VLAN Mapping

VLAN Mapping provides a mechanism for Service Providers to translate CVLANs to SVLANs when a packet enters its network and vice-versa, when it leaves the network.

VLAN translation is enabled on a per-port basis, where a CVLAN is mapped to an SVLAN. The CVLAN tag in the packet is replaced with the configured SVLAN tag within the service provider network. When the packet leaves the service provider network, the SVLAN tag in the packet egressing will be replaced with the CVLAN tag.

Note: This is different from Q-in-Q because we do not double tag; instead, we replace the VLAN tag.

Typically, the same VLAN mapping configuration(s) must be done for all the edge ports to the same customer. This feature is supported on all the existing ICX hardware platforms. VLAN Mapping is not supported on PE ports.

Basic VLAN mapping deployment

The above figure depicts a typical VLAN mapping deployment.
Figure 1. VLAN Mapping

Customer A runs on VLAN 2 and VLAN 3. The service provider maps customer A’s VLAN 2 and VLAN 3 to service provider’s VLAN 200 and VLAN 300 respectively. This mapping is done on both edge ports on the service provider’s network, where the customer network is connected.

Similarly, Customer B runs on VLAN 2, VLAN 3 and VLAN 4. The service provider maps customer A’s VLAN 2, VLAN 3 and VLAN 4 to service provider’s VLAN 20, VLAN 30 and VLAN 40 respectively. This mapping is done on both edge ports on the service provider’s network, where the customer network is connected.

So, within the service provider network, traffic on VLANS 200 and VLAN 300 signifies traffic for Customer A and traffic on VLANs 20, VLAN 30, and VLAN 40 signifies traffic for Customer B.

VLAN mapping configuration

The VLAN mapping is enabled using the vlan-mapping command. Execute the following steps to configure VLAM mapping.

  1. Enter the global configuration mode.
    device#configure terminal 
  2. Navigate to the interface on which VLAN mapping needs to be enabled.
    device(config)# interface ethernet <stack id/slot/port>
    device(config-if)#vlan-mapping cvlan <vlan list> svlan <svlan_id>
    
  3. If the port is not a member of the above specified SVLAN ID, execute the following command to add the port as a tag member of the SVLAN.
    device(config-if)# vlan-config add <svlan_id>
    
    Alternatively, you can go to the VLAN configuration mode and add the port as member of that VLAN.
    device(config)#vlan 2
    device(config-vlan-2)#tagged ethernet <stack id/slot/port>
    
    To view the VLAN mapping configuration, run the show vlan-mapping brief command. A sample output is as follows.
    device#show vlan-mapping brief
       Total number of vlan(s) mapped: 30
       Total number of HW resource used: 50
       vlan-mapping enabled port(s): 1/1/33 1/1/34 lg10
    
Each port can have one or more VLAN mappings. If a packet reaches the port with a VLAN tag for which there is no mapping present, the packet flows through the service provider network, unmapped. If the network provider wants to restrict this behavior and wants all unmapped packets to be dropped, use the following configuration.
  device(config-if)# vlan-mapping default drop

VLAN mapping considerations

  • VLAN mapping is not supported in untagged port.
  • CVLAN to SVLAN mapping is always one to one and exclusive for each interface. This means, on a specific interface for a specific CVLAN, there can only be one SVLAN mapped and vice versa. On an interface, more than one CVLANs cannot be mapped to the same SVLAN, and the same CVLAN cannot be mapped to more than one SVLANs.
  • Both network start point and end point interfaces must have the same vlan-mapping configuration for translating CVLANs to SVLAN and vice versa.
  • If incoming customer traffic is already double tagged, then the mapping is done on the outer tag.
  • Tag profile shall not be used in conjunction with vlan-mapping on an interface. This means, the interface on which VLAN-mapping is enabled must not be enabled for tag profile. The default tag in the packet should be 8100, if it should be considered for VLAN mapping.
  • If global spanning tree is enabled on the box, on ports where VLAN-Mapping is enabled, no-span should be enabled.
  • Vlan mapping feature can't coexist with following features - pms, pvlan, selective qinq, tag-profile based qinq & Dot1x.
  • For all forwarding (L2, L3 and other pipelines in packet processor) and L3 purposes, SVLAN is used.

Scaling considerations

The maximum number of C-VLAN to S-VLAN mapping per port limit is 10. The following table highlights the maximum number of VLAN mappings which can be configured in a system.

Table 1. Maximum number of VLAN mappings per device
Platform Total number of VLAN mappings that can be configured in the system
ICX 7850 1024
ICX 7650 1024
ICX 7450 1024
ICX 7250 1024
ICX 7150 1024

A maximum 10 VLAN mappings can be configured on an interface. However, a typical deployment scenario will need only two or three VLAN mappings per interface. The number of VLAN mapping on a lag is equal to number of member ports multiplied by the number of CVLANs mapping configured on the lag interface. For example, if a lag has 6 ports and 10 CVLANs are mapped to the SVLAN, the total number of mappings is considered as 60.

Note: These values are based on the hardware capabilities.