The EBC platform offers various virtual network functionalities that can be configured in the EBC portal, next to that connectivity to internet and/or WAN connections are offered in a single and multi-site mode by using Edge.
Edge Gateway
The network interface between the Virtual Data Center (VDC) and external networks such as Internet and WAN has various configuration options, the exact choice depends on the desired functionality.
The following options are available:
-
Edge gateway shared internet
-
Edge gateway single
-
Edge gateway stretched
The configuration of the edges also defines the network options between multiple VDCs, e.g. distributed firewalling, and inter-site networking.
Edge Gateway Shared Internet
When only using internet as a connectivity option with a maximum of five IP addresses per VDC, the Edge Gateway Shared Internet will be sufficient. The related Internet product is ECforMS and must be purchased separately.
When an IP block of eight or more IP addresses is needed, select Equinix Internet Access for the internet connection product. On the Edge Gateway Shared Internet, only ECforMS can be configured. Other options like WAN connectivity to colocation or Public Cloud is not available with this Edge option. When in a later stage WAN connectivity or a larger IP blocks are needed, an IP renumbering and migration to another edge type is necessary.
Edge Gateway Single
This option is best suited when a VDC has connectivity via Equinix Internet Access for the internet and/or connectivity to a second VDC, cabinet, cloud provider or on-premise location. The Edge gateway is available in two configuration options:
-
Shared – This option offers the feature to connect multiple routers to the same internet or WAN connection using NAT.
-
Dedicated – A single Edge gateway connects the EBC networks to the internet and WAN without requiring NAT.
When route advertisement is needed where networks in the VDC are automatically available from the WAN connection, the option Dedicated is necessary. This maybe desirable, for example, if IP-space in the Public Cloud needs to be connected to the same IP-space in the VDC.
In all other cases the Shared option is suitable.
Edge Gateway Stretched
This option is available to share networks between data centers in one VDC. There is one router available for the internet and/or WAN connectivity. This option supports the use of route advertisement so networks in the VDC are available from the WAN connectivity.
This option is obligatory in two scenarios:
-
EBC ST Premium where hosts are in two data centers in a stretched cluster configuration.
-
In a disaster recovery scenario with two VDCs and EBC Availability.
Additional Edge Gateway
This option enables adding an Edge Gateway to an existing Edge Gateway Single instance (applicable to Shared type Edge Gateway instances). In this scenario, multiple routers can be connected to the same Internet or WAN connection. For example, when using multiple VDCs for Production, test and development.
Internal Networks and VDC Groups
As part of the EBC service, 250 internal L2 networks per VDC are included in the service. You can create these networks through the self-service functionality.
If multiple VDCs are used and the internal networks need to be available in all VDCs, a VDC-Group is needed. Internal networks within the same Equinix data center can be created via self-service. Internal networks can also be isolated for example for a backend network.
If VDCs are needed in multiple data centers, VDC-group can be requested with a service request. Inter-site networks can be created in self-service. Afterwards the Networks are charged per network.
EBC Flex Network Purchase Units
The consumption of network services within EBC is charged as follows:
| Purchase Unit | Type | Ordering and Billing |
|---|---|---|
| NSX License |
|
The NSX license is charged per GB vRAM of the VMs where an NSX function is used. It is a Pay per Use item and charged based of the usage in the past month. |
| EBC Edge Gateway Shared Internet | The Internet Edge Gateway is charged per instance and ordered in advance. | |
| EBC Edge Gateway |
|
The Edge Gateway is charged per edge. Edges are ordered in advance and cannot be ordered via the self-service option. |
| EBC Additional Edge Gateway | Additional Edge Gateways are charged per edge, they can be created via a service request. | |
| EBC inter-site networking | NSX Multisite network is charged as a pay per use item per network the networks can be created in the portal |
The purchase unit for NSX licenses per type applies to the Virtual Network Feature levels of Advanced, Enterprise and Enterprise Plus you can find the table with the NSX features per Edge Gateway below.
When using a Dedicated routing instance in the Single or Stretched variant, all VMs with networks connected to the Edge Gateway will be charged for NSX Advanced Licensing.
