Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Connectivity fast connect_201

104 views

Published on

In this course, you will learn the public and private peering FastConnect use-cases, and understand best practices and recommendations to design a redundant and highly available FastConnect connection with OCI

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Connectivity fast connect_201

  1. 1. 1Copyright © 2018, Oracle and/or its affiliates. All rights reserved.Copyright © 2018, Oracle and/or its affiliates. All rights reserved. Connectivity – FastConnect Level 201 Jamal Arif November 2018
  2. 2. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
  3. 3. 3Copyright © 2018, Oracle and/or its affiliates. All rights reserved. Objectives After completing this lesson, you should be able to: • Describe FastConnect Public and Private Peering • Discuss FastConnect Redundancy • Hybrid Architectures • InterCloud Connectivity • Pre-requisites: Connectivity – Level 100 • Pre-requisites: Connectivity – Level 200
  4. 4. 4Copyright © 2018, Oracle and/or its affiliates. All rights reserved. FastConnect Use Case Scenarios • Private Peering • Extension of the on premise network to the OCI VCN • Communication across connection with private IP addresses • Public Peering • To access public OCI services over dedicated FastConnect connection • Access Object storage, OCI Console or APIs • Communication across connection with public IP addresses
  5. 5. 5Copyright © 2018, Oracle and/or its affiliates. All rights reserved. FastConnect Use Scenarios • Private Peering • Extension of the on premise network to the OCI VCN • Communication across connection with private IP addresses • Public Peering • To access public OCI services over dedicated FastConnect connection • Access Object storage, OCI Console or APIs • Communication across connection with public IP addresses
  6. 6. 6Copyright © 2018, Oracle and/or its affiliates. All rights reserved. FastConnect (Private Connection) 6 ORACLE CLOUD INFRASTRUCTURE (REGION) Availability Domain 1 Customer or Partner Edge Oracle Edge FastConnect Datacenter Location Availability Domain 2 Availability Domain 3 Private Peering
  7. 7. 7Copyright © 2018, Oracle and/or its affiliates. All rights reserved. Private Peering network design • Routing Protocol – OCI currently supporting BGP(Border Gateway protocol) as a routing protocols for FastConnect connectivity to connect to partners as well as customers – BGP is standardized exterior gateway protocols designed to exchange routing and reachability information between ASNs – BGP is open standard protocol supported by all hardware vendor • BGP IP address assignment – Customer/L3 Provider can use any /30 or /31 ip address that they want to use. – This IP address is used for point to point addressing as well as BGP peer addresses
  8. 8. 8Copyright © 2018, Oracle and/or its affiliates. All rights reserved. Private Peering network design contd.. • BGP ASN – Similar to public and private addresses there are private (64512- 65535) & public ASN(1 - 64511) allocation – OCI only supports 2 byte ASN – The BGP ASN for OCI will be 31898 regardless of region – Customer can use any ASN that they comfortable using • LAG Support (Cross-Connect Groups) – You can aggregate multiple physical links in to a single logical channel based on IEEE 802.3ad also known as LACP (Link Aggregation Control Protocol) – LAG provides Link level redundancy and OCI always recommend partners and customer to build LAG even with Single physical member so when we have to scale up there is no downtime
  9. 9. 9Copyright © 2018, Oracle and/or its affiliates. All rights reserved. Private Peering network design contd.. (2) • BGP Authentication – OCI supports BGP authentication mechanisms like Message Digest5 (MD5) algorithms. When authentication in enable any TCP segment belonging to BGP exchanged between peers is verified and accepted only if Authentication is successful. – Most types of authentication require administration and can disproportionately consume router resources as a result. OCI doesn't recommend using it unless customer have hardcore requirement. – OCI will not use MD5 with partners • Prefix-Acceptance – OCI will accept any-prefix advertise by customer over the FastConnect BGP session – No restriction on prefix-length – The only limit is number of prefixes(2000) that customer can advertise over the VC/BGP session
