Packet's Layer 2 is a feature that lets you provision between one and twelve project-specific layer 2 networks within the same project. This article provides an overview of the feature. For specific configurations for common use cases, please click here.
Our network is designed around a pure Layer 3 network topology, where we bring a routed interface to each server. However, many environments expect a Layer 2 network. To enable these use cases, we’ve developed a feature that allows users to create and control Layer 2 networks within their Packet infrastructure.
A few notes to help set the stage:
- Availability - We have enabled this feature in all datacenters.
- Configurations: Layer2 is available on all types except our t1.small & c1.small.
A single Layer2 VLAN configuration is possible on our x1.small (read more)
- Per Facility - Virtual networks are confined to a single datacenter. Global virtual networks that span all datacenters are coming soon.
- Usage Charges - There are no fees for the use of the Layer 2 feature, and during its development preview phase there is limited support. However, any IPs allocated to the Internet Gateway will be charged at our current elastic address price of $0.005/hr ($3.60/mo) per IP.
Converting from Layer 3 to Layer 2
Converting your Layer 3 network configuration to Layer 2 it is not possible to retain management IP address without first breaking the bond. The current provisioned IP will be released to our IP pool & will prompt you to choose your Virtual Network.
Breaking the bond will allow you to retain the provisioned IP addresses including the management IP. Utilizing SOS the device network configuration will need to be adjusted to reflect the change from bond to a single interface (e.g. eth0).
Reverting to Layer 3 from Layer 2
Returning your device to Layer 3 is possible by following these steps:
- Enable Bonding (if previously disabled to retain IP)
- Delete virtual network(s) attached to the device interfaces
- Click Add IP addresses to complete the switch conversion
- Utilize SOS to complete the network interface(s) configuration
In the portal server configuration screen, the switch ports serving each of your servers' NICs may be independently enabled to switch one or more of your provisioned networks.
If only one VLAN is enabled on a port, packets are untagged. This means that the server's network configuration does not need to be VLAN-aware. However when two or more VLANs are enabled on a port, then packets are tagged and therefore it will be necessary to configure the server's networking accordingly (details).
Routing between a VLAN and the Public Internet can be enabled optionally on a per-VLAN basis, in which case a public subnet will be automatically assigned.
Layer 2 Setup in the Packet Portal
Layer 2 networking is enabled in the Packet Portal on a per-project project basis in the "IPs and Networks" tab.
Under "Virtual Networks" you can add one or more networks like this:
Note that networks are local to a specific data center and that the assigned VLAN ID displayed here will be used to configure server port switching and server network setup.
When you add a network, we automatically provision it in our data center switches - however, in order for it to be made available to individual machines additional steps are required.
- Convert the server's networking mode. This will configure the server to allow attachment of your server's network interfaces to your vlan. You can choose a mix/hybrid mode, which will remove one interface from the bond and configure it for layer 2--maintaining connectivity from outside the local network on the other, or pure Layer 2 (with the option to break the bond or leave it intact).
- Once the network mode has been changed you will see the option to attach a new vlan.
- Choose the network interface you wish to attach the vlan to, but be aware that you should only choose "bond0" if you have converted the server to the bonded layer 2 networking mode.
Packets are delivered untagged as long as only one VLAN is configured on the port. However where multiple VLANs are configured on the same port packets are delivered tagged, meaning that in order to use VLANs the server's network configuration must be setup appropriately (details).
Optionally, you can enable Layer 3 routing between any VLAN and the public Internet. In that case a public routable subnet is assigned and displayed in the control panel and the corresponding gateway IP address will be provisioned on Packet's routers, on the designated VLAN.