VLAN vs QinQ vs VXLAN: Which Virtual LAN Technology Wins?

VLAN (Virtual Local Area Network) technology allows users to communicate without distance or physical location constraints, greatly simplifying network management.

However, as devices and users grow massively, the limited scalability of a maximum of 4094 VLANs and low link utilization make VLAN insufficient for expanding networks, leading to the emergence of VXLAN (Virtual Extensible LAN) and QinQ technologies.

This article explains and compares these three technologies.

Overview

VLAN

VLAN divides a network into multiple broadcast domains; users within each domain can communicate freely. Connecting different VLANs requires understanding VLAN tagging and inter‑VLAN routing.

VLAN tagging adds a special tag to frames when they pass through a VLAN trunk port, enabling frames from different VLANs to cross. One common method is IEEE 802.1Q.

QinQ

QinQ, also called stacked VLAN or double VLAN, is standardized by IEEE 802.1ad and encapsulates VLAN tags in two layers—an internal tag for the private network and an external tag for the public network.

With many users, a large number of VLAN IDs are needed. Traditional IEEE 802.1Q tagging cannot identify and isolate users in expanding metro‑Ethernet, so QinQ extends VLAN numbers to 4096 × 4096, effectively preserving public VLAN IDs.

QinQ packet format is fixed.

Typically, an 802.1Q‑tagged packet is encapsulated in another 802.1Q tag, which is why it is called “QinQ”.

During transmission, packets are forwarded based on the external VLAN tag on the public network, while the internal VLAN tag is also carried, adding four bytes compared to ordinary 802.1Q packets.

QinQ has two implementations: basic QinQ and selective QinQ.

Basic QinQ is port‑based tagging. When a packet arrives at an interface with VLAN VPN enabled, the switch tags it with its default VLAN tag regardless of whether it was already tagged; the result may be a double‑tagged or single‑tagged packet.

Flexible QinQ retains basic QinQ functions but adds flexibility: it can identify the internal VLAN tag based on MAC address, IP protocol, source IP, and VLAN tag, then decide which tag to add.

VXLAN

VXLAN (Virtual Extensible LAN) provides a Layer‑2 overlay over a Layer‑3 network by encapsulating MAC‑in‑UDP packets.

In simple terms, VXLAN offers the same services as VLAN but with far greater scalability and flexibility. Like QinQ, VXLAN packets have a relatively fixed format.

VXLAN header: a 24‑bit VNID identifies the Layer‑2 segment and maintains isolation; the 24‑bit space allows up to 16 million LAN segments.

External UDP header: the VXLAN Tunnel Endpoint (VTEP) assigns a source port; the destination port is usually UDP 4789.

External IP header: contains the source IP address of the VTEP associated with the internal frame source.

External Ethernet header: contains the source MAC address of the VTEP associated with the internal frame source.

Differences

VLAN has been used for Layer‑2 isolation, flooding control, and as a routing interface, and its features are now supported by most switches, routers, and firewalls. This comparison focuses mainly on VLAN tagging, which is essential for inter‑VLAN communication.

VLAN tagging uses IEEE 802.1Q or ISL to tag frames, resulting in a single tag per frame.

Compared with VLAN, QinQ is more flexible: it can selectively add tags to incoming frames, and the external VLAN tag solves VLAN‑ID limitations. Unique internal tags avoid conflicts between dedicated and public VLAN IDs, providing a simple Layer‑2 VPN solution for enterprises of any size.

Note: VLAN belongs to the public network.

VXLAN provides similar functions to QinQ but operates at a higher scalability layer.

VXLAN expands Layer‑2 networks by encapsulating packets in MAC‑in‑UDP, greatly extending Layer‑2 reach. With cloud computing growth, tenant demands for network construction—especially virtual data centers—have increased, raising the need for extensive Layer‑2 networks.

MAC‑in‑UDP supports a 24‑bit VNI, allowing data centers to host multiple tenants and break physical distance and deployment constraints, which explains VXLAN’s rising popularity in cloud and virtualized data centers.

However, VXLAN is more expensive and complex than VLAN or QinQ, and not all VLAN switches support it.

Conclusion

As VLAN technology and Layer‑2/3 networks evolve rapidly, more advanced network management techniques will emerge. Like QinQ and VXLAN, not all technologies are created equal; each was designed to solve specific problems and will bring greater convenience to today’s and future networks.