- Home /
- Resources /
- Learning center /
- Devices on Single...
Devices on Single VLAN with Internet Access via Dedicated IPs
Networking Architecture (Scenario 7) - Configuring network connectivity where devices are linked on a shared layer 2 VLAN, and Internet access is provided through dedicated addresses.
On this page
In this scenario:
- Devices can connect to the Internet
- The Internet connection is via a public IP for each device
- Devices communicate with each on a single, shared Layer 2 VLAN
- Devices use IPs allocated by Equinix Metal
- Devices are in a single metro
You have an isolated VLAN. All of your devices are on this VLAN, and can communicate at Layer 2 with each other, and can communicate with the Internet via a device-specific public IP address.
Devices receive no private or public IP addresses directly from Equinix Metal, but you are assigned a range of public IPs that you assign to the devices.
- Create a VLAN.
- Create a public Elastic IP block.
- Create an Equinix Metal Gateway linking it to both the VLAN and the public Elastic IP block.
- Create as many devices as you desire, without a public or private IP address but connected to the VLAN, using the Equinix Metal console or API.
- For each device, using the Equinix Metal console or API, retrieve the port ID for the network port and assign that network port to the VLAN.
- On each device:
- assign an IP address of your choosing from the Equinix-assigned public Elastic IP block.
- configure the routing tables to use the public IP of the Metal Gateway as their default routes.
All packets bound for the Internet, upon reaching the upstream router, will be recognized as coming from the given device and passed onwards, while packets inbound from the Internet for the public address will be recognized and routed to the specific device.
Multiple Metros
Although you can deploy one or more VLANs, each to a separate metro and each with its own IP range, there is no native way for the devices in each VLAN to communicate with each other. For that matter, there is no way for the devices in two VLANs in the same metro to communicate with each other. Each VLAN is fully isolated.
If you wish to create communications links between VLANs, whether in the same metro or in different metros, you can connect them solely using the public IP addresses on each device. This is recommended only if you do not have security constraints, or if you can secure the communications channels between each device.
Alternatively, you can designate one or more nodes as VPN concentrators. You then can link the VPN concentrators to each other across the Internet, and route all traffic to other nodes via the VPN nodes.
Finally, because these are VLANs under which you have complete control, you can add whichever private IP addresses you wish on the devices, and then route traffic between the devices using those private IP addresses, with the VPN concentrators connecting the private networks.
You may also like
Digger deeper into similar topics in our archives
Configuring BGP with BIRD 1.6 on an Equinix Metal Server
Set up BGP on your Equinix Metal server using BIRD 1.6, covering IP configuration, installation, and neighbor setup to ensure robust routing capabilities between your server and the Equinix Metal network.
Configuring BGP with FRR on an Equinix Metal Server
Establish a robust BGP configuration on your Equinix Metal server using FRR, including setting up network interfaces, installing and configuring FRR software, and ensuring secure and efficient IP address announcement.
Crosscloud VPN with Wireguard
Learn to establish secure VPN connections across cloud environments using WireGuard, including detailed setups for site-to-site tunnels and VPN gateways with NAT on Equinix Metal, enhancing cross-platform security and connectivity.
Deploy Your First Server
Learn the essentials of deploying your first server with Equinix Metal. Set up your project & SSH keys, provision a server and connect it to the internet.
Ready to kick the tires?
Use code DEPLOYNOW for $250 credit