OUCS can offer transparent LAN services which preserve and extend a Unit's virtual LAN (VLAN) groupings and associated access privileges across the university backbone network. This is achieved with 802.1Q Tunnelling (also called 802.1Q-in-Q).
OUCS can allocate each unit a second VLAN, with no routed interface – a 'switched' VLAN. This is presented at your main site and any annexe sites you nominate. Many Units have this in place already. Usually you send your main VLAN as un-tagged traffic down this switched VLAN, enabling you to have a common subnet across your main site and annexes. The traffic has an 802.1Q tag added while it's inside the university backbone network to keep it separate from other Units' traffic. However the limitation is that only one VLAN can ever be sent between your sites.
If you would like to discuss this feature or request that we enable it for you, please contact firstname.lastname@example.org
2. Technical Details
When Q-in-Q tunnelling is enabled, the software adds an extra 802.1Q tag to your traffic at the ingress port of the switch (usually FroDo) at the edge of our network – regardless of whether or not it is already tagged. When the traffic leaves the egress port and enters another point in your network, the extra tag is removed.
802.1Q-in-Q tunnelling allows all of your configured VLANs to be aggregated and backhauled over this single Backbone VLAN, which is a scalable solution. Without Q-in-Q, OUCS would have to assign a unique VLAN ID number to each of your individual VLANs which are required at more than one site this would rapidly consume the 4094-ID VLAN space supported by IEEE 802.1Q technology. In this way, encapsulating multiple 802.1Q VLANs into a single Backbone 802.1Q VLAN (hence the name, “Q in Q”) makes it possible for you to have up to 4094 VLANs present across your sites.
4. Layer 2 control plane traffic
Please note, we are considering withdrawing Layer 2 Protocol Tunnelling as it has lead to many issues. Please do not rely on it remaining available. This feature enables protocols which use a special multicast address to send traffic to adjacent devices only (such as STP, CDP etc) to pass these frames to devices which are not physically adjacent. However, with this feature enabled 'MAC flaps' are far more common in the backbone. This leads to packet loss for you and creates troubleshooting issues for us. In cases where we disable L2Protocol Tunnelling but leave Q-in-Q enabled, will will also filter BPDUs at the tunnel endpoints to prevent a large spanning-tree from forming across both your main site and annexe VLANs in the university backbone.
There are several issues which we will hope to address in the next iteration of the backbone by providing an alternative solution.
In order to mitigate the risk of anomalous behaviour we require the following:
 If and only if you are connecting to a 801.1Q tunnel.