FastConnect Connectivity 200 Part 1 Advanced Training...AVAILABILITY DOMAIN –3 AVAILABILITY DOMAIN...
Transcript of FastConnect Connectivity 200 Part 1 Advanced Training...AVAILABILITY DOMAIN –3 AVAILABILITY DOMAIN...
1Copyright © 2018, Oracle and/or its affiliates. All rights reserved. Copyright © 2018, Oracle and/or its affiliates. All rights reserved.
Connectivity – FastConnectLevel 201
Jamal Arif
November 2018
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. |
Safe Harbor Statement
The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
3Copyright © 2018, Oracle and/or its affiliates. All rights reserved.
Objectives
After completing this lesson, you should be able to:
• Describe FastConnect Public and Private Peering
• Discuss FastConnect Redundancy
• Hybrid Architectures
• InterCloud Connectivity
• Pre-requisites: Connectivity – Level 100
• Pre-requisites: Connectivity – Level 200
4Copyright © 2018, Oracle and/or its affiliates. All rights reserved.
FastConnect Use Case Scenarios
• Private Peering
• Extension of the on premise network to the OCI VCN
• Communication across connection with private IP addresses
• Public Peering
• To access public OCI services over dedicated FastConnect connection
• Access Object storage, OCI Console or APIs
• Communication across connection with public IP addresses
5Copyright © 2018, Oracle and/or its affiliates. All rights reserved.
FastConnect Use Scenarios
• Private Peering
• Extension of the on premise network to the OCI VCN
• Communication across connection with private IP addresses
• Public Peering
• To access public OCI services over dedicated FastConnect connection
• Access Object storage, OCI Console or APIs
• Communication across connection with public IP addresses
6Copyright © 2018, Oracle and/or its affiliates. All rights reserved.
FastConnect (Private Connection)
6
ORACLE CLOUD INFRASTRUCTURE (REGION)
Availability Domain 1
Customer or Partner Edge
Oracle Edge
FastConnect Datacenter Location
Availability Domain 2
Availability Domain 3
Private Peering
7Copyright © 2018, Oracle and/or its affiliates. All rights reserved.
Private Peering network design
• Routing Protocol
– OCI currently supporting BGP(Border Gateway protocol) as a routing protocols for FastConnect
connectivity to connect to partners as well as customers
– BGP is standardized exterior gateway protocols designed to exchange routing and reachability information
between ASNs
– BGP is open standard protocol supported by all hardware vendor
• BGP IP address assignment
– Customer/L3 Provider can use any /30 or /31 ip address that they want to use.
– This IP address is used for point to point addressing as well as BGP peer addresses
8Copyright © 2018, Oracle and/or its affiliates. All rights reserved.
Private Peering network design contd..
• BGP ASN
– Similar to public and private addresses there are private (64512- 65535) & public ASN(1 - 64511)
allocation
– OCI only supports 2 byte ASN
– The BGP ASN for OCI will be 31898 regardless of region
– Customer can use any ASN that they comfortable using
• LAG Support (Cross-Connect Groups)
– You can aggregate multiple physical links in to a single logical channel based on IEEE 802.3ad also
known as LACP (Link Aggregation Control Protocol)
– LAG provides Link level redundancy and OCI always recommend partners and customer to build LAG
even with Single physical member so when we have to scale up there is no downtime
9Copyright © 2018, Oracle and/or its affiliates. All rights reserved.
Private Peering network design contd.. (2)
• BGP Authentication
– OCI supports BGP authentication mechanisms like Message Digest5 (MD5) algorithms. When
authentication in enable any TCP segment belonging to BGP exchanged between peers is verified and
accepted only if Authentication is successful.
– Most types of authentication require administration and can disproportionately consume router
resources as a result. OCI doesn't recommend using it unless customer have hardcore
requirement.
– OCI will not use MD5 with partners
• Prefix-Acceptance
– OCI will accept any-prefix advertise by customer over the FastConnect BGP session
– No restriction on prefix-length
– The only limit is number of prefixes(2000) that customer can advertise over the VC/BGP session
10Copyright © 2018, Oracle and/or its affiliates. All rights reserved.
Private Peering network design contd.. (2)
– BGP session will go down once customer reach to this limit
– Customer can request more than 2000 prefix per BGP session but it's based on the request not
by default as there is billing involved with it.
