Skip to main content
Equinix Deploy

Hybrid Unbonded Mode

In Hybrid Unbonded mode one network interface is removed from the Layer 3 bond and placed in Layer 2 mode. VLANs can then be assigned to this interface for Layer 2 connectivity while preserving the Layer 3 connectivity, so the server can still be accessed at its public IP address.

Hybrid Unbonded Diagram

Although this is desirable in some situations, it introduces a single point of failure either on the upstream switch or the network interface. An outage, maintenance event, or reboot on either one of the switches will cause network interruptions.

If you have high-availability concerns, the Hybrid Bonded mode supports both Layer 2 and Layer 3 while maintaining the highly available “bonded” networking interface that spans 2 diverse upstream switches.

General Overview

  • Hybrid Unbonded Mode breaks eth1 out of the bond, and Layer 3 traffic will no longer flow over eth1.
  • You can then add VLANs to eth1 for your Layer 2 traffic. If you are only adding one VLAN to eth1, traffic can not be tagged.
  • If you are adding more than one VLAN to eth1, you will need to create subinterfaces to handle tagged traffic for each VLAN and/or you have to set a Native VLAN to handle untagged traffic.
  • bond0 will continue to handle your Layer 3 traffic, and Internet access is preserved through your Equinix Metal assigned public IP address.
  • If you add VLANs to bond0, you will need to create subinterfaces to handled tagged traffic for each VLAN. bond0 does not support untagged Layer 2 traffic or setting a Native VLAN.

Converting to Hybrid Unbonded Mode

Hybrid Unbonded mode removes the eth1 interface from the LACP bond, allowing you to add Layer 2 VLANs to eth1 while preserving the elastic IPs assigned to the bonded Layer 3 interface.

In order to use Hybrid Unbonded mode, you must first change your networking configuration to Hybrid mode. In the console, navigate to the server's Network tab, click Convert To Other Network Type, select Hybrid, and choose Unbonded. Click Convert to Hybrid to make the changes.

Converting to Hybrid Unbonded mode options panel

Then, from the server's Network page, click Add New VLAN. Choose eth1 as the interface and select the Virtual Network ID (VNID, or VLAN ID) you wish to use.

Adding a VLAN to eth1

To assign multiple VLANs at once, keep adding VLANs from the drop-down. Note that if you assign multiple VLANs at once, they are added through an asynchronous batch process, which begins immediately, but may take some time to complete.

First, remove the eth1 port from the bonded network interface with the metal port convert command. The use the UUID of the eth1 port as the --port-id and set its --bonded state to false.

metal port convert --port-id <eth1_id> --bonded=false

Then, assign a VLAN to eth1 with the metal port vlan command. Specify the UUID of eth1 for the --port-id and the VLAN that you are assigning to --assign.

metal port vlan --port-id <eth1_id> --assign <VLAN_id>

The VLAN_id can be either the VLAN's UUID or the VLAN ID number that is in the console.

First, you will need to remove eth1 from the bond. Send a POST request to the /ports/{id}/disbond endpoint.

You have to specify the port ID of eth1 in the path, and it needs to be the UUID for that port as returned by the /devices/{id} endpoint.

Set the bulk_disable field to false in the body of the request.

curl -X POST \
-H "Content-Type: application/json" \
-H "X-Auth-Token: <API_TOKEN>" \
"https://api.equinix.com/metal/v1/ports/{id}/disbond" \
-d '{
    "bulk_disable": false
}'

Then, you need to assign your VLAN to eth1. Send a POST request to the /ports/{id}/assign endpoint.

The ID of the VLAN is sent in the body of the request, and it can be either the VLAN's UUID as returned by the /projects/{id}/virtual-networks endpoint or the VLAN ID that is in the console.

curl -X POST \
-H "Content-Type: application/json" \
-H "X-Auth-Token: <API_TOKEN>" \
"https://api.equinix.com/metal/v1/ports/{id}/assign" \
-d '{
    "vnid": "1173"
}'

It is also possible to assign VLANs to a port in bulk, as part of an asynchronous batch process. Send a POST request to the /ports/{id}/vlan-assignments/batches endpoint an array of VLAN assignments in the body of the request.

curl -X POST \
-H "Content-Type: application/json" \
-H "X-Auth-Token: <API_TOKEN> " \
"https://api.equinix.com/metal/v1/ports/{id}/vlan-assignments/batches" \
-d '{
    "vlan_assignments": [
        {
            "vlan": "string",
            "state": "assigned"
        },
        {
            "vlan": "string",
            "state": "assigned"
        },
    ]
}'

Configuring Your Servers

Once you have converted the server to Hybrid Unbonded mode and assigned the VLAN to eth1, you will need to configure the networking on the server's operating system and assign it an IP address on the VLAN.

