TLDR: Packet's new Layer 2 feature lets you provision between one and twelve project-specific layer 2 networks within a project. This article provides an overview of the feature. For specific configurations for common use cases, please click here.
Our network is designed around a pure Layer 3 network topology, where we bring a routed interface to each server. However, many environments expect a Layer 2 network. To enable these use cases, we’ve developed a feature that allows users to create and control Layer 2 networks within their Packet infrastructure.
A few notes to help set the stage:
- Availability - We have enabled this feature in all datacenters.
- Configurations - Currently, this feature is only available on our m1.xlarge, c1.large.arm, c1.xlarge, s1.large. x1.small is specific in nature, allowing only a single VLAN on the eth1 interface (read more).
- Per Facility - Virtual networks are confined to a single datacenter. Global virtual networks that span all datacenters are coming soon.
- Usage Charges - There are no fees for the use of the Layer 2 feature, and during its development preview phase there is limited support. However, any IPs allocated to the Internet Gateway will be charged at our current elastic address price of $0.005/hr ($3.60/mo) per IP.
Converting from Layer 3 to Layer 2
Converting your Layer 3 network configuration to Layer 2 it is not possible to retain management IP address without first breaking the bond. The current provisioned IP will be released to our IP pool & will prompt you to choose your Virtual Network.
Breaking the bond will allow you to retain the provisioned IP addresses including the management IP. Utilizing SOS the device network configuration will need to be adjusted to reflect the change from bond to a single interface (e.g. eth0).
Reverting to Layer 3 from Layer 2
Returning your device to Layer 3 is possible by following these steps:
- Enable Bonding (if previously disabled to retain IP)
- Delete virtual network(s) attached to the device interfaces
- Click Add IP addresses to complete the switch conversion
- Utilize SOS to complete the network interface(s) configuration
In the portal server configuration screen, the switch ports serving each of your servers' NICs may be independently enabled to switch one or more of your provisioned networks.
If only one VLAN is enabled on a port, packets are untagged. This means that the server's network configuration does not need to be VLAN-aware. However when two or more VLANs are enabled on a port, then packets are tagged and therefore it will be necessary to configure the server's networking accordingly (details).
Routing between a VLAN and the Public Internet can be enabled optionally on a per-VLAN basis, in which case a public subnet will be automatically assigned.
Layer 2 Setup in the Packet Portal
Layer 2 networking is enabled in the Packet Portal on a per-project project basis in the "IPs and Networks" tab.
Under "Virtual Networks" you can add one or more networks like this:
Note that networks are local to a specific data center and that the assigned VLAN ID displayed here will be used to configure server port switching and server network setup.
When you add a network, we automatically provision it in our data center switches - however, in order for it to be made available to individual machines additional steps are required.
- #1 - First, in the server's Portal configuration page, remove eth1 from the default bonded trunk (Click "Remove from Bond"):
- #2 - You can now configure switching for any of the VLANs provisioned in the same data center onto the machine's eth1 port:
Packets are delivered untagged as long as only one VLAN is configured on the port. However where multiple VLANs are configured on the same port packets are delivered tagged, meaning that in order to use VLANs the server's network configuration must be setup appropriately (details).
Optionally, you can enable Layer 3 routing between any VLAN and the public Internet. In that case a public routable subnet is assigned and displayed in the control panel and the corresponding gateway IP address will be provisioned on Packet's routers, on the designated VLAN.