Hybrid Unbonded Mode¶
In Hybrid Unbonded mode one network interface is removed from the Layer 3 bond and placed in Layer 2 mode. VLANs can then be assigned to this interface for Layer 2 connectivity while preserving the Layer 3 connectivity, so the server can still be accessed via the public IP.
Although this is desirable in some situations, it introduces a single point of failure either on the upstream switch or the network interface. An outage, maintenance event, or reboot on either one of the switches will cause network interruptions.
If you have high-availability concerns, the Hybrid Bonded mode supports both Layer 2 and Layer 3 while maintaining the highly available “bonded” networking interface that spans 2 diverse upstream switches. However, Hybrid Bonded mode is only available in Equinix IBX locations. If you are in the legacy Equinix Metal data centers, then you will be limited to using Hybrid Unbonded mode.
Converting to Hybrid Unbonded Mode¶
Hybrid Unbonded mode removes the eth1 interface from the LACP bond, allowing you to add Layer 2 VLANs to eth1 while preserving the elastic IPs assigned to the bonded Layer 3 interface.
In order to use Hybrid Unbonded mode, you must first change your networking configuration to Hybrid mode. In the console, navigate to the server's Network tab, click Convert To Other Network Type, select Hybrid, and choose Unbonded. Click Convert to Hybrid to make the changes.
Then, from the server's Network page, click Add New VLAN. Choose eth1 as the interface and select the Virtual Network ID (VNID, or VLAN ID) you wish to use.
To assign multiple VLANs at once, keep adding VLANs from the drop-down. Note that if you assign multiple VLANs at once, they are added through an asynchronous batch process, which begins immediately, but may take some time to complete.
First, remove the eth1 port from the bonded network interface with the metal port convert command. The use the UUID of the eth1 port as the --port-id and set its --bonded state to false.
metal port convert --port-id <eth1_id> --bonded=false
Then, assign a VLAN to eth1 with the metal port vlan command. Specify the UUID of eth1 for the --port-id and the VLAN that you are assigning to --assign.
metal port vlan --port-id <eth1_id> --assign <VLAN_id>
The VLAN_id can be either the VLAN's UUID or the VLAN ID number that is in the console.
First, you will need to remove eth1 from the bond. Send a POST request to the /ports/{id}/disbond endpoint.
You have to specify the port ID of eth1 in the path, and it needs to be the UUID for that port as returned by the /devices/{id} endpoint.
Set the bulk_disable field to false in the body of the request.
curl -X POST -H "Content-Type: application/json" -H "X-Auth-Token: <API_TOKEN>" "https://api.equinix.com/metal/v1/ports/{id}/disbond" -d '{"bulk_disable": false}'
Then, you need to assign your VLAN to eth1. Send a POST request to the /ports/{id}/assign endpoint.
The ID of the VLAN is sent in the body of the request, and it can be either the VLAN's UUID as returned by the /projects/{id}/virtual-networks endpoint or the VLAN ID that is in the console.
curl -X POST -H "Content-Type: application/json" -H "X-Auth-Token: <API_TOKEN>" "https://api.equinix.com/metal/v1/ports/{id}/assign" -d '{"vnid": "1173"}'
It is also possible to assign VLANs to a port in bulk, as part of an asynchronous batch process. Send a POST request to the /ports/{id}/vlan-assignments/batches endpoint an array of VLAN assignments in the body of the request.
curl -X POST \
-H "Content-Type: application/json" \
-H "X-Auth-Token: <API_TOKEN> " \
"https://api.equinix.com/metal/v1/ports/{id}/vlan-assignments/batches" \
-d '{
"vlan_assignments": [
{
"vlan": "string",
"state": "assigned"
},
{
"vlan": "string",
"state": "assigned"
},
]
}'
Configuring Your Servers¶
Once you have converted the server to Hybrid Unbonded mode and assigned the VLAN to the interface, you will need to configure the networking on the server's operating system to use the VLAN now assigned eth1. The procedure varies slightly by operating system.
There are two example configurations, the first example is a configuration for assigning a single VLAN to eth1, the second example is for assigning multiple VLANs to eth1.
For a Single VLAN¶
If only one VLAN is enabled on a port, packets are untagged. This means that the server's network configuration does not need to be VLAN-aware.
-
Make sure
eth1has been removed frombond0:cat /sys/class/net/bond0/bonding/slavesIf it hasn't been removed, remove it:
echo "-eth1" > /sys/class/net/bond0/bonding/slaves -
Bring down the
eth1interface:sudo ifdown eth1 -
Configure
/etc/sysconfig/network-scripts/ifcfg-eth1on each of the servers, changing theIPADDRfield to the desired IP and network. Ensure the IP addresses are different on each server that you are attaching to the same VLAN. For example,DEVICE=eth1 ONBOOT=yes HWADDR=e4:1d:2d:11:22:33 IPADDR=192.168.1.2 NETMASK=255.255.255.0 NETWORK=192.168.1.0 BOOTPROTO=none -
Bring up the interface:
sudo ifup eth1
-
Make sure eth1 has been removed from
bond0:cat /sys/class/net/bond0/bonding/slavesIf it hasn't been removed, remove it:
echo "-eth1" > /sys/class/net/bond0/bonding/slaves -
Bring down the eth1 interface:
sudo ifdown eth1 -
Configure
/etc/network/interfaceson each server, changing the IP address to the desired IP from your chosen block. For example,auto eth1 iface eth1 inet static address 192.168.1.2 netmask 255.255.255.0 -
Bring up the interface:
sudo ifup eth1
For Multiple VLANs¶
In this scenario, IP packets that arrive at the host will have the VLAN ID populated. You will need to setup two interfaces that will receive packets destined for each VLAN.
