Connecting Virtual and Physical Environments

Connecting customer environments together is as important as connecting to clouds and the Internet for most customers.

As the Equinix FabricEquinix Fabric is an advanced interconnection solution that improves performance by providing a direct, private network connection. grows, more network service providers and enterprises are joining the platform, offering their products and services. Occasionally, the destinations you need to reach from your virtual device are not already present on the Equinix Fabric and an alternative for reaching them is required.

To connect a virtual device to a physical environment, the user needs to access the outside physical world from a device that is deployed on a shared compute node with virtual interfaces. This is usually done with cross connects from one data center or cage space to the next.

In order to facilitate this same activity with a virtual device that does not occupy a cage, we virtualize certain aspects of the solution, and there are many ways to do so.

This document focuses primarily on connecting to your Network Service Provider (NSP)A Network Service Provider (NSP) is a business entity that provides and sells services such as network access (local loop, wide area network (WAN), and Internet transit) and bandwidth. NSPs are also referred to as carriers., a specific and common use case that often involves a physical aspect to the solution. However, connecting to another destination that is not already on Equinix Fabric is basically the same process.

All Network Edge devices connect to the outside world through the Equinix Fabric platform or through the Internet (Equinix ConnectEquinix Connect is a turnkey solution for customers to connect to the Internet. You connect your equipment to an Equinix-provided router or switch by means of one or more physical cross connects.), and this satisfies many use cases with no further connection needs. However, many users find that they want their virtual devices connected to an NSPNetwork Service Provider that they will or are already doing business with. Often this helps normalize the device with the rest of a global network deployment by integrating it with an existing MPLS network.

ConnectionConnection refers to any solution that results in the ability to pass data from one point to another. Connections can be made with Layer 2 or Layer 3 technology, might involve several parts or components, and can be created from the portal or with APIs. is facilitated through the Equinix Fabric, and all traffic flowing in and out of the Equinix Fabric does so through a physical port, whether it is dedicated to a single user or service, or it is used in a multi-tenant way.

For a virtual device user to get to a network service that you have procured, there are a few ways this can be done through the Equinix Fabric with BYOC.

NSP is a Seller on Equinix Fabric

In this scenario, the network provider offers its network products and services publicly through the Equinix Fabric. The virtual device owner will create a connection to the known, published service Equinix Fabric. This is the simplest method for virtual device owners, and we encourage network providers to participate in the Equinix Fabric ecosystem wherever possible.

If the NSP has a presence on the Equinix Fabric, find them in the list of services available and create a connection.

Bring Your Own Network Service

The user purchases connectivity from a network provider in a specific data center, and the NSP terminates that connectivity as a port in an Equinix facility, providing necessary details so that you can order a port and connect to it through Equinix Fabric.

If you'd like to connect to a network provider with a virtual device, but the network provider is not present on Equinix Fabric as a sellerA seller is a user who makes their services available to end customers through Equinix Fabric., they must be able to do one of two things:

  1. Have a presence on the Equinix Fabric that they use for buying Equinix Fabric service and be able to use that port as a destination for you to connect to.
  2. Have a physical presence in Equinix facilities where they can reserve a physical port for you and generate a Letter of Authorization/Customer Facilities Assignment (LOALetter of Authorization. The document issued by one telecom carrier to another carrier giving them permission to use a specified assignment for interconnection./CFA). If the NSP uses this method the virtual device owner will follow this process to get connected to the LOA/CFA.


LOA/CFA is permission that the owner of a space in a data center grants to another that allows access to their cage for a certain purpose. The CFA is a specific location in the data center, usually referring to cabinets, shelves, and plugs, where the connection shall occur.

Remote Port

A port is a physical place where interconnection occurs between two parties. The cables from each party are physically plugged together so that data can pass. With a remote port, the port is owned by the customer, but the location is not. The virtual device customer procures a remote port and owns that port in a physical location that the customer has no actual presence in.

A remote port can be used when there is no physical CPE router collocated in an Equinix data center. The virtual router can be connected to the Equinix Fabric switch via a Layer-2 service profile with the NSP connection terminated directly on the Equinix Fabric switch. The service profile is owned by the customer who is responsible for setting the correct attributes to establish connectivity.

To connect, place an order with your NSP and then provide Equinix with the LOA/CFA giving Equinix the authorization to connect between the NSP demarcation point and the Equinix Fabric switch. As in the case of a physical connection, you can also connect to any location on the fabric (local or remote)

Connect To Your Collocated Resources

Customer provided equipment may be collocated within an Equinix data center. In order to reach it, you need a physical port on the cloud exchange and a defined service profile to connect the virtual router. The virtual cross-connect can happen between any two locations on the Equinix Fabric (either local or remote). In the diagram below, the owner of a virtual device has connected remotely to a cage in another metro using the Equinix Fabric as the method for reaching the port.

Ultimately, the way we facilitate any connection from virtual to physical, including a network connection from the customer provider, is through the Equinix Fabric.

