VMware Networking Community
mffhg
Contributor
Contributor
‎05-11-2022 06:32 AM

Feature Request: QinQ support for NSX-T

Hi all,

we would like to connect not only 802.1Q-VLANs to our Segments, Layer 2 Bridges, T0- or T0-VRF-Interfaces, but also 802.1AD (QinQ).

Are there any chances to see this feature in a future NSX-T release?

Kind regards

 

 

 

 

 

Labels (3)
Labels
0 Kudos
5 Replies
engyak
Enthusiast
Enthusiast
‎05-14-2022 08:45 AM

Hello,

This probably isn't the avenue for feature requests. That being said, Q-in-VNI is supported currently, which may meet your needs. Given the design pattern, carrier-level trunking (layer 2) between agnostic devices is probably not going to be high on the priority list. NSX prefers that you provide that via an appliance + bridge or Layer 3 to contain the potential problems it might cause.

  • vn-segments containing 802.1q tags are supported
  • Edge Bridges have the ability you described, by creating a vn-segment and bridging it with an outside VLAN.
  • Sub-sub-interfaces in T0 VRF are configurable on both VNI and VLAN segments (but they aren't on regular Tier-0s). Check out the "Access VLAN ID" below:

engyak_0-1652542894100.png

Hope this helps. 802.1ad (as opposed to Q-in-VNI) is not super likely to be implemented outside of these fairly strict constraints - I wouldn't hold my breath for some kind of standards-compliant epipe solution.

0 Kudos
mffhg
Contributor
Contributor
‎05-16-2022 01:08 AM

Thanks for reply. 

If this is not the place to drop a feature request, where can we place it ? Q in VNI  is not  the feature we are looking for.

 

Q in VNI  (which is a tagged layer 2 frame compliant to 802.1Q encapsulated in a geneve VNI)  is not  Q in Q (which is a  simply said a VLAN in a VLAN as described in 802.1AD).

 

We would like to connect the following things to our switches, but not via 802.Q enabled switchports, but via 802.1AD enabled  switchports.

- T0-gateway

- T0-VRF-gateway

- Layer 2 bridges

- Segments 

 

 

0 Kudos
engyak
Enthusiast
Enthusiast
‎05-22-2022 10:15 AM

Hello,

I apologize, it took me a bit longer to test this out. Q-in-Q appeared to be configurable but did not work (vDS is blocking, I believe). Oddly enough, Q-in-Q works on a vDS port-group, but only via the memory bus and not via hairpinning.

I'd ping your VMware account rep to get the process started. I'll ask around as well, but it will hold more weight if you work through your account team as well.

Sorry I didn't have a more pleasant answer!

0 Kudos
mffhg
Contributor
Contributor
‎05-23-2022 03:46 AM


How did you configured QinQ? Or what have you done to think that you configured QinQ? 

We already had a call with our account executive, a lead NSX solution engineer and a principal solution engineer about this topic and we were told that 802.1AD is currently not supported in VMware vSphere or NSX. The principal solution engineer aggreed that this  would be a nice feature.

 

0 Kudos
engyak
Enthusiast
Enthusiast
‎05-23-2022 02:20 PM

NSX appears to allow Q-in-X - but the feature was for pruning inside of a list of 802.1q trunked VLANs and not 802.1ad.

I attempted to configure Q-in-Q, and discovered that vDS will block out or strip any packets that have a 2nd 802.1q header when leaving the host. The packets don't even leave the host. This indicates that vDS is chopping up the tags and re-applying to them, and that support for that feature would have to be added to vDS in addition to NSX.

I apologize if that was in any way unclear, the short answer is that I tested it and it didn't work. NSX-T appeared to provide the capability via the "Access VLAN" feature, and worked for Q-in-VNI, so I tested it and it did not produce the desired result - the feature under an 802.1q port-group only allows for the selection of an S-VLAN/Outer tag. 

Those guys should be able to submit an FR for you.

0 Kudos