Note: If you need support for untagged packets, you can set a native VLAN for this port, since it is not part of a bond. More information is on the Setting a Native VLAN page.
-
Install the prerequisites for VLANs:
sudo modprobe 8021q sudo echo "8021q" >> /etc/modules -
Bring down
eth1:ifdown eth1 -
Configure
/etc/sysconfig/network-scripts/ifcfg-eth1.1000and/etc/sysconfig/network-scripts/ifcfg-eth1.1001on your server.1000and1001should match the VLANs you've configured on the host in the portal or API. For example,DEVICE=eth1.1000 BOOTPROTO=none ONBOOT=yes IPADDR=192.168.1.2 PREFIX=24 NETWORK=192.168.1.0 VLAN=yes -
Restart networking:
sudo ifup eth1.1000 sudo ifup eth1.1001
-
Install the prerequisites for VLANs:
sudo apt-get install vlan sudo modprobe 8021q sudo echo "8021q" >> /etc/modules -
Bring down
eth1:ifdown eth1Note: if you don't want
eth1to come up after a reboot be sure to comment out theeth1configuration in your/etc/network/interfacesfile. -
Add the new interface to
/etc/network/interfaces.1000and1001should match the VLANs you've configured on the host in the portal/API. For example,auto eth1.1000 iface eth1.1000 inet static address 192.168.100.1 netmask 255.255.255.0 vlan-raw-device eth1 auto eth1.1001 iface eth1.1001 inet static address 172.16.100.1 netmask 255.255.255.0 vlan-raw-device eth1 -
Restart networking:
sudo ifup eth1.1000 sudo ifup eth1.1001
Testing the VLAN Connection¶
You should now be able to communicate between hosts via your virtual Layer 2 network:
root@layer2:~# ping -I eth1 192.168.1.2
PING 192.168.1.3 (192.168.1.3) from 192.168.1.4 eth1: 56(84) bytes of data.
64 bytes from 192.168.1.3: icmp\_seq=1 ttl=64 time=0.106 ms
64 bytes from 192.168.1.3: icmp\_seq=2 ttl=64 time=0.110 ms
64 bytes from 192.168.1.3: icmp\_seq=3 ttl=64 time=0.115 ms
^C
--- 192.168.1.3 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 0.106/0.110/0.115/0.009 ms
Please Note: It is not recommended to use the subnet starting with 10.x.x.x as we use this for the server's private networking and collisions could occur if you used the same private addressing as was configured on your host.
Converting Back to Layer 3¶
If you want to go back to the default Layer 3 Bonded mode, you must first remove any assigned VLANs, and then add eth1 back to the bonded interface.
To unassign a VLAN in the console, navigate to the server's Network tab. In the Layer 2 section, select the VLAN you are unassigning from the port. Click Remove.
Note that unassigning the VLAN does NOT delete it from your project. The VLAN will continue to exist after unassigning it from the port.
Then, to convert back to Layer 3, click Convert To Other Network Type, select Layer 3. Click Convert to Layer 3 to start the process.
Unassign VLANs from the eth1 interface with the metal port vlan command. Specify the UUID of eth1 for the --port-id and the VLAN that you are unassigning to --unassign.
metal port vlan --port-id <eth1_id> --unassign <vlan>
Then, return eth1 to the bond with the metal port convert command.
metal port convert -i <eth1_id> --bonded=true
To unassign a VLAN from a port, sent a POST request to the /ports/{id}/unassign endpoint.
You have to specify the port ID of eth1 in the path, and ID of the VLAN in the body of the request. It can be either the VLAN's UUID or the VLAN ID that is in the console.
curl -X POST \
-H "Content-Type: application/json" \
-H "X-Auth-Token: <API_TOKEN>" \
"https://api.equinix.com/metal/v1/ports/{id}/unassign" \
-d '{
"vnid": "1173"
}'
You can also unassign multiple VLANs from a port in bulk, as part of an asynchronous batch process. Send a POST request to the [/ports/{id}/vlan-assignments/batches]https://deploy.equinix.com/developers/api/metal/#tag/Ports/operation/createPortVlanAssignmentBatch) endpoint an array of VLAN assignments in the body of the request, and their state set to "unassigned".
curl -X POST \
-H "Content-Type: application/json" \
-H "X-Auth-Token: API_TOKEN" \
"https://api.equinix.com/metal/v1/ports/{id}/vlan-assignments/batches" \
-d '{
"vlan_assignments": [
{
"vlan": "string",
"state": "unassigned"
},
{
"vlan": "string",
"state": "unassigned"
}
]
}'
Then, you return the port to the Layer 3 bond. Send a POST request to the /ports/{id}/bond endpoint.
curl -X POST -H "Content-Type: application/json" -H "X-Auth-Token: <API_TOKEN>" "https://api.equinix.com/metal/v1/ports/{id}/bond" -d '{"bulk_enable": false}'