Equnix Metal
Loading...

Hybrid Unbonded Mode

COMMAND LINE

Copy to clipboard

Hybrid Unbonded Mode

In Hybrid Unbonded mode one network interface is removed from the Layer 3 bond and placed in Layer 2 mode. VLANs can then be assigned to this interface for Layer 2 connectivity while preserving the Layer 3 connectivity, so the server can still be accessed via the public IP.

Hybrid Unbonded Diagram

Although this is desirable in some situations, it introduces a single point of failure either on the upstream switch or the network interface. An outage, maintenance event, or reboot on either one of the switches will cause network interruptions.

If you have high-availability concerns, the Hybrid Bonded mode supports both Layer 2 and Layer 3 while maintaining the highly available “bonded” networking interface that spans 2 diverse upstream switches. However, Hybrid Bonded mode is only available in Equinix IBX locations. If you are in the legacy Equinix Metal data centers, then you will be limited to using Hybrid Unbonded mode.

Converting to Hybrid Unbonded Mode

Hybrid Unbonded mode removes the eth1 interface from the LACP bond, allowing you to add Layer 2 VLANs to eth1 while preserving the elastic IPs assigned to the bonded Layer 3 interface.

In order to use Hybrid Unbonded mode, you must first change your networking configuration to Hybrid mode. In the console, navigate to the server's Network page, click Convert To Other Network Type, select Hybrid, and choose Unbonded. Click Convert to Hybrid Networking to make the changes.

Converting to Hybrid Unbonded mode options panel

Then, from the server's Network page, click Add New VLAN. Choose eth1 as the interface and select the Virtual Network ID (VNID, or VLAN ID) you wish to use.

Adding a VLAN to eth1

To assign multiple VLANs at once, keep adding VLANs from the drop-down. Note that if you assign multiple VLANs at once, they are added through an asynchronous batch process, which begins immediately, but may take some time to complete.

First, you will need to remove eth1 from the bond. Send a POST request to the /ports/{id}/disbond endpoint.

You have to specify the port ID of eth1 in the path, and it needs to be the UUID for that port as returned by the /devices/{id} endpoint.

Set the bulk_disable field to false in the body of the request.

curl -X POST -H "Content-Type: application/json" -H "X-Auth-Token: <API_TOKEN>" "https://api.equinix.com/metal/v1/ports/{id}/disbond" -d '{"bulk_disable": false}'

Then, you need to assign your VLAN to eth1. Send a POST request to the /ports/{id}/assign endpoint.

You have to specify the port ID of eth1, and it needs to be the UUID for that port as returned by the /devices/{id} endpoint.

The ID of the VLAN is sent in the body of the request, and it can be either the VLAN's UUID as returned by the /projects/{id}/virtual-networks endpoint or the VLAN ID that is in the console.

curl -X POST -H "Content-Type: application/json" -H "X-Auth-Token: <API_TOKEN>" "https://api.equinix.com/metal/v1/ports/{id}/assign" -d '{"vnid": "1173"}'

It is also possible to assign VLANs to a port in bulk, as part of an asynchronous batch process. Send a POST request to the /ports/{id}/vlan-assignments/batches endpoint an array of VLAN assignments in the body of the request.

curl -X POST \
-H "Content-Type: application/json" \ 
-H "X-Auth-Token: <API_TOKEN> " \
"https://api.equinix.com/metal/v1/ports/{id}/vlan-assignments/batches" \
-d '{
    "vlan_assignments": [
        {
            "vlan": "string",
            "state": "assigned"
        },
        {
            "vlan": "string",
            "state": "assigned"
        },
    ]
}'

Configuring Your Servers

Once you have converted the server to Hybrid Unbonded mode and assigned the VLAN to the interface, you will need to configure the networking on the server's operating system to use the VLAN now assigned eth1. The procedure varies slightly by operating system.

There are two example configurations, the first example is a configuration for assigning a single VLAN to eth1, the second example is for assigning multiple VLANs to eth1.

