Skip to main content
> Equinix Deploy

Subnets and IP Addresses

When you provision an Equinix Metal™ server, it has a basic, default networking configuration which includes a set of management IP addresses and blocks of subnets for your Project.

Your Server's Default Subnets

Each server that you provision will get a set of management IP addresses from the management subnets in your project. If it is the first server in your project or the first server in a Metro, new management subnets are created for you.

Public IPv4 Subnet

Each new server is provisioned with a public IPv4 subnet. Equinix Metal assigns the following public IPv4 address subnets depending on the supported Operating System you select.

  • Linux Distributions - /31
  • Windows Server - /30
  • VMware ESXi - /29

Note - These are the minimum supported size subnets for each operating system. If you are using your own Linux, Windows, or VMware operating system image, you will need to provision your server with at least the minimum subnet size specified above.

Your servers' management public IPv4 address will be assigned from this subnet. It provides an public IPv4 address that is accessible and visible to the public Internet, and can be used for accessing a server administratively, for example, via SSH.

The default public IPv4 subnet is provisioned on the server-level only. It is not attached to your project. The default public IPv4 subnets are not expandable and can not be retained after you delete the server. If you need subnets of Public IPv4 addresses that are attached to your Project and can be reused between servers, and can contain more IP space, you can reserve public IPv4 addresses.

Private IPv4 Management Subnets

These are internal 10.x.x.x IP addresses, provided at no charge. When you first provision a server in a metro, your project is provided with a private IPv4 /25 subnet in that metro. Your servers' management private IPv4 address will be assigned from this block.

As you assign IPs from the subnet and spin up additional servers in the metro, we’ll automatically replenish your supply with additional /25 subnets.

Servers in the same project and metro are able to access each other at the private IP address, or all servers in the same project can access each other across metros with Backend Transfer enabled. Servers are not able to communicate with other projects, other Equinix Metal customers, or the Internet at these addresses.

Private IPv4 Management Subnets are attached to your Project and can not be removed. They continue to persist and you can use IP addresses from them even after the servers they were provisioned with are removed.

You can also use Private IPv4 addresses from Management subnets as additional IP addresses on your servers. They can be assigned to servers as static Elastic IP addresses or announced from servers with BGP as long as they are not being used by any other server.

Public IPv6 Management Subnets

When you first provision a server in a metro, we assign a publicly routable /56 IPv6 subnet on the project level, which is divisible into 256 /64 subnets (“LAN subnets” in IPv6 parlance), each routable to a server. Your servers' management public IPv6 address will be assigned from one of these subnets.

Public IPv6 management subnets are attached to your Project and can not be removed. They continue to persist and you can use IP addresses from them even after the servers they were provisioned with are removed.

You can also use Public IPv6 addresses from management subnets as additional IP addresses on your servers. They can be assigned to servers as static Elastic IP addresses or announced from servers with BGP as long as they are not being used by any other server.

Additional Public IPv4 Addresses

If you want more permanent public IPv4 addresses that stay with your Project and can move between servers, or have a use-case where you want to announce IPv4s globally, Equinix Metal offers both regular additional IPv4 addresses and Global Anycast IP addresses, which you reserve from Equinix Metal on an hourly basis.

  • Reserved Public IPv4 Addresses - You can order additional public IPv4 address space, ranging from a /32 (a single IP) through a /24 (256 IPs). Though there is no technical limit to how these IPs can be configured, we encourage you to use them responsibly, and as such we charge a nominal fee per IP address - $0.005/hr or about $3.60/mo.

  • Global Anycast IP Addresses - Global Anycast IPs are public IPv4 addresses that are pulled from Equinix Metal-owned IP space and announced in all of Equinix Metal's Metros. These IPv4 addresses cost $0.15/hr per IP. Regular $0.05/GB outbound rates apply, and (in addition) inbound bandwidth to Global Anycast IPs costs $0.03/GB.

Deploying Without a Public IP Address

By default, servers provisioned on Equinix Metal get allocated a public IPv4 and IPv6 address. However, you might have a use case where the server is deployed in a restricted environment and is expected to have no public internet access. It is possible to deploy your servers without public IP addresses, and it is supported for deploying on-demand, reserved servers, and spot market servers.

To deploy an On-Demand server without a public IP Address, select Don't deploy with Public IPv4 and Don't deploy with Public IPv6 under Optional Settings. You can choose to deploy without either or both.

Deploying with No Public IPs for On Demand

Similarly, if you are deploying from your Reserved Servers or ordering through the Spot Market, you can uncheck Public IPv4 and/or Public IPv6 from the IP Assignment options.

To deploy a server without a public IP address through the API, specify "public": false in the "ip_addresses" object in the body of the POST request.

curl -X POST \
-H "Content-Type: application/json" \
-H "X-Auth-Token: <API_TOKEN>" \
"https://api.equinix.com/metal/v1/projects/{id}/devices" \
-d '{
    "metro": "<metro_code>",
    "plan": "<server_type>",
    "operating_system": "<os_slug>",
    "ip_addresses": [
        {
            "address_family": 4,
            "public": false
        }
    ]
}'

Some operating systems require public IP addresses. If you attempt to provision a server without a public IP address with an operating system that doesn't support it, you will get a “Public IPv4 is required” error in the response.

Managing Your Project's IP Addresses

Your Project's IPs page contains a list of all the Management, Reserved, and Global Anycast subnets and IPs.

IP Address Block List for a Project

To see the status of IP addresses inside the subnets, click the Actions menu, where you can see which subnets and IPs are assigned to which servers.

IP Block Subnet Usage

In the CLI, all the Management, Reserved, and Global Anycast subnets and IP address information for a Project is available from the metal ip get command.

`metal ip get -p <project-uuid>`

To get a list of the Management, Reserved, and Global Anycast subnets and IPs in your Project, send a GET request to the /projects/{id}/ips endpoint.

curl -X GET \
-H "Content-Type: application/json" \
-H "X-Auth-Token: <API_TOKEN>" \
"https://api.equinix.com/metal/v1/projects/{id}/ips"

You can check the status of subnets and IP addresses in each of your project's Management, Reserved, and Global Anycast subnets by sending a GET request to the /ips/{id} endpoint. The UUID of the subnet or IP address goes in the path.

curl -X GET \
-H "Content-Type: application/json" \
-H "X-Auth-Token: <API_TOKEN>" \
"https://api.equinix.com/metal/v1/ips/{id}"

The response will include which IPs and subnets are being used out of the IP address block specified.

Equinix Metal's Public IP Address Blocks

We publish a list of our public IP address ranges as geofeed data at https://geofeed.equinixmetal.com/. You can also cURL it with:

curl -X GET https://geofeed.equinixmetal.com/

Copied code to clipboard