• Prefix-advertisements
– OCI will advertise all the Subnet routes that customer have created in their VCN over the BGP session
11Copyright © 2018, Oracle and/or its affiliates. All rights reserved.
BGP advertisement and Traffic-flow
CI Icons – white with captions
ID & Access
Management
AuditingObject
Storage
Virtual Cloud
Network
Load
Balancer
FastConnect VPN Dynamic
Routing
Gateway
Internet
Gateway
FirewallVirtual
Machine
Container
Oracle Cloud
Identifier
API/Service
Route TableCustomer
Premises
Equipment
Encryption
Customer
Data Center Security
Lists
Policies
Compartments
BucketsBack Up/
Restore
Telemetry/
Monitoring
Groups
Backbone
Data Transfer WAF
CDN DNS
AVAILABILITY DOMAIN – 3
AVAILABILITY DOMAIN - 1
AVAILABILITY DOMAIN - 2
VCN
SUBNET
SUBNET
SUBNET
CIDR 10.1.0.0/16
10.1.1.0/24
10.1.2.0/24
10.1.3.0/24
VCN
Dynamic Routing
Gateway
10.1.1.0/24
10.1.2.0/24
10.1.3.0/24
VPN-GW
CPE/L3
ProvidereBGP
10.1.1.0/24
10.1.2.0/24
10.1.3.0/24
Customer network
192.168.1.0/24
192.168.2.0/24
172.16.0.0/16
192.168.1.0/24
192.168.2.0/24
172.16.0.0/16 192.168.1.0/24
192.168.2.0/24
172.16.0.0/16
DRG routing-table
192.168.1.0/24
192.168.2.0/24
172.16.0.0/16
10.1.1.0/24
10.1.2.0/24
10.1.3.0/24
12Copyright © 2018, Oracle and/or its affiliates. All rights reserved.
FastConnect Use Scenarios
• Private Peering
• Extension of the on premise network to the OCI VCN
• Communication across connection with private IP addresses
• Public Peering
• To access public OCI services over dedicated FastConnect connection
• Access Object storage, OCI Console or APIs
• Communication across connection with public IP addresses
13Copyright © 2018, Oracle and/or its affiliates. All rights reserved.
FastConnect (Public Peering Connection)
13
ORACLE CLOUD INFRASTRUCTURE (REGION)
Availability Domain 1
Customer or Partner Edge
Oracle Edge
FastConnect Datacenter Location
Availability Domain 2
Availability Domain 3
Public Peering
Private Peering
14Copyright © 2018, Oracle and/or its affiliates. All rights reserved.
FastConnect (Public Peering Connection)
• You choose which of your organization's public IP prefixes you want to use with the virtual circuit. Each
prefix must be /31 or less specific.
• Oracle verifies your organization's ownership of each prefix before sending any traffic for it across the
connection.
• When configuring your edge for public peering, make sure to give higher preference to
FastConnect over your ISP
• Oracle prefers the most specific route when routing traffic from Oracle Cloud Infrastructure to other
destinations that means even if you have a IGW, replies to your verified public prefixes will go over the
FastConnect connection.
• You can add or remove public IP prefixes at any time by editing the virtual circuit
15Copyright © 2018, Oracle and/or its affiliates. All rights reserved.
Public Peering network design
• BGP IP address assignment
• In contrast to FastConnect-private, Customer’s Layer 3 point-to-point interface will be part of shared
Internet routing-instance instead of unique DRG routing-instance.
• Because of customers is going to share same routing-instance we need to make sure that the IP
addresses are unique.
• OCI will assign the point to point IPs from range(169.254.0.0/16)
BGP Prefix-advertisement
• OCI will advertise all the public prefixes for specific region customer is peering with
• Public prefixes will include IP ranges that covers all public service offering by OCI
• Public prefixes will also covers all the customer’s public VCN host prefixes
16Copyright © 2018, Oracle and/or its affiliates. All rights reserved.
• BGP Prefix-acceptance
• Customer provides list of prefixes that they want to advertise via console
• OCI accepts the public-prefixes only if prefixes are owned by customer.
• OCI Check multiple Internet Route Registry database(Using Dyn tool) to verify who owns the prefixes
before accepting the prefix from the customer.
