Compare Equinix Networking Resources

What are the networking and routing components at Equinix on which you can build your global network, and connect your services around the world?

In this guide, we will take a look at the main networking components available to you on-demand at Equinix, including both Fabric and Metal services. We will compare Equinix Fabric Cloud Router, Equinix Network Edge, Equinix Metal Gateway, and Equinix Metal Virtual Routing.

Metal and Fabric

Let's start by looking at the primary on-demand services available from Equinix, Metal and Fabric. All of the networking resources we discuss in this guide are built on top of these two core services.

What is Equinix Metal?

Equinix Metal is an on-demand bare-metal cloud service from Equinix. You can deploy physical servers in minutes, with direct, exclusive access to the hardware, and full control over the operating system and software stack. Equinix Metal is available in Equinix metros around the world.

Within Equinix Metal, you have two primary options for networking the servers you deploy.

First, you can connect your servers to the Equinix Metal Layer 3 network. Your servers have access, in a private IP space, to all of the other servers in your project within your Equinix Metal metro, while isolating them from any other servers anywhere.

Once connected to the Equinix Metal Layer 3 network, you have several options for extending connectivity beyond the servers in your project and in the same metro.

Backend Transfer, enabled with a simple configuration change, extends connectivity of your servers beyond your project in your metro only to all other servers in your project in every Equinix Metal metro around the world.

If you configure your servers with public IP addresses, those servers can access the public Internet directly. You take advantage of Equinix's global Internet egress, with its high-speed, high-bandwidth connectivity, and direct peering with all of the major Internet service providers around the world.

Second, you can create one or more private networks among your servers within a single project and metro, using Equinix Metal's layer 2 VLAN offering. Within a VLAN, you have full control over the IP address space, and are completely isolated from all other networks.

Equinix Metal being Equinix Metal, of course, you also have hybrid offerings, where you can connect your servers both to the Equinix Metal private network and to one or more VLANs, or to both, as well as the public Internet. To learn more about layer 2 networking with VLANs, including hybrid modes, read the official Metal documentation.

What is Equinix Fabric?

Equinix Fabric is a global high-speed managed private network, connecting thousands of endpoints in dozens of metros around the world. Equinix IBX data centers, Equinix Metal, other cloud providers, SaaS providers, you name it, it likely is connected to Fabric.

In Fabric, you create Virtual Connections (VCs), private point-to-point connections, dedicated solely to you, between any of those endpoints, as long as you have an account and the right permissions on each endpoint. For example, in an Equinix IBX, you need to have a port; in AWS, Azure or Google Cloud, you need to have an account with access to the appropriate interconnection resource in that cloud.

Fabric VCs can be global, but often are within the same metro. For example, AWS us-east-1 to Equinix IBX DC1, or Equinix Metal metro Washington. Further, you can create multiple VCs between the same endpoints, for higher traffic throughput and redundancy.

Equinix Networking Resources

With a basic overview of Equinix Metal and Equinix Fabric, let's look at the networking resources available to you, which challenges they solve, and when to use each.

Equinix Metal Gateway

Equinix VLANs are a powerful way to create private networks among your servers within a single project and metro. They give you the isolation you want and the address control you need. In that, however, is the catch. If you need to interconnect VLANs, or connect your VLANs to the public Internet, how do you do it?

As the diagram shows, your servers on the same VLAN can connect to each other directly over layer 2, and you have full IP address control, but the Internet, and pretty much everything else, is blocked off.

If you think about how you would run networks using your own hardware, or even a simple small office or home network, you have isolated network segments, with full control, but you also connect them, usually via a gateway, to other networks, including the public Internet.

Equinix Metal Gateway is the connector between Equinix Metal VLANs and other services and networks at Equinix Metal. It is a managed service, available at no charge, that provides a simple, easy-to-use way to connect your VLANs to the Equinix Metal global private network, to the public Internet, to other VLANs, or to the world of Equinix Fabric.

There are three types of Metal Gateway:

• Private IP: You will receive an IP address range from the Equinix Metal private network, the Gateway will be assigned an address in that range, you assign servers on the VLAN addresses from that range, and they will be able to connect to the Equinix Metal private network.

• Public IP: You will receive a public IP address range, the Gateway will be assigned an address in that range, and you assign servers on the VLAN addresses from that range, and they will be able to connect to the public Internet.

• VRF: You will manage your IP range inside the VLAN fully, with a managed router connecting your VLAN, via the Metal Gateway, and other networks. The managed router is Equinix Metal's Virtual Routing and Forwarding (VRF), explained in the next section.

To learn more about Metal Gateway, read our guide Intro to Metal Gateway, as well as the official Metal Gateway documentation.