  10. 10. 10Copyright © 2018, Oracle and/or its affiliates. All rights reserved. Private Peering network design contd.. (2) – BGP session will go down once customer reach to this limit – Customer can request more than 2000 prefix per BGP session but it's based on the request not by default as there is billing involved with it. • Prefix-advertisements – OCI will advertise all the Subnet routes that customer have created in their VCN over the BGP session
  11. 11. 11Copyright © 2018, Oracle and/or its affiliates. All rights reserved. BGP advertisement and Traffic-flow CI Icons – white with captions ID & Access Management Auditing Object Storage Virtual Cloud Network Load Balancer FastConnectVPN Dynamic Routing Gateway Internet Gateway FirewallVirtual Machine Container Oracle Cloud Identifier API/Service Route TableCustomer Premises Equipment Encryption Customer Data Center Security Lists Policies Compartments BucketsBack Up/ Restore Telemetry/ Monitoring Groups Backbone Data Transfer WAF CDN DNS AVAILABILITY DOMAIN – 3 AVAILABILITY DOMAIN - 1 AVAILABILITY DOMAIN - 2 VCN SUBNET SUBNET SUBNET CIDR 10.1.0.0/16 10.1.1.0/24 10.1.2.0/24 10.1.3.0/24 VCN Dynamic Routing Gateway 10.1.1.0/24 10.1.2.0/24 10.1.3.0/24 VPN-GW CPE/L3 Provider eBGP 10.1.1.0/24 10.1.2.0/24 10.1.3.0/24 Customer network 192.168.1.0/24 192.168.2.0/24 172.16.0.0/16 192.168.1.0/24 192.168.2.0/24 172.16.0.0/16 192.168.1.0/24 192.168.2.0/24 172.16.0.0/16 DRG routing-table 192.168.1.0/24 192.168.2.0/24 172.16.0.0/16 10.1.1.0/24 10.1.2.0/24 10.1.3.0/24
  12. 12. 12Copyright © 2018, Oracle and/or its affiliates. All rights reserved. FastConnect Use Scenarios • Private Peering • Extension of the on premise network to the OCI VCN • Communication across connection with private IP addresses • Public Peering • To access public OCI services over dedicated FastConnect connection • Access Object storage, OCI Console or APIs • Communication across connection with public IP addresses
  13. 13. 13Copyright © 2018, Oracle and/or its affiliates. All rights reserved. FastConnect (Public Peering Connection) 13 ORACLE CLOUD INFRASTRUCTURE (REGION) Availability Domain 1 Customer or Partner Edge Oracle Edge FastConnect Datacenter Location Availability Domain 2 Availability Domain 3 Public Peering Private Peering
  14. 14. 14Copyright © 2018, Oracle and/or its affiliates. All rights reserved. FastConnect (Public Peering Connection) • You choose which of your organization's public IP prefixes you want to use with the virtual circuit. Each prefix must be /31 or less specific. • Oracle verifies your organization's ownership of each prefix before sending any traffic for it across the connection. • When configuring your edge for public peering, make sure to give higher preference to FastConnect over your ISP • Oracle prefers the most specific route when routing traffic from Oracle Cloud Infrastructure to other destinations that means even if you have a IGW, replies to your verified public prefixes will go over the FastConnect connection. • You can add or remove public IP prefixes at any time by editing the virtual circuit
  15. 15. 15Copyright © 2018, Oracle and/or its affiliates. All rights reserved. Public Peering network design • BGP IP address assignment • In contrast to FastConnect-private, Customer’s Layer 3 point-to-point interface will be part of shared Internet routing-instance instead of unique DRG routing-instance. • Because of customers is going to share same routing-instance we need to make sure that the IP addresses are unique. • OCI will assign the point to point IPs from range(169.254.0.0/16) BGP Prefix-advertisement • OCI will advertise all the public prefixes for specific region customer is peering with • Public prefixes will include IP ranges that covers all public service offering by OCI • Public prefixes will also covers all the customer’s public VCN host prefixes
  16. 16. 16Copyright © 2018, Oracle and/or its affiliates. All rights reserved. • BGP Prefix-acceptance • Customer provides list of prefixes that they want to advertise via console • OCI accepts the public-prefixes only if prefixes are owned by customer. • OCI Check multiple Internet Route Registry database(Using Dyn tool) to verify who owns the prefixes before accepting the prefix from the customer. • BGP ASN • OCI will use 31898 ASN • Customer needs public ASN to peer with OCI Public Peering network design contd.