• BGP ASN
• OCI will use 31898 ASN
• Customer needs public ASN to peer with OCI
Public Peering network design contd.
17Copyright © 2018, Oracle and/or its affiliates. All rights reserved.
• BGP Prefix-limitation
• The only limit is number of prefixes(200) that customer can advertise over the VC/BGP session. BGP
session will go down once customer reach to this limit
• Customer can request more than 200 prefix per BGP session but it's based on the request not by
default as there is billing involved with it.
Public Peering network design contd. (2)
18Copyright © 2018, Oracle and/or its affiliates. All rights reserved. 1
8
VPN-GW
CPE
Customer network Internet
OCI Region
OCI Public services IPs(Block storage, Casper. etc..)
Customer’s Public VCN IPs
129.146.128.0/17
1.1.1.0/24
129.146.0.0/17
eBGP
129.146.128.0/17
1.1.1.0/24
129.254.0.0/17129.254.128.0/17
1.1.1.0/24
BGP advertisement and Traffic-flow
129.146.0.0/17
1.1.1.0/24
129.254.0.0/17129.254.128.0/17
129.254.0.0/17129.254.128.0/17
19Copyright © 2018, Oracle and/or its affiliates. All rights reserved.
Private and Public Peering
FastConnect-Private FastConnect-Public
Use case To manage VCN resources privately To access OCI’s public service offering
Typical bandwidthHigher bandwidth; increments of 1 Gbps,
and 10 Gbps ports
Higher bandwidth; increments of 1 Gbps, and
10 Gbps ports
Protocols BGP BGP
Point-to-point IPs Customer assigns IPs (/30 or /31) Oracle assign IPs (/30 or /31)
Prefix-advertisement OCI advertises VCN subnet routesOCI advertises public VCN routes and public
Services routes
Prefix-validation Not neededOCI does validation that prefixes are owed by
customer or not
Prefix-limit 2000 200
BGP ASN Any ASN Public ASN
20Copyright © 2018, Oracle and/or its affiliates. All rights reserved.
FastConnect Redundancy – Best Practices
21Copyright © 2018, Oracle and/or its affiliates. All rights reserved.
• Have multiple redundant connections into OCI and avoid having single points of failurein your design.
• For IPSec VPN - OCI recommends using multiple connections from redundant physical devices at the customer premises. High availability connections require redundant hardware, even when connecting from the same physical location
• OCI FastConnect provides multiple redundancy options, and its recommended to use multiple vendors if financially feasible to ensure you have redundant network connections
• Plan for sufficient network capacity with your FastConnect virtual circuits to ensure individual circuits are not overwhelmed in case of failures on redundant circuits
• Have a service level redundancy by creating a IPsec VPN service alongside FC. Oracle always prioritizes FC over VPN connection.
FastConnect Redundancy
22Copyright © 2018, Oracle and/or its affiliates. All rights reserved.
FastConnect Redundancy
With FastConnect there are multiple types of redundancy
• Transit POP redundancy
• Router redundancy with-in a single Transit POP
• Partner redundancy
• Service redundancy
Oracle provides:
• Per region: 2 Oracle points of presence (POPs), for location redundancy. Each is connected to all of
Oracle’s Availability Domains in the region
• Per Oracle POP: 2 routers, for router redundancy
This means for every region, you could have up to 4 independent physical cables to Oracle. Your ideal goal
is to have 2 virtual circuits per customer, one per Oracle POP
23Copyright © 2018, Oracle and/or its affiliates. All rights reserved.
Redundancy: Connectivity Model
Colocation or colocation via third party Network Provider
• Transit POP redundancy
Customer Edge 1 Oracle Edge 1
Customer Edge 2 Oracle Edge 2
Router 1
Virtual Circuit
Cross-Connect
(Physical Connection)
Router 1 Router 1
Router 1
Virtual Circuit 1
Virtual Circuit 2
FastConnect POP Location 1
FastConnect POP Location 2
Cross-connect Group
(LAG)
24Copyright © 2018, Oracle and/or its affiliates. All rights reserved.