Within the VDC you can set up VMs and network services at your discretion.
| Edge Gateway Type | Selv-service Feature Description | NSX Feature Level |
|---|---|---|
| None |
Advanced Firewall (Policy-based security zones through micro-segmentation) |
Advanced
|
|
Virtual L2 networks |
None |
|
| Edge Gateway Shared Internet | Standard firewall | None |
| Advanced Firewall (Policy-based security zones through micro-segmentation) | Advanced | |
| Routing, IPv4 | None | |
| NAT | None | |
| DHCP | None | |
| VPN (layer 2) | Advanced | |
| VPN IPSec layer 3 Site to site “tunnel” based | None | |
| Edge Gateway Single/Stretched | Standard firewall | None |
| Advanced Firewall (Policy-based security zones through micro-segmentation) | Advanced | |
| Routing, IPv4 static and dynamic(BGP) | None | |
| Routing, IPv6 static | None | |
| Routing, IPv6, dynamic(BGP) | Enterprise | |
| NAT | None | |
| DHCP | None | |
| VPN (layer 2) | Advanced | |
| VPN IPSec layer 3 Site to site “tunnel” based | None | |
| Route Advertisement (VRF) | Advanced | |
| Multi-site network | Enterprise |
Own Routers
If your organization prefers to use its own router or firewall solutions, you may consider using the Basic feature level. The NFV self-service features that require the virtual routers are not available for this level, avoiding charges. Because external routers introduce complexity to the solution a fee is required for the support.
| Purchase Unit | Type | Ordering and Billing |
|---|---|---|
| External Router Support |
each |
Preordered, monthly fixed fee.
|
External Networks
External networks are an optional part of the EBC service up to a maximum of 25 per VDC. EBC External network is used to extend L2 networks (VLANs) outside of a VDC in single or multiple data centers.
Examples include connections to a cabinet or carrier, and to:
-
Equinix Managed Storage - File
-
Equinix Application Platform (Kubernetes container platform)
-
Equinix Fabric
-
Equinix Connect
VLANs connected via external networks are made available within EBC, and can be translated by Equinix to avoid overlap between other EBC tenants.
Note: Unlike internal networks, external networks cannot be created through self-service, and must be requested through a service request. Multisite external networks are available on special request only. Maximum bandwidth capacity per external network is up to 5 Gbps.
| Purchase Unit | Type | Ordering and Billing |
|---|---|---|
| External Network |
each |
Preordered, monthly fixed fee.
|
Infrastructure Port
To connect to a cabinet, carrier, Equinix Fabric, or in some cases a VDC in a remote data center, an Infrastructure Port is required. This is only offered in a redundant configuration, consists of switch ports configured in a redundant way, and includes the cross-connect. Both ports should be of the same bandwidth, with a choice between 1 Gbps and 10 Gbps. In combination with other Equinix services, Infrastructure Port is the basis for Hybrid-Cloud solutions.
EBC Single Tenant Network (deprecated service description)
The EBC platform offers various virtual network functionalities that you can configure through self-service on five Network Functions Virtualization (NFV) feature levels.
The table below provides an overview of these individual features.
| NFV Feature Level vAPP | Self-Service Feature Description | Equinix Virtual Routers Required | Costs Per VM |
|---|---|---|---|
| vApp (serving intervApp network traffic) |
|
Y3 | N |
- For VMs that use NFV features, a surcharge applies, calculated on the number of GB vRAM in those VMs.
- In the minimum configuration, 2 virtual routers in the size “Large” are created per VDC.
- For each Inter vApp network, 1 virtual router in the size “Compact” is created.
The virtual routers supplied by Equinix contain NFV functionalities for all VMs within the VDC.
Virtual Routers
To enable the full set of NFV functionalities in your VDC, Equinix delivers your VDC in the “Standard” NFV feature level by default. This requires the virtual routers supplied by Equinix in at least the size “Large.”
The virtual routers are available in four performance levels and offer NFV self-service functionalities for your VDC. These virtual routers manage internal and external traffic flows for your EBC environment. With these NFV functionalities, the desired security policy for the organization can be implemented at network level.
Virtual routers can be scaled up and down. The functionalities offered by the various Equinix virtual routers are as follows:
- Compact – Basic performance, automatically created for Inter vApp firewalls and routing
- Large – Standard performance for firewalls, routing, VPN and Load Balancing
- Extra Large – Medium performance Load Balancing and high performance firewalls, routing and VPN
- Quad Large – High performance Load Balancing
EBC Single Tenant Network Purchase Units
EBC Single Tenant Network consists of two purchase units: NSX licenses per type in GB vRAM and the Virtual Router per type.
The purchase unit for NSX licenses per type per GB vRAM applies to the Virtual Network feature levels of Advanced, Enterprise and Enterprise Plus. Licenses are calculated on the amount of GB VRAM of the virtual machines that use the virtual network functions.
