Devices on Single VLAN with Internet Access via NAT Gateway

In this scenario:

• Some devices can connect directly to the Internet
• The rest of the devices can communicate directly with each other, but not with the Internet; these devices connect to the Internet via a NAT gateway
• Devices communicate with each other on a single, shared Layer 2 VLAN
• Device IPs on the VLAN are allocated by you
• Hybrid Device IPs on the Equinix Metal network, public or private, are allocated by Equinix Metal
• Devices can be deployed all to one metro, or can be across multiple metros (with a separate VLAN for each metro)

You have an isolated VLAN. All of your devices are on this VLAN, and can communicate at Layer 2 with each other, and can communicate with the Internet via a NAT gateway.

Devices receive no private or public IP addresses from Equinix Metal for the VLAN; devices that are hybrid receive private and public IP addresses from Equinix Metal.

1. Create a VLAN.
2. Create as many devices as you desire, without a public or private IP address but connected to the VLAN, using the Equinix Metal console or API; we call these "private devices".
3. Create one or more devices in hybrid mode - bonded or unbonded - to act as routers.; we call these "router devices".
4. For each device, using the Equinix Metal console or API, retrieve the port ID for the network port and then assign that network port to the VLAN.
5. On each private device:
   1. assign an IP address of your choosing.
   2. configure the routing tables to use the private IPs of the router devices as their default routes.
6. On each router device:
   1. Equinix Metal will have assigned public and private IP addresses to the interface connected to Equinix Metal's networking
   2. assign an IP address of your choosing to the interface connected to the VLAN
   3. deploy router software to route packets between the VLAN addresses and Internet using NAT
7. Optionally, request a public Elastic IP and assign it to the router devices, if you need to respond to incoming requests, or want consistent source addresses on outbound requests.

For more information on layer-2-only modes, see the official Equinix Metal documentation for Layer 2 Only Bonded Mode and Layer 2 Only Unbonded Mode.

For more information on layer-2-hybrid modes, see the official Equinix documentation for Layer 2 Hybrid Bonded Mode and Layer 2 Hybrid Unbonded Mode.

Multiple Metros

Although you can deploy one or more VLANs, each to a separate metro and each with its own IP range, there is no native way for the devices in each VLAN to communicate with each other. For that matter, there is no way for the devices in two VLANs in the same metro to communicate with each other. Each VLAN normally is fully isolated.

However, with your hybrid devices acting as gateways, you have the ability to communicate between different VLANs across the Equinix Metal network.

You then can communicate between devices across metros, using the private IPs of the devices and Backend Transfer.