Equinix Metal Virtual Routing and Forwarding (VRF)

While Metal Gateway provides the gateway, or connector, between a VLAN and other networks - such as the Equinix Metal private network, the public Internet, and Equinix Fabric - sometimes you need more than just a simple Layer 2 connector. Sometimes, you need a full Layer 3 router, with full control over routing rules, routing between different networks with differing IP address ranges, or announcing routes over protocols like BGP.

When you just need Layer 2 connectivity, such as a VLAN to the Equinix Metal private network or to the public Internet - then Metal Gateway will do the job. When you need Layer 3 routing, such as between different VLANs, or between a VLAN other networks over Fabric, then Metal VRF is your virtual router.

VRF sits between your Gateway and other services, providing all of the Layer 3 routing and BGP announcements needed to make your network work. VRF is a fully managed service, available at no charge, which lets you connect:

• multiple VLANs to each other, each with its own Metal Gateway connected to a VRF
• VLANs to the Equinix Fabric global network, with all of its endpoints, with a Fabric Virtual Connection (VC) connecting between a VRF on one end and the other endpoint, such as an Equinix IBX, cloud provider or SaaS provider, on the other

To learn more about VRF, read our guide Intro to VRF, as well as the official VRF documentation.

Equinix Network Edge

Equinix Network Edge is an Equinix service that provides virtual routers, firewalls, and other network services, available on-demand at Equinix. Network Edge is deployed in an Equinix metro, and connected to the Equinix Fabric global network. Each Network Edge is single-tenant, dedicated to your network services only.

Network Edge is a series of virtual network functions, ready as prepackaged appliances from a multitude of top network vendors.

Like any appliance or cloud instance, you select:

• resources, such as CPU and memory
• network interfaces
• software, such as a router, firewall, or other network service
• licensing, such as the number of sessions or throughput, and whether you bring your own license or pay for an Equinix license

For example, you might want a CheckPoint Firewall facing your Internet ingress, behind which you have a pair of Cisco Routers in each of several metros, followed by an F5 Load Balancer.

Network Edge lets you deploy network functions, such as firewalls, routers, load balancers, or DNS/DHCP/IP address management, without needing to deploy physical devices in an IBX, or to manage the software stack yourself.

Network Edge is available from over a dozen top networking vendors, available in almost every Equinix metro, and connected to the Equinix Fabric global network. Network Edge is priced by the resources of the instance itself, such as CPU, memory and throughput, and software licensing for the appliance.

To learn more about Network Edge, read the official Network Edge Documentation.

Equinix Fabric Cloud Router

Equinix Fabric Cloud Router (FCR) provides a managed router service to interconnect and manage all of your Virtual Connections (VCs), simplifying the management and providing a single point for routing configuration and management.

Combined with IP-WAN, you can create a cost-effective, well-controlled and auditable private global network mesh among all of your VC endpoints.

FCR is fully managed by Equinix on your behalf. You do not need to think about network interfaces, resource consumption such as CPU or memory, software configuration or licensing. You simply pick the scale capabilities you need, based on maximum bandwidth and routes, deploy it and use it.

FCR is priced monthly based on tiers. Each tier has a different maximum number of routes and bandwidth.

To learn more about FCR, read our guide Intro to FCR, as well as the official Fabric Cloud Router documentation.

When to Use Each

Now that we have an overview of the two families of infrastructure services - Equinix Metal and Equinix Fabric - and the networking resources available in each - Metal Gateway, Metal VRF, Network Edge, and Fabric Cloud Router - let's look at when to use each.

Connecting Metal VLANs to anywhere

To connect VLANs to anywhere, you only have two choices.

First, in addition to the regular devices you have deployed on the VLAN, you can deploy Equinix Metal devices dedicated to acting as routers. You deploy these "router devices" in hybrid mode, connect them both to the VLAN and to the Equinix Metal private network, optionally adding public IP addresses for Internet access. Then, you configure these "router devices" to handle routing between the VLAN and the Equinix Metal private network and optionally the public network.

This works well, and provides you with very fine-grained control. Unfortunately, it also requires you to deploy and manage the "router devices", deploy extra "router devices" for redundancy, and manage the software stack. This comes with direct costs of the servers, and indirect costs of configuring and managing the operating system on those devices and the software stack, as well as monitoring them.

Second, you can use Equinix Metal Gateway. There is no cost to Metal Gateway, it requires no effort on your behalf, and is fully managed and monitored. Whether you are connecting a VLAN to the Equinix Metal private network or to the public Internet, Metal Gateway is the simplest and most cost-effective way to do so.

If you have a particular need to control the connection in a custom way that Metal Gateway does not provide, or want to install your own firewall at the ingress/egress from the VLAN, you should deploy your own "router devices". For all other use cases, you should use Metal Gateway.