Redundancy: Connectivity Model
Colocation or colocation via third party Network Provider
Router redundancy with-in a single Transit POP
Customer Edge Oracle Edge
Router 1
Virtual Circuit
Router 2
Router 1
Router 2
FastConnect POP Location 1
Virtual Circuit 1
Virtual Circuit 2
Cross-Connect
(Physical Connection)
Cross-connect Group
(LAG)
25Copyright © 2018, Oracle and/or its affiliates. All rights reserved.
Redundancy: Connectivity Model
Oracle Partner (Layer 2)
• For a Layer 2 partner, a given virtual circuit can run on only a single port group (formerly known as
Cross-Connect) (LAG), or single cross-connect (an individual cable, no LAG).
• Redundancy can be achieved by provisioning 2nd virtual circuit.
• Partner will make sure that 2nd virtual circuit will land on redundant cross-connect LAG between
them and Oracle.
• Redundant cross-connect LAG could land in same POP or different POP depending upon
connectivity between partner and oracle.
• Active/Active or Active/Passive setup is possible with “LP” and “AS_PATH” BGP attributes
influencing egress traffic from customer and OCI respectively
26Copyright © 2018, Oracle and/or its affiliates. All rights reserved.
Redundancy: Connectivity Model
Oracle Partner (Layer 2) – Transit pop redundancy
Partner Edge 1 Oracle Edge 1
Partner Edge 2 Oracle Edge 2
Router 1
Router 1 Router 1
Router 1
Virtual Circuit 1
Virtual Circuit 2
FastConnect POP Location 1
FastConnect POP Location 2
Virtual Circuit
Cross-Connect
(Physical Connection)
Cross-connect Group
(LAG)
27Copyright © 2018, Oracle and/or its affiliates. All rights reserved.
Redundancy: Connectivity Model
Oracle Partner (Layer 2) – Router redundancy
Partner Edge Oracle Edge
Router 1
Virtual Circuit
Router 2
Router 1
Router 2
FastConnect POP Location 1
Virtual Circuit 1
Virtual Circuit 2
Cross-Connect
(Physical Connection)
Cross-connect Group
(LAG)
28Copyright © 2018, Oracle and/or its affiliates. All rights reserved.
Partner X
Network
Oracle POP 1
Oracle POP 2
PE
Router 1
Router 1
OCI Region
Customer DC
PE
PECPE
Virtual Circuit -1
Virtual Circuit -2
Layer 2 Partners : Megaport, Equinix, CenturyLink Oracle
requires
redundancy
with Partners
Customer Partner Oracle
• Order 2X VC with Oracle
• Order 2X cross-connects to
partner
• Min 2X Circuits to
Oracle.
• Provisions 2nd VC
on redundant cross-
connect
• Min 2X Circuits to
Partner
• Agreement with partner
to Provision 2nd VC on
redundant cross-connect
For Redundancy
Customer
responsible for
redundancy
29Copyright © 2018, Oracle and/or its affiliates. All rights reserved.
Redundancy: Connectivity Model
Oracle Partner (Layer 3)
• For a Layer 3 partner, a given virtual circuit can run on multiple cross-connect groups (LAGs) or
multiple cross-connects (a cross-connect is an individual cable, no LAG), which provides router
redundancy for the virtual circuit.
• Customer would get 2 BGP sessions tied to single virtual circuit by default running over redundant
cross-connect group or cross-connects.
• Partner and Oracle will make sure that 2nd BGP session will land on redundant cross-connect LAG
between partner and Oracle.
• Customer can still provision 2nd virtual circuit with additional cost should they need redundancy with
virtual circuits
30Copyright © 2018, Oracle and/or its affiliates. All rights reserved.
Redundancy: Connectivity Model
Oracle Partner (Layer 3) – Transit pop redundancy
Partner Oracle POP 1
Partner Oracle POP 2
Router 1
Router 1 Router 1
Router 1
FastConnect POP 1
Virtual Circuit 1
Virtual Circuit 2
Router 2
Router 2Router 2
Router 2
FastConnect POP Location 2Virtual Circuit
Cross-Connect
(Physical Connection)
Cross-connect Group
(LAG)
31Copyright © 2018, Oracle and/or its affiliates. All rights reserved.
