Devices on Single VLAN with Internet Access via Dedicated IPs

In this scenario:

• Devices can connect to the Internet
• The Internet connection is via a public IP for each device
• Devices communicate with each on a single, shared Layer 2 VLAN
• Devices use IPs allocated by Equinix Metal
• Devices are in a single metro

You have an isolated VLAN. All of your devices are on this VLAN, and can communicate at Layer 2 with each other, and can communicate with the Internet via a device-specific public IP address.

Devices receive no private or public IP addresses directly from Equinix Metal, but you are assigned a range of public IPs that you assign to the devices.

1. Create a VLAN.
2. Create a public Elastic IP block.
3. Create an Equinix Metal Gateway linking it to both the VLAN and the public Elastic IP block.
4. Create as many devices as you desire, without a public or private IP address but connected to the VLAN, using the Equinix Metal console or API.
5. For each device, using the Equinix Metal console or API, retrieve the port ID for the network port and assign that network port to the VLAN.
6. On each device:
   1. assign an IP address of your choosing from the Equinix-assigned public Elastic IP block.
   2. configure the routing tables to use the public IP of the Metal Gateway as their default routes.

All packets bound for the Internet, upon reaching the upstream router, will be recognized as coming from the given device and passed onwards, while packets inbound from the Internet for the public address will be recognized and routed to the specific device.

Multiple Metros

Although you can deploy one or more VLANs, each to a separate metro and each with its own IP range, there is no native way for the devices in each VLAN to communicate with each other. For that matter, there is no way for the devices in two VLANs in the same metro to communicate with each other. Each VLAN is fully isolated.

If you wish to create communications links between VLANs, whether in the same metro or in different metros, you can connect them solely using the public IP addresses on each device. This is recommended only if you do not have security constraints, or if you can secure the communications channels between each device.

Alternatively, you can designate one or more nodes as VPN concentrators. You then can link the VPN concentrators to each other across the Internet, and route all traffic to other nodes via the VPN nodes.

Finally, because these are VLANs under which you have complete control, you can add whichever private IP addresses you wish on the devices, and then route traffic between the devices using those private IP addresses, with the VPN concentrators connecting the private networks.