  17. 17. 17Copyright © 2018, Oracle and/or its affiliates. All rights reserved. • BGP Prefix-limitation • The only limit is number of prefixes(200) that customer can advertise over the VC/BGP session. BGP session will go down once customer reach to this limit • Customer can request more than 200 prefix per BGP session but it's based on the request not by default as there is billing involved with it. Public Peering network design contd. (2)
  18. 18. 18Copyright © 2018, Oracle and/or its affiliates. All rights reserved. 1 VPN-GW CPE Customer network Internet OCI Region OCI Public services IPs (Block storage, Casper. etc..) Customer’s Public VCN IPs 129.146.128.0/17 1.1.1.0/24 129.146.0.0/17 eBGP 129.146.128.0/17 1.1.1.0/24 129.254.0.0/17 129.254.128.0/17 1.1.1.0/24 BGP advertisement and Traffic-flow 129.146.0.0/17 1.1.1.0/24 129.254.0.0/17 129.254.128.0/17 129.254.0.0/17 129.254.128.0/17
  19. 19. 19Copyright © 2018, Oracle and/or its affiliates. All rights reserved. Private and Public Peering FastConnect-Private FastConnect-Public Use case To manage VCN resources privately To access OCI’s public service offering Typical bandwidth Higher bandwidth; increments of 1 Gbps, and 10 Gbps ports Higher bandwidth; increments of 1 Gbps, and 10 Gbps ports Protocols BGP BGP Point-to-point IPs Customer assigns IPs (/30 or /31) Oracle assign IPs (/30 or /31) Prefix-advertisement OCI advertises VCN subnet routes OCI advertises public VCN routes and public Services routes Prefix-validation Not needed OCI does validation that prefixes are owed by customer or not Prefix-limit 2000 200 BGP ASN Any ASN Public ASN
  20. 20. 20Copyright © 2018, Oracle and/or its affiliates. All rights reserved. FastConnect Redundancy – Best Practices
  21. 21. 21Copyright © 2018, Oracle and/or its affiliates. All rights reserved. • Have multiple redundant connections into OCI and avoid having single points of failure in your design. • For IPSec VPN - OCI recommends using multiple connections from redundant physical devices at the customer premises. High availability connections require redundant hardware, even when connecting from the same physical location • OCI FastConnect provides multiple redundancy options, and its recommended to use multiple vendors if financially feasible to ensure you have redundant network connections • Plan for sufficient network capacity with your FastConnect virtual circuits to ensure individual circuits are not overwhelmed in case of failures on redundant circuits • Have a service level redundancy by creating a IPsec VPN service alongside FC. Oracle always prioritizes FC over VPN connection. FastConnect Redundancy
  22. 22. 22Copyright © 2018, Oracle and/or its affiliates. All rights reserved. FastConnect Redundancy With FastConnect there are multiple types of redundancy • Transit POP redundancy • Router redundancy with-in a single Transit POP • Partner redundancy • Service redundancy Oracle provides: • Per region: 2 Oracle points of presence (POPs), for location redundancy. Each is connected to all of Oracle’s Availability Domains in the region • Per Oracle POP: 2 routers, for router redundancy This means for every region, you could have up to 4 independent physical cables to Oracle. Your ideal goal is to have 2 virtual circuits per customer, one per Oracle POP
  23. 23. 23Copyright © 2018, Oracle and/or its affiliates. All rights reserved. Redundancy: Connectivity Model Colocation or colocation via third party Network Provider • Transit POP redundancy Customer Edge 1 Oracle Edge 1 Customer Edge 2 Oracle Edge 2 Router 1 Virtual Circuit Cross-Connect (Physical Connection) Router 1 Router 1 Router 1 Virtual Circuit 1 Virtual Circuit 2 FastConnect POP Location 1 FastConnect POP Location 2 Cross-connect Group (LAG)
