Powerful and User Friendly

VPC Networking for
Equinix Metal

When you need more than bare metal servers with a public IP address, such as:

Netris is just like a VPC in the public cloud, but works everywhere.  Thanks to its cloud native, open source foundation, Netris is also easy to use and natively integrates with Equinix Metal.


Network Access Control

Using a local firewall on each host doesn’t provide the best security stance and is prohibitively inconvenient at scale. It’s not uncommon for people to forget to configure the local firewall on a host and introduce a security risk without knowing about it.

Netris VPC provides Network Access Control to permit or deny traffic at subnet, IP, protocol, and port levels. We help teams collaborate confidently with powerful approval workflows, and provide audit logs out of the box.

  • Straightforward Network Access Control
  • Audit logging
  • Approval workflow
  • Time-based rules
  • Object-oriented ACLs

Elastic Load Balancing

HAProxy, Nginx, and MetalLB provide decent performance in load-balancing mode, but at the cost of additional complexity: extra components, servers, routing, and redundancy to manage.

Netris VPC has a built-in load-balancing service so you can quickly request a load balancer on-demand, like in the cloud, and use it for Kubernetes, VM or bare metal environment.

  • On-demand
  • Automatically picks up Equinix public IP address space
  • HTTP and TCP health-checks
  • Kubernetes support
  • Terraform support

External Routing

Equinix provides upstream Internet connectivity + Public IP address subnets (via BGP) and virtual interconnection to major cloud providers or your colocation/data center (via Equinix Fabric), but you’ll need to organize your routing functionality to take advantage of these powerful primitives.

You could use open-source software (like FRR or Bird) to route internet traffic, but at the cost of added management complexity and additional infrastructure spend ($$). The same applies to interconnection routing, which often means leveraging a virtual appliance from Cisco, Palo Alto, etc.  and the cost of management complexity and appliance subscription ($$$$).

Netris VPC has a built-in routing service that is easy to use, and you don’t need to worry about integration, redundancy, or configuration backup. It also has native integration with Equinix Metal, so your Internet upstream BGP settings and Elastic IP subnets will automatically populate in Netris Controller.

  • Easy to use
  • Native integration with Equinix BGP and Elastic IPs
  • Optimized for performance and resiliency

Segmentation & Internal Routing

Equinix Metal provides isolated Layer-2 connectivity with VLANs that can be configured on demand  through its API or web console. Add a gateway, and you get inter-VLAN routing. Metal Gateways are great, but they have clear limitations:

  • no Network Access Control Lists
  • no DHCP
  • no NAT
  • limited to /25 (max 128 IP)
  • no IPv6
  • no Load Balancer

You could use a couple of Linux servers to act as gateways. You can use iptables for network access control and NAT, ISC DHCP/Kea, and other open-source software. Configured and maintained correctly, this can be a solid solution; the downside is added complexity for maintenance, updates, redundancy, and potential risk for misconfiguration.

Netris VPC does all of this for you automatically with an intuitive web console and API/IaC for management. And when you deploy at Equinix Metal, there is no need to worry about integration, architecture, or implementation: Netris recognizes your servers as native objects, and when you create V-Nets (virtual networks), Netris automatically provisions and configures Layer-2 networks through the Equinix Metal API.

  • Native integration with Equinix Layer-2 networking
  • Equinix Servers appear as network endpoint objects
  • Unlimited IPv4/IPv6, DHCP, NAT, ACLs, Load Balancing, BGP
  • Intuitive & declarative

Kubernetes Networking & CNI

Most modern CNI plugins (Calico, Cilium, etc.) simplify the internal container networking within the Kubernetes cluster. Even if you only provide baseline IP-level connectivity between Kubernetes nodes, CNI plugins will take care of your internal container network.

However, you need to pick additional solutions to fulfill the following:

  • Load Balancer to deliver end-user requests into the cluster and balance across nodes and pods.
  • DHCP for Nodes
  • NAT to let private networks of Nodes and Pods access the Internet.
  • Enable routing between Kubernetes Pods (internal CNI network) and other Kubernetes clusters or just regular VMs or development machines.
  • Gain Network Access control between Kubernetes cluster and other networks.
  • Access Kubernetes Pods from remote regions, edge locations, and offices.

Netris provides all these through native integration, both with Kubernetes and Equinix Metal. (read more about our Kubernetes integration)

Site-To-Site VPN

Wireguard is modern, fast, and secure VPN tunneling open-source software. You can create Wireguard tunnels between multiple Equinix Metal regions, public cloud like AWS or GCP, edge locations, remote offices, and more. You can add a dynamic routing protocol (ex., BGP) to your Wireguard tunnel mesh so every region can learn routes to private networks of remote regions.

While setting up a few tunnels is easy — running full mesh with a routing protocol, avoiding configuration drifts over time, and getting everything on continuous monitoring can get complicated.

Netris VPC’s “Site Mesh” functionality automatically runs dynamic mesh Wireguard VPN for you optimized for data center, cloud, and remote office use cases.

  • Hands-free Wireguard autoconfiguration
  • Automatic BGP routing configuration
  • Monitoring
  • Dynamic best path detection

Infrastructure as Code (IaC)

Some of the best DevOps engineers use declarative tools like Terraform or Pulumi to automate infrastructure provisioning in AWS/GCP/Azure.

Declarative code is like a thermostat: you set the target temperature, and the system automatically kicks on or off to continuously meet the desired state. The thermostat abstracts away temperature sensors and control relays, so the user can think in terms of outcomes (e.g., the desired temperature) instead of wasting time on implementation details.

Netris brings cloud-like VPC Networking everywhere, so you can benefit from using Declarative Infrastructure as Code instead of being forced to deal with the complexity under the hood.