SDN QinQ Range with Other Clusters

[proxy]

Hello

I'd like to clarify something regarding SDN specifically with QinQ.

Two clusters. The Zone is set to use Service VLAN 400 on both Clusters. Both clusters share the same physical networks.

Each cluster uses their own SDN range e.g.

Cluster 1: 300-400
Cluster 2: 500-600

- What is the min/maximum of the SDN range with QinQ? The usual 1-4094 in both inner and outer?
- Is the SDN local to each cluster or could it possibly conflict with another VM if two different VMs are set to e.g 600 on both clusters, or would they join since the same outer VLAN 400 is used on both clusters?
- Is there any risk of host/network level VLAN conflict ? ie. if there is a Network VLAN of 600 and SDN VM also uses 600 - is there a risk of conflict or can this be safely ignored and SDN considered entirely separate ?

 

[shanreich]

- What is the min/maximum of the SDN range with QinQ? The usual 1-4094 in both inner and outer?

Yes, it's just VLAN Tags in both cases.

- Is the SDN local to each cluster or could it possibly conflict with another VM if two different VMs are set to e.g 600 on both clusters, or would they join since the same outer VLAN 400 is used on both clusters?

If they share the same underlying network, then yes. SDN isn't doing anything special - it's just configuring QinQ as specified in 802.1ad [1]

- Is there any risk of host/network level VLAN conflict ? ie. if there is a Network VLAN of 600 and SDN VM also uses 600 - is there a risk of conflict or can this be safely ignored and SDN considered entirely separate ?

Yes, because it is just tagging VLANs. If you tag the same VLAN on the Host and the VM then they are able to communicate.


[1] https://de.wikipedia.org/wiki/IEEE_802.1ad

 

[proxy]

Thank you for your response.

Yes, because it is just tagging VLANs. If you tag the same VLAN on the Host and the VM then they are able to communicate.

To be sure: SDN is not to be considered private/isolated and a SDN VNets Tag (QinQ) can conflict with other VLANs on the same physical network?

e.g.

QinQ Service VLAN 400 - created on physical port
VNet Tag: 300
..but on the same physical port is also VLAN 300 for other networks

Does the above = conflict and they will see each other?

 

[shanreich]

To be sure: SDN is not to be considered private/isolated and a SDN VNets Tag (QinQ) can conflict with other VLANs on the same physical network?

QinQ contains two VLAN tags: outer & inner. If you use the same VLAN Tags as somewhere else in the network, then yes the packets are visible. SDN isn't doing some custom magic, it's just setting the VLAN Tags as you tell it to - the same as if you set it on a switch or with vanilla Linux network configuration.

QinQ Service VLAN 400 - created on physical port
VNet Tag: 300
..but on the same physical port is also VLAN 300 for other networks

Not sure I understand correctly. But if you set the outer tag to 400 and the inner tag to 300, then no you cannot see packets with outer tag 300.

 

[proxy]

Not sure I understand correctly. But if you set the outer tag to 400 and the inner tag to 300, then no you cannot see packets with outer tag 300.

Perfect, thank you