Layer 2 Only Bonded Mode

Equinix Metal™ allows users to change the networking mode of a server from the default Layer 3 Bonded mode to modes that only use Layer 2 networking over VLANs. This means all access to the public Internet is lost, and the host can only be reached by the Serial Over SSH (SOS) console or from other servers attached to the same VLAN.

Layer 2 Bonded mode preserves the bonded setup of two networking ports connected to the two top-of-rack switches, and you are able to attach VLANs to the bonded interface. This protects your networking from failure, maintenance, or other interruptions on one of the switches.

Layer 2 Bonded Diagram

General Overview

Layer 2 Bonded mode preserves the bond, preserving the redundancy and advantages of having traffic flow over both server ports and top-of-rack switches.
You can then add VLANs to bond0 for your Layer 2 traffic. If you are only adding one VLAN to bond0, traffic can not be tagged.
If you are adding more than one VLAN to bond0, you will need to create subinterfaces to handle tagged traffic for each VLAN and/or you have to set a Native VLAN to handle untagged traffic.

Converting to Layer 2 Bonded Mode

To use Bonded Layer 2 mode, you must first change your networking configuration to Layer 2. From the portal, navigate to the server's Network page, click Convert To Other Network Type and choose Layer 2.

Console
CLI
API

In the Equinix Metal console, navigate to the server's Network page, click Convert To Other Network Type and choose Layer 2. Select the Bonded mode. Click Convert to Layer 2 to start the conversion.

Converting to Layer 2 Bonded mode panel

When it is finished, you will be back on the server's Network page.

In the Layer 2 section, click Add New VLAN, which will allow you to assign a VLAN to the bond0 port. Click Add to start the changes.

Adding a VLAN to bond0

Convert the bonded interface to Layer 2 with the metal port convert command, specifying the UUID of bond0 for the --port-id.

metal port convert --port-id <bond0_id> --layer2 --bonded

Then, assign a VLAN to bond0 with the metal port vlan command. Specify the UUID of bond0 for the --port-id and the VLAN that you are assigning to --assign.

metal ports vlan --port-id <bond0_id> --assign <VLAN_id>

In the API, you can convert the bonded interface to Layer 2 and assign the VLAN by submitting a POST request to the /ports/{id}/convert/layer-2 endpoint, with the port ID specified in the path. For Layer 2 Bonded mode, it needs to be the UUID for bond0 as returned by the /devices/{id} endpoint.

curl -X POST \
-H "Content-Type: application/json" \
-H "X-Auth-Token: <API_TOKEN>" \
"https://api.equinix.com/metal/v1/ports/{id}/convert/layer-2" \
-d '{
    "vnid": "<vlan_ID>"
    }'

The 'vnid' is the ID of the VLAN that is sent in the body of the request. The ID an be either the VLAN's UUID as returned by the /projects/{id}/virtual-networks endpoint, or the VLAN ID that is in the console.

Remember: once you have clicked Convert to Layer 2 in the console, or submitted the request to the API, the existing IP Addresses will be removed and the server will no longer be accessible through the Internet. You will still be able to use the SOS console to connect.

Attaching Multiple VLANs

Adding multiple VLANs to the bonded interface is supported. This does affect the server configuration as you will have to make sure there is a subinterface that will receive packets destined for each VLAN and/or you set a Native VLAN to handle untagged traffic.

Console
CLI
API

To assign multiple VLANs to an interface, navigate to the server's Network page. In the Layer 2 section, click Add New VLAN, which will allow you to assign additional VLANs to the bond0 port.

Adding multiple VLANs slide-out panel

Click Add to start the changes. Note that if you assign multiple VLANs at once, they are added through an asynchronous batch process, which begins immediately, but may take some time to complete.

To assign another or multiple more VLANs, use the metal port vlan command, and specify each VLAN you are assigning to bond0.

metal port vlan --port-id <bond0_id> --assign <vlan> --assign <vlan>

The procedure for assigning a single additional VLAN to an interface in the API is the same as assigning the first VLAN. Send a POST request to the /ports/{id}/assign endpoint.

curl -X POST \
-H "Content-Type: application/json" \
-H "X-Auth-Token: <API_TOKEN> " \
"https://api.equinix.com/metal/v1/ports/{id}/assign" \
-d '{
    "vnid": "c4032b18-5494-451b-a779-a7d3c536bfd7"
    }'

It is also possible to assign VLANs to a port in bulk, as part of an asynchronous batch process. Send a POST request to the /ports/{id}/vlan-assignments/batches endpoint an array of VLAN assignments in the body of the request.

curl -X POST \
-H "Content-Type: application/json" \
-H "X-Auth-Token: <API_TOKEN> " \
"https://api.equinix.com/metal/v1/ports/{id}/vlan-assignments/batches" \
-d '{
    "vlan_assignments": [
        {
            "vlan": "string",
            "state": "assigned"
        },
        {
            "vlan": "string",
            "state": "assigned"
        },
    ]
}'

Configuring Your Servers for Layer 2 Bonded Mode

Once you have converted the server to Layer 2 Bonded mode and assigned the VLAN to bond0, you will need to configure the networking on the server's operating system and assign it an IP address on the VLAN.