Redundancy: Connectivity Model
Oracle Partner (Layer 3) –Router redundancy
Partner Edge Oracle Edge
Router 1
Virtual Circuit
Router 2
Router 1
Router 2
FastConnect POP Location 1
Virtual Circuit 1
Cross-Connect
(Physical Connection)
Cross-connect Group
(LAG)
32Copyright © 2018, Oracle and/or its affiliates. All rights reserved.
Partner X
Network
Oracle POP 1
Oracle POP 2
PE Router2
Router 1
OCI Region
Customer DC
PE
PECPE
Virtual Circuit -1
Layer 3 Partners :Verizon, BT
Router 1
Router2
Virtual Circuit-2
BGP Session
Oracle require
redundancy
with Partners
Customer Partner Oracle
• Order 2X VC with Oracle
• Order 2X cross-connects
to partner
• Min 2X Circuits to
Oracle
• Runs 2BGP sessions
with Oracle
• Min 2X Circuits to
Partner
• Runs 2 BGP sessions
with Partner.
For Redundancy
Customer
responsible for
redundancy
33Copyright © 2018, Oracle and/or its affiliates. All rights reserved.
• For partner or provider level redundancy, customer should have redundant links to partner.
• Most Partners already have redundant links to OCI.
• Connections on different routers on partner’s network.
• Provision virtual circuits across multiple provider links
Confidential–OracleInternal/Restricted/HighlyRestricted 14
REGION
FASTCONNECTLOCATION1
FASTCONNECTLOCATION2
AVAILABILITYDOMAIN1
AVAILABILITYDOMAIN2VCN
PRIVATESUBNET10.2.3.0/24
PRIVATESUBNET10.2.2.0/24
VIRTUALCIRCUIT#1
DRG
EDGE
CUSTOMER
NETWORK10.0.0.0/16
CPE
EDGE
PublicInternetDSTIP:0.0.0.0/0
IGW
PhysicalCIRCUIT#1
EDGEPhysicalCIRCUIT#2
EDGE
CloudServiceProvider#1
CloudServiceProvider#2
VIRTUALCIRCUIT#2
Partner or Provider Redundancy
34Copyright © 2018, Oracle and/or its affiliates. All rights reserved.
• Customer can provision IPsec along with
FastConnect.
• IPsec can be treated as back up incase if
FastConnect fails
• Egress traffic from OCI will prefer
FastConnect.*
• Bandwidth, latency concerns over IPsec
• Highly recommended if customer has
single FastConnect to OCI
Confidential–OracleInternal/Restricted/HighlyRestricted 11
REGION
FASTCONNECTLOCATION1
FASTCONNECTLOCATION2
AVAILABILITYDOMAIN1
AVAILABILITYDOMAIN2VCN
PRIVATESUBNET10.2.3.0/24
PRIVATESUBNET10.2.2.0/24
PublicInternet
DRG
EDGE
PROVIDER
NETWORKCUSTOMER
NETWORK10.0.0.0/16
CPE
EDGE
EDGE EDGE
PublicInternetDSTIP:0.0.0.0/0
IGW
IPSec VPNCONNECTION
VIRTUALCIRCUIT#1
VIRTUALCIRCUIT#1
Service Redundancy
35Copyright © 2018, Oracle and/or its affiliates. All rights reserved.
Site-to-Site VPN FastConnect
Use caseDev/test and small scale production
workloads
Enterprise-class and mission critical
workloads, Oracle Apps, Backup, DR
Supported ServicesAll OCI Services within VCN –
compute –VMs and BMs, Database
All OCI Services within VCN – compute –
VMs and BMs, Database
Typical bandwidth Typically < 250 Mbps aggregateHigher bandwidth; increments of 1 Gbps,
and 10 Gbps ports
Protocols IPsec BGP
Routing Static Routing Dynamic Routing
Connection Resiliency active-active active-active
Encryption Yes, by default No * (can be achieved using virtual firewall)
Pricing• Billable port hours
• No data transfer charge between ADs
SLA No SLA 99.9% Availability SLA
IPsec VPN and FastConnect
36Copyright © 2018, Oracle and/or its affiliates. All rights reserved.
Hybrid Architectures using FastConnect
37Copyright © 2018, Oracle and/or its affiliates. All rights reserved.