For a Single VLAN

If only one VLAN is enabled on a port, packets are untagged. This means that the server's network configuration does not need to be VLAN-aware.

  1. Make sure eth1 has been removed from bond0:

    cat /sys/class/net/bond0/bonding/slaves
    

    If it hasn't been removed, remove it:

    echo "-eth1" > /sys/class/net/bond0/bonding/slaves
    

  2. Bring down the eth1 interface:

    sudo ifdown eth1
    
  3. Configure /etc/sysconfig/network-scripts/ifcfg-eth1 on each of the servers, changing the IPADDR field to the desired IP and network. Ensure the IP addresses are different on each server that you are attaching to the same VLAN. For example,

    DEVICE=eth1
    ONBOOT=yes
    HWADDR=e4:1d:2d:11:22:33
    IPADDR=192.168.1.2
    NETMASK=255.255.255.0
    NETWORK=192.168.1.0
    BOOTPROTO=none
    
  4. Bring up the interface:

    sudo ifup eth1
    
  1. Make sure eth1 has been removed from bond0:

    cat /sys/class/net/bond0/bonding/slaves
    

    If it hasn't been removed, remove it:

    echo "-eth1" > /sys/class/net/bond0/bonding/slaves
    

  2. Bring down the eth1 interface:

    sudo ifdown eth1
    
  3. Configure /etc/network/interfaces on each server, changing the IP address to the desired IP from your chosen block. For example,

    auto eth1
    iface eth1 inet static
        address 192.168.1.2
        netmask 255.255.255.0
    
  4. Bring up the interface:

    sudo ifup eth1
    

For Multiple VLANs

In this scenario, IP packets that arrive at the host will have the VLAN ID populated. You will need to setup two interfaces that will receive packets destined for each VLAN.

Note: If you need support for untagged packets, you can set a native VLAN for this port, since it is not part of a bond. More information is on the Setting a Native VLAN page.

  1. Install the prerequisites for VLANs:

    sudo modprobe 8021q
    sudo echo "8021q" >> /etc/modules
    
  2. Bring down eth1:

    ifdown eth1
    
  3. Configure /etc/sysconfig/network-scripts/ifcfg-eth1.1000 and /etc/sysconfig/network-scripts/ifcfg-eth1.1001 on your server. 1000 and 1001 should match the VLANs you've configured on the host in the portal or API. For example,

    DEVICE=eth1.1000
    BOOTPROTO=none
    ONBOOT=yes
    IPADDR=192.168.1.2
    PREFIX=24
    NETWORK=192.168.1.0
    VLAN=yes
    
  4. Restart networking:

    sudo ifup eth1.1000
    sudo ifup eth1.1001
    
  1. Install the prerequisites for VLANs:

    sudo apt-get install vlan
    sudo modprobe 8021q
    sudo echo "8021q" >> /etc/modules
    
  2. Bring down eth1:

    ifdown eth1
    

    Note: if you don't want eth1 to come up after a reboot be sure to comment out the eth1 configuration in your /etc/network/interfaces file.

  3. Add the new interface to /etc/network/interfaces. 1000 and 1001 should match the VLANs you've configured on the host in the portal/API. For example,

    auto eth1.1000
    iface eth1.1000 inet static
        address 192.168.100.1
        netmask 255.255.255.0
        vlan-raw-device eth1
    
    auto eth1.1001
    iface eth1.1001 inet static
        address 172.16.100.1
        netmask 255.255.255.0
        vlan-raw-device eth1
    
  4. Restart networking:

    sudo ifup eth1.1000
    sudo ifup eth1.1001
    

Testing the VLAN Connection

You should now be able to communicate between hosts via your virtual Layer 2 network:

root@layer2:~# ping -I eth1 192.168.1.2
PING 192.168.1.3 (192.168.1.3) from 192.168.1.4 eth1: 56(84) bytes of data.
64 bytes from 192.168.1.3: icmp\_seq=1 ttl=64 time=0.106 ms
64 bytes from 192.168.1.3: icmp\_seq=2 ttl=64 time=0.110 ms
64 bytes from 192.168.1.3: icmp\_seq=3 ttl=64 time=0.115 ms
^C
--- 192.168.1.3 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 0.106/0.110/0.115/0.009 ms

Please Note: It is not recommended to use the subnet starting with 10.x.x.x as we use this for the server's private networking and collisions could occur if you used the same private addressing as was configured on your host.

