diff --git a/modules/nw-sriov-about-qinq.adoc b/modules/nw-sriov-about-qinq.adoc index d753934394..af94f031f6 100644 --- a/modules/nw-sriov-about-qinq.adoc +++ b/modules/nw-sriov-about-qinq.adoc @@ -11,7 +11,13 @@ In traditional VLAN setups, frames typically contain a single VLAN tag, such as QinQ facilitates the creation of nested VLANs by using double VLAN tagging, enabling finer segmentation and isolation of traffic within a network environment. This approach is particularly valuable in service provider networks where you need to deliver VLAN-based services to multiple customers over a common infrastructure, while ensuring separation and isolation of traffic. -image::693_OpenShift_QinQ_SR-IOV_CNI_0624.png[QinQ] +The following diagram illustrates how {product-title} can use SR-IOV and QinQ to achieve advanced network segmentation and isolation for containerized workloads. + +The diagram shows how double VLAN tagging (QinQ) works in a worker node with SR-IOV support. The SR-IOV virtual function (VF) located in the pod namespace, `ext0` is configured by the SR-IOV Container Network Interface (CNI) with a VLAN ID and VLAN protocol. This corresponds to the S-tag. Inside the pod, the VLAN CNI creates a subinterface using the primary interface `ext0`. This subinterface adds an internal VLAN ID using the 802.1Q protocol, which corresponds to the C-tag. + +This demonstrates how QinQ enables finer traffic segmentation and isolation within the network. The Ethernet frame structure is detailed on the right, highlighting the inclusion of both VLAN tags, EtherType, IP, TCP, and Payload sections. QinQ facilitates the delivery of VLAN-based services to multiple customers over a shared infrastructure while ensuring traffic separation and isolation. + +image::693_OpenShift_QinQ_SR-IOV_CNI_0624.png[alt="Diagram showing QinQ (double VLAN tagging)"] The {product-title} SR-IOV solution already supports setting the VLAN protocol on the `SriovNetwork` custom resource (CR). The virtual function (VF) can use this protocol to set the VLAN tag, also known as the outer tag. Pods can then use the VLAN CNI plugin to configure the inner tag.