  24. 24. 24Copyright © 2018, Oracle and/or its affiliates. All rights reserved. Redundancy: Connectivity Model Colocation or colocation via third party Network Provider Router redundancy with-in a single Transit POP Customer Edge Oracle Edge Router 1 Virtual Circuit Router 2 Router 1 Router 2 FastConnect POP Location 1 Virtual Circuit 1 Virtual Circuit 2 Cross-Connect (Physical Connection) Cross-connect Group (LAG)
  25. 25. 25Copyright © 2018, Oracle and/or its affiliates. All rights reserved. Redundancy: Connectivity Model Oracle Partner (Layer 2) • For a Layer 2 partner, a given virtual circuit can run on only a single port group (formerly known as Cross-Connect) (LAG), or single cross-connect (an individual cable, no LAG). • Redundancy can be achieved by provisioning 2nd virtual circuit. • Partner will make sure that 2nd virtual circuit will land on redundant cross-connect LAG between them and Oracle. • Redundant cross-connect LAG could land in same POP or different POP depending upon connectivity between partner and oracle. • Active/Active or Active/Passive setup is possible with “LP” and “AS_PATH” BGP attributes influencing egress traffic from customer and OCI respectively
  26. 26. 26Copyright © 2018, Oracle and/or its affiliates. All rights reserved. Redundancy: Connectivity Model Oracle Partner (Layer 2) – Transit pop redundancy Partner Edge 1 Oracle Edge 1 Partner Edge 2 Oracle Edge 2 Router 1 Router 1 Router 1 Router 1 Virtual Circuit 1 Virtual Circuit 2 FastConnect POP Location 1 FastConnect POP Location 2 Virtual Circuit Cross-Connect (Physical Connection) Cross-connect Group (LAG)
  27. 27. 27Copyright © 2018, Oracle and/or its affiliates. All rights reserved. Redundancy: Connectivity Model Oracle Partner (Layer 2) – Router redundancy Partner Edge Oracle Edge Router 1 Virtual Circuit Router 2 Router 1 Router 2 FastConnect POP Location 1 Virtual Circuit 1 Virtual Circuit 2 Cross-Connect (Physical Connection) Cross-connect Group (LAG)
  28. 28. 28Copyright © 2018, Oracle and/or its affiliates. All rights reserved. Partner X Network Oracle POP 1 Oracle POP 2 PE Router 1 Router 1 OCI Region Customer DC PE PECPE Virtual Circuit -1 Virtual Circuit -2 Layer 2 Partners : Megaport, Equinix, CenturyLink Oracle requires redundancy with Partners Customer Partner Oracle • Order 2X VC with Oracle • Order 2X cross-connects to partner • Min 2X Circuits to Oracle. • Provisions 2nd VC on redundant cross- connect • Min 2X Circuits to Partner • Agreement with partner to Provision 2nd VC on redundant cross-connect For Redundancy Customer responsible for redundancy
  29. 29. 29Copyright © 2018, Oracle and/or its affiliates. All rights reserved. Redundancy: Connectivity Model Oracle Partner (Layer 3) • For a Layer 3 partner, a given virtual circuit can run on multiple cross-connect groups (LAGs) or multiple cross-connects (a cross-connect is an individual cable, no LAG), which provides router redundancy for the virtual circuit. • Customer would get 2 BGP sessions tied to single virtual circuit by default running over redundant cross-connect group or cross-connects. • Partner and Oracle will make sure that 2nd BGP session will land on redundant cross-connect LAG between partner and Oracle. • Customer can still provision 2nd virtual circuit with additional cost should they need redundancy with virtual circuits
