Skip to content

Hybrid Bonded Mode

Equinix Metal™ allows users to change the networking mode of servers from the default Layer 3 Bonded mode to a Hybrid Bonded Layer 3 and Layer 2 mode.

Hybrid Bonded mode enables a highly available “bonded” setup of 2 networking interfaces that supports both Layer 2 and Layer 3 modes at the same time. This keeps the functionality of supporting both Layer 2 and Layer 3, but does so while maintaining a highly available bonded networking interface that spans 2 diverse upstream switches.

Hybrid Bonded Diagram

This is a way to implement common hybrid cloud networking models such as running firewalls, custom gateways, ingress controllers and other types of proxies that face the Internet on one side and private Layer 2 infrastructure on the other side.

Availability and Compatibility

Hybrid Bonded mode is available in all Equinix IBX locations on Equinix Metal 3rd generation servers.

Servers in Equinix Metal's other data centers from previous generations can still use Hybrid Unbonded mode.

Enabling Hybrid Bonded Mode

Enabling Hybrid Bonded mode can be done by attaching a VLAN to the bond0 port on your server.

In the Equinix Metal console, navigate to the server's Network page, click Convert To Other Network Type, select Hybrid, and choose Bonded.

Then, select the VLAN from the drop-down, which will allow you to attach a VLAN to the bond0 port. Click Assign New VLAN and Convert to Hybrid Networking to start the changes.

Converting to Hybrid Bonded mode options panel

If you are in an Equinix Metal data center that does not support Hybrid Bonded mode, you will only have the option to convert to Hybrid Unbonded mode.

In the API, you attach a VLAN to a port by sending a POST to the /ports/{id}/assign endpoint.

You have to specify the port ID the VLAN is going to be attached to in the path, and it needs to be the UUID for that port as returned by the /devices/{id} endpoint.

The ID of the VLAN is sent in the body of the request, and it can be either the VLAN's UUID as returned by the /projects/{id}/virtual-networks endpoint or the vxlan ID that is in the console.

curl -X POST \
-H "Content-Type: application/json" \ 
-H "X-Auth-Token: <API_TOKEN> " \
"https://api.equinix.com/metal/v1/ports/{id}/assign" \
-d '{
    "vnid": "c4032b18-5494-451b-a779-a7d3c536bfd7"
    }'

Configuring Your Servers

Once you have attached the VLAN, you will need to configure the networking on the server's operating system to use the VLAN on bond0. Because traffic from both Layer 3 and the VLAN are going through bond0, IP packets that arrive at the host will have the VLAN ID populated.

  1. Enable VLAN support.

    modprobe 8021q
    lsmod | grep 8021q
    echo "8021q" >> /etc/modules-load.d/networking.conf
    
  2. Add the VLAN to bond0. VLAN_ID should match the VLAN ID (vxlan or vnid) found on the console.

    ip link add link bond0 name bond0.<VLAN_ID> type vlan id <VLAN_ID>
    

    For example,

    ip link add link bond0 name bond0.1036 type vlan id 1036
    
  3. Add 192.168.100.1 IP address to the VLAN. IP addresses in the 192.168 range are recommended, as the 10.0.0.0/8 range is used internally by Equinix Metal. For example,

    ip addr add 192.168.100.1/24 brd 192.168.100.255 dev bond0.1036
    ip link set dev bond0.1036 up
    

    To make the changes permanent, configure /etc/network/interfaces with the IP address to the desired IP from your chosen block. For example,

    auto bond0.1036
    iface bond0.1036 inet static
    pre-up sleep 5
    address 192.168.100.1
    netmask 255.255.255.0
    vlan-raw-device bond0
    

    Note: The line pre-up sleep 5 helps to prevent conflicts on bond0 when the server boots.

  4. Ensure the IP address is configured.

    ip -d link show bond0.1036
    

You need to run through the same steps on all the servers that you want to attach to the VLAN, assigning a different IP address to each.

Adding multiple VLANs

Adding multiple VLANs to the bond is supported, you just have to make sure that the interface will receive packets destined for each VLAN.

To attach another VLAN in the console, navigate to the server's Network page. In the Layer 2 section, click Add New VLAN, which will allow you to attach a VLAN to the bond0 port.

Adding a second VLAN slide-out panel

Click Add to start the changes.

The procedure for attaching multiple VLANs in the API is the same as attaching the first VLAN. Send a POST request to the /ports/{id}/assign endpoint.

You have to specify the port ID the VLAN is going to be attached to in the path, and it needs to be the UUID for that port as returned by the /devices/{id} endpoint.

The ID of the VLAN is sent in the body of the request, and it can be either the VLAN's UUID as returned by the /projects/{id}/virtual-networks endpoint or the VLAN ID that is in the console.

curl -X POST \
-H "Content-Type: application/json" \ 
-H "X-Auth-Token: <API_TOKEN> " \
"https://api.equinix.com/metal/v1/ports/{id}/assign" \
-d '{
    "vnid": "c4032b18-5494-451b-a779-a7d3c536bfd7"
    }'

Once the VLAN is attached, you repeat the process for configuring your servers to create the additional tagged interface.

Testing the VLAN Connection

You should now be able to communicate between hosts over your VLAN.

root@layer2:~# ping -I eth1 192.168.1.2
PING 192.168.1.3 (192.168.1.3) from 192.168.1.4 eth1: 56(84) bytes of data.
64 bytes from 192.168.1.3: icmp\_seq=1 ttl=64 time=0.106 ms
64 bytes from 192.168.1.3: icmp\_seq=2 ttl=64 time=0.110 ms
64 bytes from 192.168.1.3: icmp\_seq=3 ttl=64 time=0.115 ms
^C
--- 192.168.1.3 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 0.106/0.110/0.115/0.009 ms

Converting Back to Layer 3

To go back to the default Layer 3 networking configuration, all you have to do is remove any and all VLANs from the instance’s ports.

To detach a VLAN in the console, navigate to the server's Network page. In the Layer 2 section, click Remove next to the VLAN you are detaching from the server. Confirm that you wish to remove it by clicking Yes.

Removing a VLAN

Note that detaching the VLAN from this server does NOT delete it from your project. The VLAN will continue to exist after detaching it from the server.

In the API, you detach a VLAN to a port by sending a POST to the /ports/{id}/unassign endpoint.

You have to specify the port ID the VLAN is attached to in the path, and it needs to be the UUID for that port as returned by the /devices/{id} endpoint.

The ID of the VLAN is sent in the body of the request, and it can be either the VLAN's UUID as returned by the /projects/{id}/virtual-networks endpoint or the VLAN ID that is in the console.

curl -X POST \
-H "Content-Type: application/json" \ 
-H "X-Auth-Token: <API_TOKEN> " \
"https://api.equinix.com/metal/v1/ports/{id}/unassign" \
-d '{
    "vnid": "c4032b18-5494-451b-a779-a7d3c536bfd7"
    }'

Once all the VLANs are removed from the port, bond0 will be back on Layer 3 mode. From there you can use any other of the existing network modes.