Q-in-Q

Q-in-Q is a technology that allows you to create multiple isolated segments within a single VLAN by adding an extra tag to the Ethernet packet header.

Q-in-Q can only be enabled for a private network. Configuring Q-in-Q in a private network is required:

for the Direct Connect service, when a trunk port is configured on the provider side;
for configuring a trunk port in VMware ESXi on a dedicated server with VMware;
for using different VLAN segments on a dedicated server where virtual servers are deployed. In this case, the dedicated server is joined to a private network with a virtual server using a global router. Tagged traffic from different VLAN segments is terminated on the global router and then routed to the virtual server.

Operating principle

All Selectel switch ports to which dedicated servers are connected are configured in Access mode.

By default, the source server sends an Ethernet packet without tags. When the packet arrives at a Selectel switch port, a tag with the private network VLAN number is added to it. This tag is used to transmit the packet within the Selectel network. Before the packet is delivered to the destination server, the VLAN tag is removed on the switch, and the server receives the original untagged Ethernet packet.

With Q-in-Q enabled, you can transmit your own Q-in-Q tag. In this case, the Q-in-Q tag is added to the Ethernet packet header as it leaves the source server and is transmitted to the destination server unchanged.

Example of Ethernet packet transmission between two dedicated servers:

Configure Q-in-Q

Enable Q-in-Q on the switch port.
Select a private subnet.
Configure network interfaces on the server.

1. Enable Q-in-Q on the switch port

When Q-in-Q is enabled, there may be a short-term downtime of the private network for servers on the selected VLAN.

Create a ticket with a request to enable Q-in-Q. In the ticket, specify:
- VLAN numbers can be viewed in the Control Panel: from the top menu, click Products → Dedicated Servers → Network → VLAN tab → VLAN column;
- pools containing VLANs can be viewed in the Control Panel: from the top menu, click Products → Dedicated Servers → Network → VLAN tab → Pool column.
Wait for a response from a Selectel employee confirming that Q-in-Q has been enabled.

2. Select a private subnet

Select an unused subnet; IP addresses from it will be used to configure network connectivity. Learn more in the Standard private IP address ranges subsection.

3. Configure network interfaces on the server

Ubuntu
Debian
CentOS
Windows

Connect to the server via SSH or a KVM console.
Open the netplan utility configuration file with the vi text editor:
```
vi /etc/netplan/01-netcfg.yaml
```

Add Q-in-Q settings for the private network interface:

...
    vlans:
      <eth_name>.<id>:
            id: <id>
            link: <eth_name>
            mtu: 1400
            addresses:
                - [<ip_address>/<mask>]

Specify:

<eth_name> — the name of the private network interface;
<id> — the Q-in-Q tag; you can specify a number from 2 to 4094;
<ip_address> — an IP address from the new private subnet;
<mask> — the subnet mask.

Example of the netplan utility configuration file

network:
    version: 2
    renderer: networkd
    ethernets:
        eth0:
            addresses: [203.0.113.0/24]
            gateway4: 203.0.113.1
            nameservers:
                addresses: [198.51.100.1,198.51.101.1]
        eth1:
            addresses: [192.168.0.2/24]
...
    vlans:
        eth1.40:
            id: 40
            link: eth1
            mtu: 1400
            addresses:
                - [10.0.0.15/24]

Press ESC.
Exit the vi text editor with your changes saved:
```
:wq
```
Apply the configuration:
```
netplan apply
```
Optional: reboot the server.