  30. 30. 30Copyright © 2018, Oracle and/or its affiliates. All rights reserved. Redundancy: Connectivity Model Oracle Partner (Layer 3) – Transit pop redundancy Partner Oracle POP 1 Partner Oracle POP 2 Router 1 Router 1 Router 1 Router 1 FastConnect POP 1 Virtual Circuit 1 Virtual Circuit 2 Router 2 Router 2Router 2 Router 2 FastConnect POP Location 2 Virtual Circuit Cross-Connect (Physical Connection) Cross-connect Group (LAG)
  31. 31. 31Copyright © 2018, Oracle and/or its affiliates. All rights reserved. Redundancy: Connectivity Model Oracle Partner (Layer 3) –Router redundancy Partner Edge Oracle Edge Router 1 Virtual Circuit Router 2 Router 1 Router 2 FastConnect POP Location 1 Virtual Circuit 1 Cross-Connect (Physical Connection) Cross-connect Group (LAG)
  32. 32. 32Copyright © 2018, Oracle and/or its affiliates. All rights reserved. Partner X Network Oracle POP 1 Oracle POP 2 PE Router2 Router 1 OCI Region Customer DC PE PECPE Virtual Circuit -1 Layer 3 Partners :Verizon, BT Router 1 Router2 Virtual Circuit-2 BGP Session Oracle require redundancy with Partners Customer Partner Oracle • Order 2X VC with Oracle • Order 2X cross-connects to partner • Min 2X Circuits to Oracle • Runs 2BGP sessions with Oracle • Min 2X Circuits to Partner • Runs 2 BGP sessions with Partner. For Redundancy Customer responsible for redundancy
  33. 33. 33Copyright © 2018, Oracle and/or its affiliates. All rights reserved. • For partner or provider level redundancy, customer should have redundant links to partner. • Most Partners already have redundant links to OCI. • Connections on different routers on partner’s network. • Provision virtual circuits across multiple provider links Confidential – Oracle Internal/Restricted/Highly Restricted 14 REGION FASTCONNECT LOCATION1 FASTCONNECT LOCATION2 AVAILABILITY DOMAIN1 AVAILABILITY DOMAIN2 VCN PRIVATE SUBNET 10.2.3.0/24 PRIVATE SUBNET 10.2.2.0/24 VIRTUAL CIRCUIT #1 DRG EDGE CUSTOMER NETWORK 10.0.0.0/16 CPE EDGE Public Internet DST IP: 0.0.0.0/0 IGW Physical CIRCUIT #1 EDGE Physical CIRCUIT #2 EDGE Cloud Service Provider #1 Cloud Service Provider #2 VIRTUAL CIRCUIT #2 Partner or Provider Redundancy
  34. 34. 34Copyright © 2018, Oracle and/or its affiliates. All rights reserved. • Customer can provision IPsec along with FastConnect. • IPsec can be treated as back up incase if FastConnect fails • Egress traffic from OCI will prefer FastConnect.* • Bandwidth, latency concerns over IPsec • Highly recommended if customer has single FastConnect to OCI Confidential –OracleInternal/Restricted/Highly Restricted 11 REGION FASTCONNECT LOCATION1 FASTCONNECT LOCATION2 AVAILABILITY DOMAIN1 AVAILABILITY DOMAIN2 VCN PRIVATE SUBNET 10.2.3.0/24 PRIVATE SUBNET 10.2.2.0/24 Public Internet DRG EDGE PROVIDER NETWORK CUSTOMER NETWORK 10.0.0.0/16 CPE EDGE EDGE EDGE Public Internet DST IP: 0.0.0.0/0 IGW IPSecVPNCONNECTION VIRTUALCIRCUIT #1 VIRTUALCIRCUIT #1 Service Redundancy
  35. 35. 35Copyright © 2018, Oracle and/or its affiliates. All rights reserved. Site-to-Site VPN FastConnect Use case Dev/test and small scale production workloads Enterprise-class and mission critical workloads, Oracle Apps, Backup, DR Supported Services All OCI Services within VCN – compute –VMs and BMs, Database All OCI Services within VCN – compute – VMs and BMs, Database Typical bandwidth Typically < 250 Mbps aggregate Higher bandwidth; increments of 1 Gbps, and 10 Gbps ports Protocols IPsec BGP Routing Static Routing Dynamic Routing Connection Resiliency active-active active-active Encryption Yes, by default No * (can be achieved using virtual firewall) Pricing • Billable port hours • No data transfer charge between ADs SLA No SLA 99.9% Availability SLA IPsec VPN and FastConnect