A Virtual Router is also used for the feature levels of Advanced and Enterprise Plus. The purchase unit of a Virtual Router is the number of Virtual Routers deployed per type.
Calculation example of EBC Single Tenant Network
You have opted for feature level Advanced in the VDC. You use the Virtual Network functions for 4 VMs. These 4 VMs have 20 GB vRAM in use. The Virtual Router is of the Large type.
In this case, 20 GB vRAM is charged for the NSX licenses Advanced, in addition to the Virtual Router Large.
Network Services Consumption
The consumption of network services within EBC is charged as follows:
| Purchase Unit | Type | Billing |
|---|---|---|
| NSX License |
|
The NSX license is charged per GB vRAM of the VMs where an NSX function is used |
| NSX Virtual Router |
|
The Virtual Router is charged per router, Routers are ordered in advance and cannot be ordered via the self-service option. |
Within the VDC you can set up VMs and network services at your discretion.
Own Routers
If your organization prefers to use its own router or firewall solutions, you may consider using the Basic feature level. The NFV self-service features that require the virtual routers are not available for this level, avoiding charges.
Internal Networks
As part of the EBC service, 100 internal L2 networks per VDC are included in the service. You can create these networks through the self-service functionality. You can then share the internal networks between all owned VDCs within the same Equinix data center via self-service.
For internal networks between geographically separated data centers, stretched L2 networks can be used.
External Networks
External networks are an optional part of the EBC service up to a maximum of 25 per VDC. EBC External network is used for this purpose to extend L2 networks (VLANs) outside of a VDC.
Examples include connections to a cabinet or carrier, and to:
-
Equinix Managed Storage (file, block, object)
-
Equinix Application Platform (Kubernetes container platform)
-
Equinix Fabric
-
Equinix Connect
-
EBC environment in remote data center
VLANs connected via external networks are made available within EBC, and can be translated by Equinix to avoid overlap between other EBC tenants.
Note: Unlike internal networks, external networks cannot be created through self-service, and must be requested through a service request .
Infrastructure Port
To connect to a cabinet, carrier, Equinix Fabric, or in some cases a VDC in a remote data center, an Infrastructure Port is required. This is only offered in a redundant configuration, consists of switch ports configured in a redundant way, and includes the cross-connect. Both ports should be of the same bandwidth, with a choice between 1Gb and 10Gb. In combination with other Equinix services, Infrastructure Port is the basis for Hybrid-Cloud solutions.
Virtual Routers
To enable the full set of Network Function Virtualization (NFV) features, Equinix typically deploys the VDC in the Standard NFV feature level. The Standard set of features requires the EBC virtual router in at least the size, Large, which is sufficient in most cases.
EBC virtual routers (or, virtual routers) are available in 3 performance levels. Depending on feature and performance needs, the virtual router can be upgraded from Large to a Quad-Large or X-Large size. The Standard NFV feature level provides self-service functionality for your VDC, by managing internal and external traffic flows. Using the NFV features, the desired security policy for your organization can be implemented at network level.
Virtual routers support routing, load balancing, and VPN features in firewall services. A single virtual router supports routing up to 100 internal networks by applying the standard and advanced routing methods. Combined with external networks (for connections to carrier, or Equinix Fabric), a virtual router is capable of realizing most network configurations.
Standard Routing
With standard routing, up to 8, (internal and / or external) networks can be attached to a single virtual router. Routing takes place within the virtual router itself. External networks can only be connected via the standard routing method.
Advanced Routing
With advanced routing, up to 100 internal networks can be attached to a single network interface of a virtual router and is referred as Distributed Logical Routing (DLR). Because it is a logical router, changes to the routing table (for example, adding / removing an internal network) are automatically configured by the platform.
Traffic to and from advanced routed internal networks remain within the hypervisor layer and does not pass the virtual router, which impacts firewalls. Network traffic between standard routed networks always passes the virtual router.
The benefits of advanced (distributed) routed networks are mainly the improved scalability of routed internal networks. Secondly, advanced routed networks have a positive effect on bandwidth and latency. Advanced routing is available in NFV feature level Standard, and up to 8 internal and external networks can be attached to the same virtual router using the standard routing method.
Firewall
The EBC platform supports layer-4 (L4) stateful firewall services in the Standard and Advanced variants.
Standard Firewall
Standard firewalls are supported in the typical way by IP address, IP segment, port, and service, on networks attached to the virtual router. This type of firewall requires the presence of the virtual router.
Standard firewalls are supported for standard routed networks. To firewall VM’s connected to advanced routed networks, advanced firewalls are required.
