Networking Scenarios and Architectures

Network Architectures on Equinix Metal

How do you build the networking architecture that you want on Equinix Metal?

Equinix Metal offers multiple ways to set up networking on your devices, connect between devices, between projects, between metros, to and from the Internet, to other clouds, to private deployments in Equinix data centers.

In this series, we will describe various networking architectures that you are likely to want. For each one, we will show you how to build that architecture using Equinix Metal resources.

This series is not product documentation but architecture guides. We want to help you put together the right architecture for your needs, using Equinix Metal products and services.

Once you have the architecture you want, you can use the Equinix Metal product documentation for the different products, to build out your desired architecture.

Equinix Metal documentation is available here.

Key Decisions

In composing the right architecture for your needs, there are a few key decision points. All of the architectures will be created by taking into account variants of these decision points and options available.

• Will your devices be connected to the Internet, or just to each other?
• If connected to the Internet, will it be via NAT, or directly?
• Do your devices need to communicate with each other directly via layer 2, or will they use standard Equinix Metal layer 3 networking?
• Do you need complete control over the IPs allocated to your devices, or will you use the private and/or public IPs allocated by Equinix Metal?
• Do your devices deploy all to one metro, or are they in multiple metros?

With these decision points in hand, let's dive into the various scenarios composed of those choices.

Network Scenarios

We describe the architecture and tools to use for each of these scenarios. While Equinix Metal cannot decide for you which architecture works for you, we do encourage you to reach out to your account manager and leverage our extensive expertise.

Each of these scenarios is described in its own page, with links from the description.

Standard Equinix Metal networking

If your devices use standard Equinix Metal networking, with each device getting a private and, optionally, a public IP address, this section describes the scenarios.

Standard Equinix Metal networking does not give you the option for complete IP control. If you need to select a specific IP range, rather than what Equinix provides, you must use Layer 2 networking.

• Interconnected Devices with Internet Access
• Internal Network Only with no Internet Access
• Interconnected Devices with selective Internet Access
• Interconnected Devices with Internet Access via NAT Gateway

Private Layer 2 networking

With Layer 2 networking, you deploy a VLAN and connect the devices to that VLAN. You take complete ownership of assigning IP addresses to those devices in the shared VLAN.

In general, the VLAN is isolated without any connectivity to the outside world, whether the Internet or Equinix Metal's network. However, you have the option of connecting the VLAN to the Internet or Equinix Metal networks, or even other networks entirely, using the options listed in these use case architectures.

• Devices on Single VLAN and Equinix Metal IPs

• Devices on Single VLAN with Internet Access via NAT Gateway

• Devices on Single VLAN with Internet Access via Dedicated IPs

• Devices on Single VLAN and Equinix Metal IPs

• Devices on Multiple VLANs and Equinix Metal IPs

• Devices on Multiple VLANs with Full IP Control

• Devices on Single VLAN with Full IP Control and Connected to a Cloud Provider's VPC Subnet

• Devices on Single VLAN with Full IP Control and Connected to a Colocation Cage Subnet

Layer 2 Challenges

In some of the Layer 2 scenarios, you create devices without any IP addresses, public or private. This can make it challenging to log on to the device in order to set the desired IP.

In general, you can do one of the following:

• Start the device with a public IP, ssh into the device, add the VLAN IP, and then use the Equinix Metal console or API to remove the assigned public IP and attach it to the VLAN.
• Start the device without any IPs, use the out-of-band console to get console root access, and assign the VLAN IP.
• Use userdata to configure the server to assign the VLAN IP on boot.

As a general rule of thumb, we recommend the last option, if possible. The other options require complex timing coordination and possible manual steps. In addition, the device starts without being configured and cannot "self-configure" into the correct state. These are somewhat fragile, and do not scale without significant additional effort. Both of these go against the flow of cloud-style self-configuring and self-healing systems, without human interaction.

Further, should you need to replace one or more devices, you will need to repeat the steps, rather than having the replacement device simply start up and configure itself into the right mode.

Backend Transfer

In some of the scenarios, you need to communicate privately between metros. Backend Transfer is an Equinix Metal service that uses private communications links between metros. Backend Transfer is a paid service.

For customers with highly sensitive traffic, you may wish to combine Backend Transfer and a self-managed VPN.