Router-on-a-Stick

Operating BNG and router on the same interface using QinQ VLANs.

Overview

Router-on-a-Stick mode allows the BNG and upstream router to share the same physical interface, separated by QinQ VLANs.

Architecture

Upstream Network
       │
       │ (Outer VLAN 100)
       │
   ┌───┴───┐
   │ eth0  │
   └───┬───┘
       │
       ├─ eth0.100 (Management/Router)
       │
       └─ eth0.100.200 (Subscriber VLAN 200)
       └─ eth0.100.201 (Subscriber VLAN 201)
       └─ eth0.100.202 (Subscriber VLAN 202)

Configuration

Management Interface

Management must be on a separate interface (e.g., eth0) in the management VRF:

interfaces:
  management: "eth0"
  subscriber_trunk: "eth1"
  upstream: "eth2"

Demux Configuration

Configure demux to use outer VLAN 100:

demux:
  enabled: true
  profiles:
    - name: "residential"
      trunk_interface: "eth1"
      outer_vlans: [100]
      stag_range: "200-299"
      ctag_range: "1-4094"

Router Configuration

Router connects on outer VLAN 100:

eth1.100 → Router (upstream)
eth1.100.200 → Subscriber VLAN 200
eth1.100.201 → Subscriber VLAN 201

VLAN Hierarchy

Physical Interface: eth1
├─ Outer VLAN 100 (S-Tag, 802.1ad)
│  ├─ Inner VLAN 200 (C-Tag, 802.1Q) → Subscriber VLAN
│  ├─ Inner VLAN 201 (C-Tag, 802.1Q) → Subscriber VLAN
│  └─ Inner VLAN 202 (C-Tag, 802.1Q) → Subscriber VLAN
└─ (Router on eth1.100)

Interface Naming

Interfaces are named with full VLAN hierarchy:

eth1.100.200  (trunk=eth1, outer=100, stag=N/A, ctag=200)
eth1.100.201  (trunk=eth1, outer=100, stag=N/A, ctag=201)

Routing

Subscriber Routes

Subscriber routes are advertised via BGP:

abng> show bgp

Management Routes

Management traffic uses management interface (eth0):

ip route show

Advantages

Single Physical Link — Reduces cabling
Scalable — Supports thousands of subscriber VLANs
Flexible — Easy to add/remove subscriber VLANs
Isolated — Management and subscriber traffic separated

Disadvantages

Complexity — Requires careful VLAN planning
Performance — Single link may become bottleneck
Redundancy — Single point of failure

Best Practices

Separate Management — Always use separate management interface
VLAN Planning — Allocate VLAN ranges carefully
Monitoring — Monitor link utilization
Redundancy — Use LAG for redundancy
Documentation — Document VLAN allocation

Troubleshooting

Subscriber VLANs Not Created

Check outer VLAN is correct:

abng> show configuration | match outer_vlans

Check trunk interface is up:
```
ip link show eth1
```

Check for matching packets:

tcpdump -i eth1 -e 'ether[12:2] == 0x88A8'

Router Not Reachable

Check router VLAN interface:
```
ip link show eth1.100
```
Check routing:
```
ip route show
```
Check firewall:
```
sudo ufw allow from 10.255.0.254
```

Next Steps

VRF Steering — VRF-based traffic steering
Custom Overhead Profiles — Overhead tuning

Overview​

Architecture​

Configuration​

Management Interface​

Demux Configuration​

Router Configuration​

VLAN Hierarchy​

Interface Naming​

Routing​

Subscriber Routes​

Management Routes​

Advantages​

Disadvantages​

Best Practices​

Troubleshooting​

Subscriber VLANs Not Created​

Router Not Reachable​

Next Steps​