Note - Since all Equinix Metal assigned IP addresses were removed when you converted this server to Layer 2, you are free to use whatever subnets you need, but you may have to remove any existing networking configuration in the server's operating system to prevent conflicts.

There are two example configurations, the first example is a configuration for assigning a single VLAN, and the second example is for assigning multiple VLANs.

Remember you will need to use the SOS/OOB Console to SSH into your server.

For a Single VLAN on `bond0`

If you have only one VLAN, do not tag the packets, and assign the VLAN IP Address directly to bond0.

Ubuntu or Debian

Install and configure the prerequisites for VLANs.
```
modprobe 8021q
echo "8021q" >> /etc/modules
```
Configure bond0 with an IP address for the VLAN. The example uses IP address 192.168.1.2/29.
```
ip addr add 192.168.1.2/29 dev bond0
```
To make the networking configuration permanent and survive server reboots, edit bond0 in the /etc/network/interfaces file.
```
auto bond0
iface bond0 inet manual
    address 192.168.1.2
    netmask 255.255.255.248
    pre-up sleep 4
```

You will need to run through the same steps on all the servers that you want to attach to the VLAN, assigning a different IP address to each.

For Multiple VLANs on `bond0`

If you are using multiple VLANs on bond0, IP packets will have the to be tagged, and you will need to setup subinterfaces that will receive packets destined for each VLAN.

Note: If you need support for untagged packets, set the VLAN that handles the untagged traffic as the Native VLAN.

Ubuntu or Debian

Install and configure the prerequisites for VLANs.

apt-get install vlan
modprobe 8021q
echo "8021q" >> /etc/modules

Add new subinterfaces on bond0 to handle tagged traffic, one for each VLAN, and assign them IP addresses. Use your VLAN IDs from the Equinix Metal VLAN as in the VLAN_ID fields. The example uses VLAN IDs 1000 and 1001 and IP addresses 192.168.1.2/29 and 192.168.100.2/29.

ip link add link bond0 name bond0.1000 type vlan id 1000
ip addr add 192.168.1.2/29 dev bond0.1000
ip link add link enp1s0f1 name bond0.1001 type vlan id 1001
ip addr add 192.168.100.2/29 dev bond0.1001

To make the networking configuration permanent and survive server reboots, add the new subinterfaces to the /etc/network/interfaces file.

auto bond0.1000
iface bond0.1000 inet static
    address 192.168.1.2
    netmask 255.255.255.248
    vlan-raw-device bond0

auto bond0.1001
iface bond0.1001 inet static
    address 192.168.100.2
    netmask 255.255.255.248
    vlan-raw-device bond0

Bring up the interfaces, and check that they came up.

ip link set dev bond0.1000 up
ip -d link show bond0.1000

ip link set dev bond0.1001 up
ip -d link show bond0.1001

You will need to run through the same steps on all the servers that you want to attach to the VLANs, assigning different IP addresses to each.

Converting Back to Layer 3

If you are in Layer 2 Bonded mode and want to go back to Layer 3, you must first remove any attached VLANs.

To detach a VLAN in the console, navigate to the server's Network page. In the Layer 2 section, click Remove next to the VLAN you are detaching from the server. Confirm that you wish to remove it by clicking Yes.

Removing a VLAN

Detaching the VLAN from this server does NOT delete it from your project. The VLAN will continue to exist after detaching it from the server.

Then, to convert back to Layer 3, click Convert To Other Network Type, select Layer 3. Click Convert to Layer 3 to start the process.

Converting from Layer 2 to Layer 3

Note - Being in Layer Bonded Mode removed the server's public IP addresses. If the server is later converted back to Layer 3, new public IP addresses are assigned and the server is accessible to the public Internet

General Overview​

Converting to Layer 2 Bonded Mode​

Attaching Multiple VLANs​

Configuring Your Servers for Layer 2 Bonded Mode​

For a Single VLAN on bond0​

For Multiple VLANs on bond0​

Converting Back to Layer 3​