Connecting Metal VLANs to each other

If you want to connect Metal VLANs to each other, you have two choices.

First, you can deploy Equinix Metal devices, connecting them to multiple VLANs, and configure them to handle routing between the VLANs. First, in addition to the regular devices you have deployed on the VLANs, you can deploy Equinix Metal devices dedicated to acting as routers. You deploy these "router devices" connected to multiple VLANs. Then, you configure these "router devices" to handle routing between the VLANs.

This works well, and provides you with very fine-grained control. Unfortunately, it also requires you to deploy and manage the server, deploy extra ones for redundancy, and manage the software stack. This comes with direct costs of the servers, and indirect costs of configuring and managing the operating system on those devices and the software stack, as well as monitoring them.

Second, you can deploy Equinix Metal VRF. A single VRF connects to the Metal Gateway attached to each VLAN, like a router to multiple switches, and routes traffic between the VLANs. There is no cost to Equinix Metal VRF, it requires no effort on your behalf, and is fully managed and monitored.

Unless you have a particular need to control the connection in a custom way that Metal VRF does not provide, you should use Metal VRF stacked on top of Metal Gateway.

Connecting Metal VLANs to Fabric

If you want to connect Metal VLANs to Fabric, you have two choices.

First, you can connect a Fabric VC directly to a VLAN.

While this works, it has certain limitations.

First, the IP address range of the VC will be the same as on the VLAN. Your devices will be in the same range as everything, right up to the far end of the connection. In some cases, this may not be a problem, while for others, it may well be.

Second, and perhaps more importantly, you will need to manage the routing and address announcement yourself. There is no default gateway that can handle your traffic. You will need to deploy a dedicated device on the VLAN to handle the routing and address announcements. If you want redundancy, always highly recommended, then you need two or more dedicated devices. All of your other devices will need to use those hosts as default gateways. The dedicated router devices also need to handle receiving BGP announcements from the far end of the VC, as well as sending them.

This is a lot of work, and a lot of potential for error, as well as incurring the direct costs of the devices and the indirect costs of deploying, managing and monitoring them.

Second, you can deploy a Metal Gateway and a VRF, and connect the VRF to the Fabric VC. The Metal Gateway will handle the connection between VLAN and VRF, and the VRF will handle all of the routing and address announcements between the VLAN and the Fabric VC. There is no cost to Metal Gateway, and no cost to Metal VRF.

Unless you have a particular need to control the connection in a custom way that Metal VRF does not provide, you should use Metal VRF stacked on top of Metal Gateway.

Deploying specific network functions from specific vendors

If you have services connected to Fabric, and need specific network functions and capabilities from specific vendor, you should use Network Edge. The actual software appliance from that vendor will be deployed for you as a dedicated service on a dedicated cloud instance.

There are multiple reference architectures available from Equinix.

For example, you can create geo-redundancy across sites, deploying Network Edge VPN concentrators, firewalls, routers and SD-WAN terminators, in all metros across the globe, providing redundant access and global points-of-presence for each service.

Additionally, if you need capabilities not offered as a managed service from Equinix, such as a load balancer or application firewall, you should deploy Network Edge instances from the specific vendor you desire.

Routing multiple VCs together

If you have multiple VCs interconnecting the same endpoints, you should use Fabric Cloud Router. FCR provides a single point for routing and control, with the added benefit of a reduced number of connections, and therefore costs. Rather than incurring the direct costs of multiple connections on both Fabric and endpoint side, you will have a single pair of connections to the FCR, and the FCR will connect all of the endpoints.

In addition, FCR handles the routing and control, simplifying the management and providing a single point for routing configuration and management. This reduces your overhead as well as simplifying auditing and compliance.

Creating a global mesh network

When you started, your network likely involved just a single metro, or a single cloud provider. As you grew, you added more cloud providers, and eventually more metros, leading to traffic flowing all over the world. Managing traffic flow in a global network is a complex task.

FCR provides the ability to create a global mesh network among all of your endpoints. Each endpoint needs to connect to just one other endpoint, the FCR in its metro, which connects across IP-WAN to all of the FCRs in all other metros.

Conclusion

Equinix Metal and Equinix Fabric provide powerful on-demand cloud infrastructure services, including global networks and powerful network constructs.

To manage the routing and connections among these networks, Metal and Fabric offer managed network services, so you can build whichever network architecture you need.

• Metal Gateway to connect private VLANs to the Metal private network, public Internet or Fabric
• Metal VRF to route between VLANs, or between VLANs and Fabric
• Network Edge to deploy specific network functions from specific vendors
• Fabric Cloud Router to route multiple VCs together and create a global managed mesh network