See https://github.com/REANNZ/faucet/pull/517/commits/117ed988c8d42dab7e2ce2d154d520b1fd79810e for caveats.
- rule: dl_dst: "01:02:03:04:05:06" actions: output: dl_dst: "06:06:06:06:06:06" vlan_vids: [123, 456] port: acloutport
Why is this useful? Apart from being a tunneling mechanism, it also allows you add metadata to a packet for a downstream NFV application. For example, you might push an additional VLAN header onto a packet, based on an ACL entry that identifies a particular user or application known to match the ACL conditions.
In particular, you could also push a VLAN representing the input port number, on top of another header that tells you the input VLAN. For example, an ACL could tag a packet on untagged VLAN 100, on port 2, with VLAN 100, then VLAN 2 (so that a "mirroring" application can know what VLAN and port the packet came from).
In the future, FAUCET will make more use of this design pattern as an alternative to packet in. It will be able to alternatively use PBB or MPLS labels in a similar way.