these subinterfaces. |
7250 IXR and 7730 SXR |
Untagged, single-tagged, and double-tagged subinterfaces are supported on the same Ethernet or LAG interface.
The following example shows untagged, single-tagged, and double-tagged subinterfaces under the same interface.
Combined untagged, single-tagged, and double-tagged subinterface configuration
--{ * candidate shared default }--[ ]--
A:srl1# info interface ethernet-1/1
interface ethernet-1/1 {
description qinq-interface
admin-state enable
vlan-tagging true
subinterface 1 {
type bridged
vlan {
encap {
single-tagged {
vlan-id 1
}
}
}
}
subinterface 2 {
type bridged
vlan {
encap {
double-tagged {
inner-vlan-id 100
outer-vlan-id 100
}
}
}
}
subinterface 3 {
type bridged
vlan {
encap {
untagged {
}
}
}
}
}Platform specifications for VLAN tagging support
The following table shows the different VLAN encapsulation options supported across platforms.
| Tagging option | 7220 IXR-Dx | 7250 IXR | 7730 SXR | 7215 IXS-A1 |
|---|---|---|---|---|
| vlan-tagging false |
✓ |
✓ |
✓ |
✓ |
| untagged |
✓ |
✓ |
✓ |
✓ |
| single-tagged-range |
✓ |
|||
| single-tagged vlan-id 1 to 4094 |
✓ |
✓ |
✓ |
✓ |
| single-tagged vlan-id optional |
✓ |
✓ |
✓ |
✓ |
| single-tagged vlan-id any |
✓ |
|||
| double-tagged outer-vlan-id 1 to 4094 inner-vlan-id 1 to 4094 |
✓ |
✓ |
||
| double-tagged outer-vlan-id 1 to 4094 inner-vlan-id any |
✓ |
|||
| double-tagged outer-vlan-id optional inner-vlan-id optional |
✓ |
✓ |
Considerations on 7250 IXR platforms
-
single-tagged vlan-id 1..4094 – accepts tags with the specified VLAN ID and more tags that can be part of the payload
-
single-tagged vlan-id optional – accepts untagged traffic or traffic with any number of tags with a VLAN ID value in the range of 0 to 4094
-
double-tagged outer-vlan-id optional iner-vlan-id optional – accepts untagged traffic or traffic tagged with any number of tags, each with a specific value in the range of 0 to 4094
The latter two options are not allowed on the same interface at the same time.
Considerations on 7730 SXR platforms
-
single-tagged vlan-id 1 to 4094 – accepts tagged traffic with only one tag, whose value is the specified VLAN ID (no more than one tag is accepted in this subinterface)
-
single-tagged vlan-id optional – accepts untagged traffic or traffic tagged with a maximum of one tag with a VLAN ID value in the range of 0 to 4094
-
single-tagged vlan-id any – accepts frames with only one tag, with a VLAN ID value in the range of 0 to 4094
-
double-tagged outer-vlan-id 1 to 4094 inner-vlan-id any – accepts only QinQ frames with the specified VLAN ID value in the outer tag and an inner tag with any VLAN ID value in the range of 0 to 4094
-
double-tagged outer-vlan-id optional inner-vlan-id optional – accepts untagged traffic or tagged traffic with any number of tags and VLAN ID values