What are the high-level differences between 802.1Q and 802.1AD (QinQ) VLAN Protocols?

What the heck is the difference here?

What are the high-level differences between 802.1Q and 802.1AD (QinQ) VLAN Protocols?
Photo by Christian Stahl / Unsplash

Alrighty folks, ready for a pretty specific (and perhaps obscure) topic? Grab some coffee and let's compare some VLAN protocols: 802.1Q vs 802.1AD

  • 802.1Q (the original VLAN tagging spec)
    • This is the fundamental standard for creating and managing VLANs on an Ethernet network. It allows a single physical Ethernet network to be logically segmented into multiple broadcast domains (VLANs).
    • It works by inserting a 4-byte "tag" into the Ethernet frame header between the Source MAC address and the EtherType/Length fields.
    • The tag itself is very important and has different data inside it (a protocol identifer and tag control information). In particular, there's a place to identify the VLAN itself (the aptly named VLAN Identfier - VID).
    • The VID has a size limit of 12-bits.
      • Mathematically speaking, that gives it up to 4096 possible values but two of the numbers are reserved – VIDs 0 and 4095).
      • So realistically, 802.1Q can identify up to 4094 unique VLANs.

Normally, 4094 VLANs would be more than enough for an enterprise network right? Well, yeah, but what if we have a much bigger network? (I'm looking at you, Metro Ethernet and Service Provider networks... 😄). That's where 802.1AD comes in.

  • 802.1AD (QinQ / VLAN Stacking)
    • This is an amendment to 802.1Q and is designed to address the limitations of 802.1Q; more specifically, a need from service providers to carry customer VLANs transparently over backbone networks.
    • As you can imagine, these provider network could be MASSIVE. Waaaaaaay more than 4094 segments.
    • Basically, this protocol adds a second 802.1Q tag to an already 802.1Q-tagged frame. This creates a "tag stack" (hence the nickname "QinQ" as a reference to 802.1Q-in-802.1Q).
    • The outer tag is a "S-Tag" (service provider tag).
    • The inner tag is a "C-Tag" (customer tag)
    • By stacking the two 12-bit tags, we basically get VLAN space up to 4094 x 4094. That's 16,752,196 potential VLAN combinations. Yeah, quite a bit more breathing room, wouldn't ya say? 😉

So what does all this mean? For most consumer/enterprise uses cases, it's fine to stick with the original standard. The only time 802.1AD would be necessary is for much much MUCH bigger networks :-). It's good to know it's a possibility though.