Advan ced Firewall
Advanced firewall support on and between standard and advanced routed networks is an important security feature of the EBC platform. This enables the use of micro-segmentation and contributes to the principle of Zero Trust Networking.
Advanced firewalls are available starting from NFV feature level Advanced. This type of firewall service is also called Distributed Firewalling (DFW). Micro-segmentation makes it is possible to apply firewall rules based on dynamic groups. Examples are, firewall rules based on VM names, tags, and names of internal networks. It is even applicable to firewall network traffic within a single layer-2 (L2) network.
Advanced firewalls are supported on standard and advanced routed networks, internal and external networks, and are independent of the presence of a virtual router. This is because firewalls occur on the virtual network card (vNIC) of a VM, and not on a router interface.
Connectivity Use Cases
These use cases offer an overview of the EBC connectivity options, allowing the EBC platform to connect to:
-
Colo / Carrier – Connects to Colo (cabinet) or Carrier in the same or remote data center
-
Equinix Fabric – Allows any business to connect its own distributed infrastructure to any other company's infrastructure on Platform Equinix across a globally connected network
-
Equinix Connect – Provides direct internet access
-
EBC Single–Site – Connects within a single EBC site
-
Stretched Layer-2 Shared – Interconnects between 2 EBC sites over a shared transport layer
-
Stretched Layer-2 Dedicated – Interconnects between 2 EBC sites over a dedicated transport layer
Colo/Carrier
For the EBC environment to be connected to a Colo (cabinet) or Carrier, EBC External network and Infrastructure Port are necessary. This way, up to 25 external networks (L2) per VDC can be routed within the local data center, to a remote (Equinix) data center, or an on-premises platform.
In many situations, routing (layer-3) functionality is needed. In these cases, Equinix can provide this via:
-
EBC Virtual Router
-
Managed Firewall
-
Managed Router
To avoid having overlapping VLAN numbers between customers, the VLAN number of each external network offered is translated into a VLAN number issued by Equinix. The translated VLAN number is used within EBC and its related services.
The following table shows which Equinix services are required for the use cases.
| External Network Options | EBC to Cabinet / Carrier in Same EQX DC |
|---|---|
| Type of connectivity | Dedicated connectivity |
| Included Equinix services | 2x Cross-Connect |
| Additional required Equinix services | ≥ 1x EBC External network
1x Infrastructure Port - redundant |
| Bandwidth | 1 / 10 Gb |
| Remarks | Customer VLANs are likely to be translated |
| External Network Options | EBC to Cabinet / Carrier in Remote EQX DC |
|---|---|
| Type of connectivity | Dedicated connectivity |
| Included Equinix services | 4x Cross-Connect |
| Additional required Equinix services | ≥ 1x EBC External network
1x Dual-diverse Metro Connect 1x Infrastructure Port – redundant |
| Bandwidth | 1 / 10 Gb |
| Remarks | Customer VLANs are likely to be translated |
Equinix Fabric
To connect the EBC environment to Equinix Fabric, a combination of services is needed. These include Equinix Fabric ports, EBC External networks, and Infrastructure Ports. Most providers connected to Equinix Fabric require routed (layer-3) based connection. To support Fabric connections to the EBC environment, BGP based routers are required in general. Equinix can provide this type of router via:
-
EBC Virtual Router
-
Managed Firewall
-
Managed Router
Fabric ports can be local or in a different Equinix data center (metro) depending in which Equinix data center the VDC is deployed. If EBC is deployed in AM3, it's local. In ZW1 and EN1, connections are of the type metro, since Fabric equipment is located within the Amsterdam metro area.
Fabric connections are offered in a redundant way. Therefore, 2 Fabric ports (primary and secondary), and 2 virtual connections (one per port) are required. Fabric connections themselves can be of type local or remote, depending where the service provider is located in the Amsterdam region. See Equinix Fabric to learn more.
The following table shows which Equinix services are needed for these use-cases.