Note: Using the subnet starting with 10.x.x.x for your VLAN traffic is not recommended as we use this for the server's private networking and collisions could occur if you use the same subnet.

There are two example configurations, the first example is a configuration for assigning a single VLAN to eth1, the second example is for assigning multiple VLANs to eth1 and/or for assigning VLANs to bond0.

For a Single VLAN on eth1

If you have only one VLAN,do not tag the traffic, and assign the VLAN IP Address directly to eth1.

Note - in our recent Ubuntu images, the interfaces are no longer aliased to eth1 and eth0. eth1 is enp1s0f1.

  1. Install and configure the prerequisites for VLANs.

    apt-get install vlan
modprobe 8021q
echo "8021q" >> /etc/modules

  2. Bring down the enp1s0f1 interface.

    ip link set down enp1s0f1

  3. Make sure eth1 has been removed from bond0.

    ip -d link show enp1s0f1

    If it hasn't been removed, remove it.

    ip link set enp1s0f1 nomaster

  4. Configure eth1 with an IP address for the VLAN. The example uses IP address 192.168.1.2/29.

    ip addr add 192.168.1.2/29 dev enp1s0f1

    To make the networking configuration permanent and survive server reboots, edit enp1s0f1 in the /etc/network/interfaces file. 

    auto enp1s0f1
iface enp1s0f1 inet manual
    address 192.168.1.2
    netmask 255.255.255.248
    pre-up sleep 4

    And also remember to remove enp1s0f1 from bond0 (truncated example). 

    auto bond0
iface bond0 inet static
    ...
    bond-slaves enp1s0f0
    dns-nameservers 147.75.207.207 147.75.207.208
    ...

  5. Bring up the interface, and check that it is back up.

    ip link set dev enp1s0f1 up
ip -d link show enp1s0f1

  1. Make sure eth1 has been removed from bond0: 

    cat /sys/class/net/bond0/bonding/slaves

    If it hasn't been removed, remove it: 

    echo "-eth1" > /sys/class/net/bond0/bonding/slaves

  2. Bring down the eth1 interface:

    sudo ifdown eth1

  3. Configure /etc/sysconfig/network-scripts/ifcfg-eth1 on each of the servers, changing the IPADDR field to the desired IP and network. Ensure the IP addresses are different on each server that you are attaching to the same VLAN. For example,

    DEVICE=eth1
ONBOOT=yes
HWADDR=e4:1d:2d:11:22:33
IPADDR=192.168.1.2
NETMASK=255.255.255.0
NETWORK=192.168.1.0
BOOTPROTO=none

  4. Bring up the interface:

    sudo ifup eth1

You need to run through the same steps on all the servers that you want to attach to the VLAN, assigning a different IP address to each.

For Multiple VLANs or VLANs on bond0

If you are using multiple VLANs on eth1, or if you are adding VLANs to bond0, IP packets will have the to be tagged, and you will need to setup subinterfaces that will receive packets destined for each VLAN.

Note: If you need support for untagged packets, set the VLAN that handles the untagged packets as the Native VLAN.

Note - in our recent Ubuntu images, the interfaces are no longer aliased to eth1 and eth0. eth1 is enp1s0f1.

  1. Install and configure the prerequisites for VLANs, if you haven't already.

    apt-get install vlan
modprobe 8021q
echo "8021q" >> /etc/modules

  2. Make sure eth1 has been removed from bond0.

    ip -d link show enp1s0f1

    If it hasn't been removed, remove it.

    ip link set enp1s0f1 nomaster

  3. Add new subinterfaces on enp1s0f1 to handle tagged traffic, one for each VLAN, and assign them IP addresses. Use your VLAN IDs from the Equinix Metal VLAN as in the VLAN_ID fields. The example uses VLAN IDs 1000 and 1001 and IP addresses 192.168.1.2/29 and 192.168.100.2/29.

    ip link add link enp1s0f1 name enp1s0f1.1000 type vlan id 1000
ip addr add 192.168.1.2/29 dev enp1s0f1.1000

ip link add link enp1s0f1 name enp1s0f1.1001 type vlan id 1001
ip addr add 192.168.100.2/29 dev enp1s0f1.1001

    To make the networking configuration permanent and survive server reboots, add the new subinterfaces to the /etc/network/interfaces file.

    auto enp1s0f1.1000
iface enp1s0f1.1000 inet static
    address 192.168.1.2
    netmask 255.255.255.248
    vlan-raw-device enp1s0f1

auto enp1s0f1.1001
iface enp1s0f1.1001 inet static
    address 192.168.100.2
    netmask 255.255.255.248
    vlan-raw-device enp1s0f1

    And also remember to remove enp1s0f1 from bond0 (truncated example). 

    auto bond0
iface bond0 inet static
    ...
    bond-slaves enp1s0f0
    dns-nameservers 147.75.207.207 147.75.207.208
    ...