Converting Back to Layer 3

If you want to go back to the default Layer 3 mode, you must first remove any assigned VLANs, and then can you convert back the Layer 3 mode.

To unassign a VLAN in the console, navigate to the server's Network page. In the Layer 2 section, click Remove next to the VLAN you are unassigning from the port. Confirm that you wish to remove it by clicking Yes.

Removing a VLAN

Note that unassigning the VLAN does NOT delete it from your project. The VLAN will continue to exist after unassigning it from the port.

Then, to convert back to Layer 3, click Convert To Other Network Type, select Layer 3. Click Convert to Layer 3 to start the process.

Converting back to Layer 3 Panel

To unassign a VLAN from a port, sent a POST request to the /ports/{id}/unassign endpoint.

You have to specify the port ID of eth1 in the path, and it needs to be the UUID for that port as returned by the /devices/{id} endpoint.

The ID of the VLAN is sent in the body of the request, and it can be either the VLAN's UUID as returned by the /projects/{id}/virtual-networks endpoint or the VLAN ID that is in the console.

curl -X POST \ 
-H "Content-Type: application/json" \
-H "X-Auth-Token: <API_TOKEN>" \
"https://api.equinix.com/metal/v1/ports/{id}/unassign" \
-d '{
        "vnid": "1173"
    }'

You can also unassign multiple VLANs from a port in bulk, as part of an asynchronous batch process. Send a POST request to the /ports/{id}/vlan-assignments/batches endpoint an array of VLAN assignments in the body of the request, and their state set to "unassigned".

curl -X POST \ 
-H "Content-Type: application/json" \ 
-H "X-Auth-Token: API_TOKEN" \ 
"https://api.equinix.com/metal/v1/ports/{id}/vlan-assignments/batches" \
-d '{
    "vlan_assignments": [
        {
            "vlan": "string",
            "state": "unassigned"
        },
        {
            "vlan": "string",
            "state": "unassigned"
        }
    ]
}'

Then, you return the port to the Layer 3 bond. Send a POST request to the /ports/{id}/bond endpoint.

You have to specify the port ID of eth1, and it needs to be the UUID for that port as returned by the /devices/{id} endpoint.

curl -X POST -H "Content-Type: application/json" -H "X-Auth-Token: <API_TOKEN>" "https://api.equinix.com/metal/v1/ports/{id}/bond" -d '{"bulk_enable": false}'

Frequently
asked questions

Slack

Still stuck?

Join us on Slack

Get support from our team and community members.

Frequently asked questions

What 3rd party Managed Services?

Neutra trust fund narwhal, palo santo bicycle rights live-edge stumptown health goth portland selfies kinfolk woke. ssss Echo park irony artisan vaporware typewriter. Next level pinterest drinking vinegar lyft mumblecore af small batch heirloom VHS. Fixie banh mi asymmetrical trust fund.

What 3rd party Managed Services?

Neutra trust fund narwhal, palo santo bicycle rights live-edge stumptown health goth portland selfies kinfolk woke. ssss Echo park irony artisan vaporware typewriter. Next level pinterest drinking vinegar lyft mumblecore af small batch heirloom VHS. Fixie banh mi asymmetrical trust fund.

What 3rd party Managed Services?

Neutra trust fund narwhal, palo santo bicycle rights live-edge stumptown health goth portland selfies kinfolk woke. ssss Echo park irony artisan vaporware typewriter. Next level pinterest drinking vinegar lyft mumblecore af small batch heirloom VHS. Fixie banh mi asymmetrical trust fund.

Copied code to clipboard