| External Network Options | EBC (AM3) to Fabric in Same EQX DC |
|---|---|
| Type of connectivity | Dedicated connectivity |
| Included Equinix services | 2x Cross-Connect |
| Additional required Equinix services | 2x Fabric port ≥ 2x EBC External network 1x Infrastructure Port – redundant ≥ 2x Fabric Connection (local or remote) |
| Bandwidth | 1 / 10 Gb |
| Remarks | 2 Fabric connections per provider are needed. For each connection one EBC External network is required |
| External Network Options | EBC (ZW1 / EN1) to Fabric in Remote EQX DC |
|---|---|
| Type of connectivity | Dedicated connectivity |
| Included Equinix services | 4x Cross-Connect 2x Path-protected Metro-Connect |
| Additional required Equinix services | 2x Fabric metro port ≥ 2x EBC External network 1x Infrastructure Port – redundant ≥ 2x Fabric Connection (local or remote) |
| Bandwidth | 1 / 10 Gb |
| Remarks | 2 Fabric connections per provider are needed. For each connection one EBC External network is required |
| External Network Options | Dual EBC (AM3 + ZW1 / EN1) to Fabric |
|---|---|
| Type of connectivity | Dedicated verbinding |
| Included Equinix services | 8x Cross-Connect 2x Path-protected Metro-Connect |
| Additional required Equinix services | 2x Fabric port 2x Fabric metro port 1x Dual-diverse Metro-Connect ≥ 8x EBC External network 2x Infrastructure Port – redundant ≥ 2x Fabric Connection (local or remote) |
| Bandwidth | 1 / 10 Gb |
| Remarks | 2 Fabric connections per provider are needed. For each connection one EBC External network is required. Connections in both DC’s are local redundant. |
Equinix Connect
To directly connect the EBC environment to the Internet, a dedicated connection in the form of an Equinix Connect (EC) may be required. A dedicated EC is advised when requirements include:
-
A dedicated link with 1Gb or higher bandwidth
-
Anti-DDoS
-
Customer provided IP blocks (own ASN supported, not required)
-
Equinix supplied IP blocks of /29, /28 or /27
The EC connection is connected to the EBC environment by applying EBC External network and Infrastructure Port. This requires BGP based routers. Equinix can provide this via:
-
EBC Virtual Router
-
Managed Firewall
-
Managed Router
The following Equinix services are needed for these use-cases.
| External Network Options | EBC to EC in Same EQX DCc |
|---|---|
| Type of connectivity | Dedicated verbinding |
| Included Equinix services | 2x Cross-Connect |
| Additional required Equinix services | 1x Equinix Connect port (multi-homed) ≥ 2x EBC External network 1x Infrastructure Port – redundant |
| Bandwidth | 1 / 10 Gb |
| Remarks | — |
| External Network Options | Dual-Site EBC (AM3 + ZW1 / EN1) to EC |
|---|---|
| Type of connectivity | Dedicated verbinding |
| Included Equinix services | 8x Cross-Connect |
| Additional required Equinix services | 1x Dual-diverse Metro-Connect 2x Equinix Connect port (multi-homed) ≥ 8x EBC External network 2x Infrastructure Port - redundant |
| Bandwidth | 1 / 10 Gb |
| Remarks | Both multi-homed connections are local redundant |
EBC Single–Site
When communication is required within a single EBC location, EBC External network can be used. In this way, layer-2 (L2) communication between EBC Flex, EBC ST, Shared Managed Storage (file, block, object) and Application Platform (Kubernetes container platform) is possible.
| External Network Options | EBC Single – Site |
|---|---|
| Type of connectivity | — |
| Included Equinix services | — |
| Additional required Equinix services | 2x EBC External network |
| Bandwidth | Upto 10 Gb |
| Remarks | Up-to a max. of 25 |
EBC Dual-Site
When EBC services are consumed at 2 locations, Stretched Layer-2 Shared and Stretched Layer-2 Dedicated are available for realizing L-2 connectivity. Both are applicable for EBC and Equinix Managed Services products such as Managed Storage (file, block, object) and Application Platform (Kubernetes container platform).
The choice between the two is determined by the amount of bandwidth and number of external networks required.
| External Network Options | Stretched Layer-2 Shared | Stretched Layer-2 Dedicated |
|---|---|---|
| Type of connectivity | Shared connectivity | Dedicated connectivity |
| Included Equinix services | 2x EBC External network | 4x Cross-Connect 2x EBC External network |
| Required Equinix services | ≥ 1 Stretched Layer-2 Shared |
1x Dual-Diverse Metro-Connect 2x Infrastructure Port (primary) 2x Infrastructure Port (secondary) |
| Bandwidth | To 100 Mb / 1 Gb | To 1 Gb / 10 Gb |
| Max. # Stretched Layer-2 connections per VDC | 25 | 25 |
Stretched Layer-2 Shared
This is the best choice when less than 10 External Networks are needed between 2 EBC locations, and a maximum bandwidth of 1 Gb is sufficient.
Stretched Layer-2 Dedicated
This option is the best choice if more than 10 External Networks are required, and/or 1 Gb or more bandwidth is needed.