  4. Bring up the interfaces, and check that they came up.

    ip link set dev enp1s0f1.1000 up
ip -d link show enp1s0f1.1000

ip link set dev enp1s0f1.1001 up
ip -d link show enp1s0f1.1001

  1. Install the prerequisites for VLANs:

    sudo modprobe 8021q
sudo echo "8021q" >> /etc/modules

  2. Bring down eth1:

    ifdown eth1

  3. Configure /etc/sysconfig/network-scripts/ifcfg-eth1.1000 and /etc/sysconfig/network-scripts/ifcfg-eth1.1001 on your server. 1000 and 1001 should match the VLANs you've configured on the host in the portal or API. For example,

    DEVICE=eth1.1000
BOOTPROTO=none
ONBOOT=yes
IPADDR=192.168.1.2
PREFIX=24
NETWORK=192.168.1.0
VLAN=yes

  4. Restart networking:

    sudo ifup eth1.1000
sudo ifup eth1.1001

You will need to run through the same steps on all the servers that you want to attach to the VLANs, assigning different IP addresses to each.

Testing the VLAN Connection

You should now be able to communicate between the servers on your VLAN Layer 2 network.

root@layer2:~# ping -I eth1 192.168.1.2
PING 192.168.1.3 (192.168.1.3) from 192.168.1.4 eth1: 56(84) bytes of data.
64 bytes from 192.168.1.3: icmp\_seq=1 ttl=64 time=0.106 ms
64 bytes from 192.168.1.3: icmp\_seq=2 ttl=64 time=0.110 ms
64 bytes from 192.168.1.3: icmp\_seq=3 ttl=64 time=0.115 ms
^C
--- 192.168.1.3 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 0.106/0.110/0.115/0.009 ms

Converting Back to Layer 3

If you want to go back to the default Layer 3 Bonded mode, you must first remove any assigned VLANs, and then add eth1 back to the bonded interface.

To unassign a VLAN in the console, navigate to the server's Network tab. In the Layer 2 section, select the VLAN you are unassigning from the port. Click Remove.

Removing a VLAN

Note that unassigning the VLAN does NOT delete it from your project. The VLAN will continue to exist after unassigning it from the port.

Then, to convert back to Layer 3, click Convert To Other Network Type, select Layer 3. Click Convert to Layer 3 to start the process.

Converting back to Layer 3 Panel

Unassign VLANs from the eth1 interface with the metal port vlan command. Specify the UUID of eth1 for the --port-id and the VLAN that you are unassigning to --unassign.

metal port vlan --port-id <eth1_id> --unassign <vlan>

Then, return eth1 to the bond with the metal port convert command. 

metal port convert -i <eth1_id> --bonded=true

To unassign a VLAN from a port, sent a POST request to the /ports/{id}/unassign endpoint.

You have to specify the port ID of eth1 in the path, and ID of the VLAN in the body of the request. It can be either the VLAN's UUID or the VLAN ID that is in the console.

curl -X POST \
-H "Content-Type: application/json" \
-H "X-Auth-Token: <API_TOKEN>" \
"https://api.equinix.com/metal/v1/ports/{id}/unassign" \
-d '{
        "vnid": "1173"
    }'

You can also unassign multiple VLANs from a port in bulk, as part of an asynchronous batch process. Send a POST request to the /ports/{id}/vlan-assignments/batches endpoint an array of VLAN assignments in the body of the request, and their state set to "unassigned".

curl -X POST \
-H "Content-Type: application/json" \
-H "X-Auth-Token: API_TOKEN" \
"https://api.equinix.com/metal/v1/ports/{id}/vlan-assignments/batches" \
-d '{
    "vlan_assignments": [
        {
            "vlan": "string",
            "state": "unassigned"
        },
        {
            "vlan": "string",
            "state": "unassigned"
        }
    ]
}'

Then, you return the port to the Layer 3 bond. Send a POST request to the /ports/{id}/bond endpoint.

curl -X POST \
-H "Content-Type: application/json"\
-H "X-Auth-Token: <API_TOKEN>" \
"https://api.equinix.com/metal/v1/ports/{id}/bond" \
-d '{
    "bulk_enable": false
}'

Copied code to clipboard