The reasons for connecting virtual and physical environments are numerous and may include:

  • Connecting the virtual device to a LAN or WAN network.

  • Connecting the device to an existing global NSP that the user is contracted with for MPLS, EVPL, Internet, or other telecommunications services.

  • Chaining the virtual device to another virtual or physical device or environment off the Equinix platform.

  • Attaching the device to the edge of other private resources such as deployed servers, storage, or other IT equipment.

Basic Steps and Concepts to Connect

In any of the scenarios explained above, the basic connection steps are about the same. The implementation of them may differ depending on which method you need.

Order Network Services

The first step is to order services from the network provider. Equinix offers no specific guidance on which providers and products are best. However, when Equinix observes deployments from specific providers and product types that go well, we catalog them in our documentation so customers know which ones work best. If the NSP is part of the Equinix Fabric, there is a very good chance that their product will interoperate well with your device.

When terminating network services to your virtual device, there may be special configurations needed to ensure they operate properly. The user is responsible for ensuring this is done properly on their device. While Equinix cannot predict or specify the exact needs of every NSP and their portfolio of products globally, the services typically boil down to a few categories:

  • Ethernet type Layer 2 services such as EVPL, E-LAN, or EPL

  • Layer 2.5 type services such as MPLS

  • True Layer 3 peering services such as IPVPN or DIA/high-speed internet

Each of these network services will drive different needs on your device, whether it be IP addressing, protocol configuration and enablement, VLAN assignment, rate limitingA rate limit is a bandwidth control placed on a connection or service that limits the amount of traffic that can be sent or received to an amount less than the physical size of the ports. This is also referred to as a policer or “policing” a service, and is typically implemented using a VLAN on a sub-interface., or others.

Not all traffic types have been tested to work with every virtual device, but the platform is designed to be quite open and flexible. Your NSP’s guidance on configuration will be very important to the success of the interconnection.

Equinix has a few rules of thumb when deciding and provisioning network services that will increase the likelihood of it being successful:

  • The handoff from your network provider must be a VLAN-tagged service, whether it is already on Equinix Fabric or you will connect it to Equinix Fabric.

  • The customer needs to know the VLAN assigned to the traffic so it can be configured properly on the Equinix Fabric.

  • The NSP should provide the necessary IP addressing, label switches, VLAN, or other logical inventory needs to fully configure the device and the port.

  • If you terminate a public Internet service, the number of routes may be restricted because a full Internet routing table could heavily burden the performance of a virtual device. We recommend you either consider physical deployments for route tables beyond 2-5K routes, or deploy with network address translation (NAT).

  • Your NSP service should be policed or rate limited and should never exceed the total size of your virtual device licensed throughput.

    Nearly any protocol

Nearly any protocol can be supported if the specification from your virtual device vendor says it is supported, but we cannot test every single one. See the Equinix Fabric documentation to discover if there are any limitations to that platform for your traffic type. See the Device Configuration section in the Network Edge documentation for specific vendor limitations.

Buy and Configure Equinix Fabric

In order to connect through the Equinix Fabric, certain things must be present, whether they are owned by the NSP or the customer. In order to connect from one side to the other, two ports and a connection between them is required. Fortunately, many of these components are already present.

On the virtual device side, each device already comes with a virtual port facing the Equinix Fabric. Therefore, bulk of the work needed is to get to the network service (or the Z-Side):

  • If the NSP is an actively selling services on the Equinix Fabric, simply create a connection to that service, so you can jump to the next step.

  • If the NSP provides a port on the Equinix Fabric, they will specify which service to connect to. You can jump to the next step to connect the device, but must first have permission from the NSP to see the service.

  • If the NSP provides a physical tie-down location only in an Equinix data center, procure a port to connect the NSP to, and then define a service around that port so that you can connect to it

When you opt to connect to your NSP from a virtual device, we recommend that you use the special connection flows rather than standard create connection flows. This will ensure your NSP connection is on a discrete interface and VRF that allows you to configure it separately and differently from other Equinix Fabric cloud traffic. Each virtual device is launched with a reserved network provider interface whether you opt to use it or not.

Service Profiles

Connect to anything on the Equinix Fabric as a destination or Z-end by using a service profile. Anyone can create a service profile on Equinix Fabric with a port, and the service profile can be private so that only users in your customer organization can see and use it. You can allow other Network Edge and Equinix Fabric users to see your private profile even if they are not part of your organization or account.

Additionally, you can delete the profile or remove the port from the profile immediately after creating a connection from your device to the port, and the connection remains in place. Users can also add BGPBorder Gateway Protocol. A standardized exterior gateway protocol designed to exchange routing and reachability information between autonomous systems on the internet. settings to ensure peering occurs between the environments. For this type of connectivity, Equinix recommends a Layer-2 service profile.

Go to the My Company section in the Equinix Fabric documentation for more information about service profiles.

Related Topics

Connecting to a Network Service Provider

Adding BGP To Connections