Hybrid Architectures
• In Hybrid deployments, customers have on-premises workloads that require connectivity with OCI
services (compute instances with in a VCN or OCI public services like Object Storage)
• Three ways to establish this connectivity
• Accessing OCI resources using Public IPs over Public Internet
• Accessing OCI resources using Private IPs leveraging site-to-site IPsec VPN over public Internet
• Accessing OCI resources using over a private dedicated circuit leveraging OCI FastConnect
• Typical application architectures that require hybrid connectivity
• Three-Tier Web Application
38Copyright © 2018, Oracle and/or its affiliates. All rights reserved.
Three-Tier Web Applications
• During phased application migration, hybrid connectivity is required for instance your web and app
servers are in OCI and DB on-premises.
VCN
Web
Servers
App
ServerClient
On-premises
Network
or
Internet
Gateway
DB
Server
Load
Balancer
Virtual Cloud
Network
39Copyright © 2018, Oracle and/or its affiliates. All rights reserved.
Three-Tier Web Applications (2)
• Another way to load balancer
traffic between multiple
environments is to use DNS
based Load Balancing
• DNS record mapping to your
domain name that has IP of
OCI Public Load Balancer
and your on-premises load
balancer VCN
Web
Servers
App
Server
Client
On-premises
Network
Internet
Gateway
DB
Server
Load
Balancer
Virtual Cloud
Network
DNS
App
ServerWebb
Server
40Copyright © 2018, Oracle and/or its affiliates. All rights reserved.
Network Consistent Apps with dedicated Virtual Circuita. Same VCN
VCNCustomer or Partner Edge
Oracle Edge Router
FastConnect Datacenter Location
Oracle Edge Router
Dev App
Prod
App
On-premises
Network
1 Gbps
OCI Region
• Create multiple Virtual Circuits over FC physical connection (different router same POP or different
routers different POP) and use
• AS PATH prepends to make 1Gbps virtual circuit primary for dev traffic and 10Gbps Virtual Circuit
Primary for Prod Traffic
41Copyright © 2018, Oracle and/or its affiliates. All rights reserved.
VCN
Network Consistent Apps with dedicated Virtual Circuita. Separate VCN
VCN
Customer or Partner Edge
Oracle Edge Router
FastConnect Datacenter Location
Oracle Edge Router
Dev App
Prod
AppOn-premises
Network
1 Gbps
OCI Region
• Create multiple Virtual Circuits with different DRG over FC physical connection (different router same
POP or different routers different POP) and use
• AS PATH prepends to make 1Gbps virtual circuit primary for dev traffic and 10Gbps Virtual Circuit
Primary for Prod Traffic
42Copyright © 2018, Oracle and/or its affiliates. All rights reserved.
VCN
Accessing OCI Public Services (Object Storage) over FC Public
Peering
Customer or Partner Edge
Oracle Edge Router
FastConnect Datacenter Location
On-premises
Network
OCI Region
• Accessing Object Storage services on OCI is one of the common hybrid connectivity use cases
• OCI will advertise all the public prefixes for specific region customer is peering with
• Public prefixes will include IP ranges that covers all public service offering by OCI
• Public prefixes will also covers all the customer’s public VCN host prefixes
Object
Storage
43Copyright © 2018, Oracle and/or its affiliates. All rights reserved.
Intercloud Connectivity
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. |
Virtual Router
Multi-Cloud Connectivity using FastConnect
Customer directly connected to both clouds.
• Private circuit to both clouds
• Customer responsible for routing.
• Reduced latency depending on where
customer is located.
• Minimum incremental cost, minimum
implementation time
Oracle Cloud
Infrastructure
Azure
AWS
Customer
Data Center
Customer
Data Center
CPEOracle Cloud
Infrastructure
AWS
Azure
Customer
Data Center
CPE
Partner Network
Customer connected to partner who has connectivity
to multiple cloud providers.
• Partners are coming up with virtual router(or
equivalent) products (E.g MCR)
• Virtual router would keep latency to minimum
• Customer may have existing relationships
which would lead to minimal implementation
time.
• Enables seamless, direct access to multiple
clouds.
45Copyright © 2018, Oracle and/or its affiliates. All rights reserved.
Demo: Via Partner
• Partners who has multi-cloud connectivity.
• Minimal implementation time due to existing relationship
• Minimized cost due existing relationship.
