Devices on Single VLAN with Full IP Control and Connected to a Cloud Provider's VPC Subnet

In this scenario:

• No devices are connected directly to the Internet; there are no Internet connections at all
• No devices are connected directly to Equinix Metal's private network
• Devices communicate with each other on a single Layer 2 VLAN
• Devices use private IPs allocated by you and not by Equinix Metal
• Devices connect to a subnet in a VPC on your cloud provider
• The subnet is in a different IP range than the VLAN

You have one isolated VLAN. All of your devices are on that VLANs, and can communicate at Layer 2 with other devices on the same VLAN. Those devices can communicate privately with servers and services in a subnet in a VPC on your cloud provider. That VPC and subnet have an address range distinct from the VLAN, and therefore communication happens over layer 3, i.e. routing.

Devices receive no private or public IP addresses from Equinix Metal.

As you have two networks - one VPC in the cloud, another in the VLAN in Equinix Metal - you need two things to be able to send traffic between them:

• connectivity - actual networking connectivity between the networks: Equinix Fabric
• routing - knowledge of how to route traffic between the networks: Virtual Routing and Forwarding

Equinix Fabric is the connectivity between the cloud provider and Metal VLAN. You deploy a Virtual Connection (VC) to link the VLAN, via a Metal Gateway, with the cloud provider. Virtual Routing and Forwarding (VRF) provides the routing functionality between the VLAN and VPC over the Fabric VC.

1. Select a unique IP range for your VLAN, distinct from the IP range in use in your VPC.
2. Deploy Equinix Metal VRF. Ensure that your allowed_ips range cover the IP range that you will use on your VLAN.
3. Reserve the IP range for your VLAN from inside the VRF configuration, using ip_reservations.
4. For the VLAN:
   1. Create the VLAN.
   2. Create a Metal Gateway, attached to the VLAN and the single VRF.
   3. Create as many devices as you desire, without a public or private IP address but connected to the VLAN. For each device:
      1. Retrieve the port ID for the network port, using the Equinix Metal console or API.
      2. Assign that network port to the VLAN, using the Equinix Metal console or API.
      3. ssh into the device, assign an IP address of your choosing, and set the default route of the device to the previously retrieved "gateway" address for the IP reservation.
5. For the cloud provider VPC:
   1. Deploy an Equinix Fabric Virtual Connection (VC) between the VRF and the VPC subnet.