Skip to main content
> Equinix Deploy

Devices on Multiple VLANs with Full IP Control

Networking Architecture (Scenario 10) - Implementing network connectivity where devices are connected on different layer 2 VLANs with full control over IP addresses.

Devices on Multiple VLANs with Full IP Control

On this page

In this scenario:

  • No devices are connected directly to the Internet; there are no Internet connections at all
  • Devices communicate with each other on distinct Layer 2 VLANs
  • Devices use private IPs allocated by you and not by Equinix Metal
  • Devices are in a single metro or multiple metros

You have two (or more) isolated VLANs. All of your devices are on one or the other of the VLANs, and can communicate at Layer 2 with other devices on the same VLAN, or with devices on the other VLANs, but not with any other devices or the Internet.

Devices receive no private or public IP addresses from Equinix Metal.

Deployment Options

You have two choices as to how to deploy these devices:

  • Use Equinix Metal Gateways and Equinix Metal Virtual Routing and Forwarding (VRF)
  • Deploy your own routing devices

For both methods, start by determining distinct and independent IP ranges for each of your VLANs; ensure that they do not conflict with each other.

Using VRF

General Layout - VRF

  1. Deploy Equinix Metal VRF, using the Equinix Metal console or API. Ensure that you include ip_ranges that cover any IP ranges that you will use on the VLANs.
  2. For each VLAN, using the Equinix Metal console or API:
    1. From your IP ranges determined above, select the unique IP range for this VLAN.
    2. Reserve the IP range using the usual IP reservation request mechanism, indicating the VRF ID and the range.
    3. From the response, save the "gateway" address.
    4. Create the VLAN.
    5. Create a VRF Metal Gateway, assigning it the VLAN ID, and the IP Reservation ID.
    6. Create as many devices as you desire, without a public or private IP address but connected to the VLAN.
  3. For each device
    1. retrieve the port ID for the network port, and assign that network port to the VLAN.
    2. Assign an IP address of your choosing from the IP range you allocated to the VLAN.
    3. Set the default route of the device to the previously retrieved "gateway" address for the IP reservation.

As each VLAN has a Metal Gateway, and the Gateways are connected to the same VRF, traffic will be routed correctly between the Gateways and to the devices.

Because both of the Gateways are Metal Gateways, there already is a networking connectivity between them. VRF provides the routing ability between those, thus enabling the VLANs to communicate over L3.

Comms - VRF

Router Devices

General Layout - Router

  1. For each VLAN, using the Equinix Metal console or API:
    1. Create the VLAN.
    2. From your IP ranges determined above, select the unique IP range for this VLAN.
    3. Create as many devices as you desire, without a public or private IP address but connected to the VLAN, using the Equinix Metal console or API; we call these "private devices".
    4. Create one or more devices in hybrid bonded mode to act as routers, giving them both private addresses from Equinix Metal and connected to the VLAN, but without public addresses; we call these "router devices".
    5. For each device, retrieve the port ID for the network port, and assign that network port to the VLAN.
  2. On each private device:
    1. Assign an IP address of your choosing from the IP range you allocated to the VLAN.
    2. Set the default route of the device to the private VLAN address of the "router device".
  3. On each router device, deploy router software to route packets between the VLAN addresses and the Equinix Metal-assigned private addresses, using NAT, and vice-versa.

Comms - Router

Multiple Metros

If you wish to deploy the VLANs in multiple metros while enabling communications between the devices on those VLANs, you cannot yet use VRF. VRF itself is able to understand multiple metros. However, the implicit inter-Gateway connectivity does not connect Gateways between metros. This would require you to deploy an alternate connectivity layer. Equinix Fabric normally is your best choice. However, Fabric does not yet support connecting between two Equinix Metal metros. Equinix is building this capability into its soon-to-be-released Fabric Cloud Router (FCR) product.

In the meantime, you must use router devices. Simply follow the process for "router devices" above, and enable Backend Transfer between the metros.

Inter Metro Router with Backend Transfer

Last updated

25 June, 2024

Category

Tagged

Article
You may also like
Dig deeper into similar topics in our archives
Image of Configuring BGP with BIRD 2 on Equinix Metal
Networking Technical
Configuring BGP with BIRD 2 on Equinix Metal

Set up BGP on your Equinix Metal server using BIRD 2, including IP configuration, installation, and neighbor setup to ensure robust routing capabilities between your server and the Equinix M...
Image of Configuring BGP with FRR on an Equinix Metal Server
Networking Technical
Configuring BGP with FRR on an Equinix Metal Server

Establish a robust BGP configuration on your Equinix Metal server using FRR, including setting up network interfaces, installing and configuring FRR software, and ensuring secure and efficie...
Image of Crosscloud VPN with WireGuard
Networking Technical
Crosscloud VPN with WireGuard

Learn to establish secure VPN connections across cloud environments using WireGuard, including detailed setups for site-to-site tunnels and VPN gateways with NAT on Equinix Metal, enhancing...
Image of Deploy Your First Server
Platform Quickstart
Deploy Your First Server

Learn the essentials of deploying your first server with Equinix Metal. Set up your project & SSH keys, provision a server and connect it to the internet.