• Reduced troubleshooting time for operational issue.
• Enables seamless, direct access to multiple clouds.
46Copyright © 2018, Oracle and/or its affiliates. All rights reserved.
ORACLE CLOUD INFRASTRUCTURE (Ashburn)
AWS – OCI Connectivity via Megaport
Logical Connectivity – L3
AD 3
AD1
AD 2
Subnet A10.0.30.0/24
Subnet B10.0.40.0/24
Subnet C10.0.50.0/24
virtual private cloud (Ohio East)
Availability Zone
Availability Zone
Availability Zone
VPC subnetVPC subnet
VPC subnet
Megaport Cloud Router
eBGPeBGP
VXCVXC
virtual private
Gateway
Demo available on Confluence (Demo Section)
47Copyright © 2018, Oracle and/or its affiliates. All rights reserved.
AWS – OCI Connectivity via Megaport
• Setup VCN and associate a DRG with VCN
• Create a FC Virtual Circuit with Megaport Partner
• Setup a Megaport Cloud Router
• Create a VXC from MCR to OCI (use OCID and BGP info from OCI)
• FastConnect VC provisioned with OCI
• Setup a VPC and associate a Virtual Private Gateway on AWS
• Create a VXC from MCR to AWS
• Accept VIF on AWS
• Propagate routes to VPC Route table
• AWS – OCI Connectivity Provisioned
Demo available on Confluence (Demo Section)
48Copyright © 2018, Oracle and/or its affiliates. All rights reserved. 4
8
BGP advertisement and Traffic-flow CI Icons – white with
captions
ID & Access
Management Object
Storage
Virtual Cloud
Network
Load
Balancer
FastConnect VPN Dynamic
Routing
Gateway
FirewallVirtual
Machine
Container
Oracle Cloud
Identifier
API/Service
Route TableCustomer
Premises
Equipment
Encryption
Customer
Data Center Security
Lists
Policies
Compartments
Back Up/
Restore
Telemetry/
MonitoringBackbone
Data Transfer WAF
CDN DNS
AVAILABILITY DOMAIN – 3
AVAILABILITY DOMAIN - 1
AVAILABILITY DOMAIN - 2
VCN
SUBNET
SUBNET
SUBNET
CIDR 10.0.0.0/16
10.0.0.0/24
10.0.1.0/24
10.0.2.0/24
Dynamic
Routing
Gateway
ASN: 31898
MCR
ASN: 64555
eBGP
DRG Routing Table
10.0.0.0/24 Directly Connected
10.0.1.0/24 Directly Connected
10.0.2.0/24 Directly Connected
172.31.0.0/16 172.16.0.1 (Next Hop)
172.16.0.0/30 172.16.0.1 (Next Hop)
169.254.6.136/30 172.16.0.1 (Next Hop)
172.16.0.0/30.1 .2
virtual private cloud
172.31.0.0/16
169.254.6.136/30.37
.38
VPC Routing Table
10.0.0.0/24 VPN GW
10.0.1.0/24 VPN GW
10.0.2.0/24 VPN GW
10.0.0.0/16 VPN GW
172.16.0.0/30 VPN GW
169.254.6.136/30 VPN GW
172.31.0.0/16 Local
0.0.0.0/0 Internet GW
Availability Zone
VPC subnet
MCR Routing Table
10.0.0.0/24 172.16.0.2 (Next Hop)
10.0.1.0/24 172.16.0.2 (Next Hop)
10.0.2.0/24 172.16.0.2 (Next Hop)
172.31.0.0/16 169.254.6.137 (Next Hop)
172.16.0.0/30 Directly Connected
169.254.6.136/30 Directly Connected
eBGPVPN GW
ASN: 64666
VCN Default Routing Table
172.31.0.0/16 DRG
172.16.0.0/30 DRG
0.0.0.0/0 IGW
49Copyright © 2018, Oracle and/or its affiliates. All rights reserved.
Summary
After completing this lesson, you should have learned:
• FastConnect Public and Private Peering
• FastConnect Redundancy Options
• Intercloud connectivity options
• Hybrid Architectures using FastConnect
50Copyright © 2018, Oracle and/or its affiliates. All rights reserved.
cloud.oracle.com/iaas
cloud.oracle.com/tryit