Forum Discussion

dragonflymr's avatar
dragonflymr
Icon for Cirrostratus rankCirrostratus
May 22, 2017

BIG-IP VE and tagged VLANs with identical tag

Hi,

 

For some project I would like to set up two tagged VLANs each using different interface but the same tag. Seems to be impossible - at least using VE, it's reporting error about customer_tag set to none.

 

So QinQ is not supported on VE (tested on v13).

 

However I really do not need QinQ just two VLANs with same tag, each VLAN assigned to different Route Domain.

 

I know that Route Domain is L3 object not L2 but still it should be possible.

 

But obviously it's not - or maybe there is a way to create such setup?

 

My goal is to be able to use VS configured on BIG-IP as member of the pool configured on the same BIG-IP.

 

As far as I know usually it's not possible and iRule (or Local Traffic Policy) has to be created with VIP-targeting-VIP.

 

If however you have setup like that it's possible without above condition:

 

  • VLAN1 - SelfIP: 198.100.100.1/27, Route Domain 0
  • VLAN2 - SelfIP: 198.100.100.31%100/27, Route Domain 100
  • VS - 198.100.100.15%100:80 - defined in Route Domain 100
  • Pool - member: 198.100.100.15 - defined in Route Domain 0
  • Route Domain 100 with:
    • Strict Isolation: Disabled
    • Parent Domain: 0

All working fine when VLAN1 and VLAN2 are untagged. But I would like to use same interfaces for different traffic separated in VLANs.

 

So I would need VLAN1 tagged 100, VLAN2 tagged 100 etc.

 

And this seems not be possible even if both VLANs are assigned to different Route Domains.

 

Any solution for that? Of course except of having external device (let's say transparent one) that is accepting traffic with tag 100 on one interface (connected to BIG-IP interface 1.1 used by VLAN1) and sending it out with tag changed to 101 (tag used by BIG-IP VLAN2 assigned to interface 1.2).

 

Or maybe it's possible on hardware appliance that supports QinQ - I am really not an expert how QinQ works.

 

Then each VLAN will use different tag and BIG-IP will have no issue with config - but it is quite complicated solution :-(

 

Piotr

 

No RepliesBe the first to reply