  36. 36. 36Copyright © 2018, Oracle and/or its affiliates. All rights reserved. Hybrid Architectures using FastConnect
  37. 37. 37Copyright © 2018, Oracle and/or its affiliates. All rights reserved. Hybrid Architectures • In Hybrid deployments, customers have on-premises workloads that require connectivity with OCI services (compute instances with in a VCN or OCI public services like Object Storage) • Three ways to establish this connectivity • Accessing OCI resources using Public IPs over Public Internet • Accessing OCI resources using Private IPs leveraging site-to-site IPsec VPN over public Internet • Accessing OCI resources using over a private dedicated circuit leveraging OCI FastConnect • Typical application architectures that require hybrid connectivity • Three-Tier Web Application
  38. 38. 38Copyright © 2018, Oracle and/or its affiliates. All rights reserved. Three-Tier Web Applications • During phased application migration, hybrid connectivity is required for instance your web and app servers are in OCI and DB on-premises. VCN Web Servers App Server Client On-premises Network or Internet Gateway DB Server Load Balancer Virtual Cloud Network
  39. 39. 39Copyright © 2018, Oracle and/or its affiliates. All rights reserved. Three-Tier Web Applications (2) • Another way to load balancer traffic between multiple environments is to use DNS based Load Balancing • DNS record mapping to your domain name that has IP of OCI Public Load Balancer and your on-premises load balancer VCN Web Servers App Server Client On-premises Network Internet Gateway DB Server Load Balancer Virtual Cloud Network DNS App Server Webb Server
  40. 40. 40Copyright © 2018, Oracle and/or its affiliates. All rights reserved. Network Consistent Apps with dedicated Virtual Circuit a. Same VCN VCN Customer or Partner Edge Oracle Edge Router FastConnect Datacenter Location Oracle Edge Router Dev App Prod App On-premises Network 1 Gbps OCI Region • Create multiple Virtual Circuits over FC physical connection (different router same POP or different routers different POP) and use • AS PATH prepends to make 1Gbps virtual circuit primary for dev traffic and 10Gbps Virtual Circuit Primary for Prod Traffic
  41. 41. 41Copyright © 2018, Oracle and/or its affiliates. All rights reserved. VCN Network Consistent Apps with dedicated Virtual Circuit a. Separate VCN VCN Customer or Partner Edge Oracle Edge Router FastConnect Datacenter Location Oracle Edge Router Dev App Prod AppOn-premises Network 1 Gbps OCI Region • Create multiple Virtual Circuits with different DRG over FC physical connection (different router same POP or different routers different POP) and use • AS PATH prepends to make 1Gbps virtual circuit primary for dev traffic and 10Gbps Virtual Circuit Primary for Prod Traffic
  42. 42. 42Copyright © 2018, Oracle and/or its affiliates. All rights reserved. VCN Accessing OCI Public Services (Object Storage) over FC Public Peering Customer or Partner Edge Oracle Edge Router FastConnect Datacenter Location On-premises Network OCI Region • Accessing Object Storage services on OCI is one of the common hybrid connectivity use cases • OCI will advertise all the public prefixes for specific region customer is peering with • Public prefixes will include IP ranges that covers all public service offering by OCI • Public prefixes will also covers all the customer’s public VCN host prefixes Object Storage
  43. 43. 43Copyright © 2018, Oracle and/or its affiliates. All rights reserved. Intercloud Connectivity
  44. 44. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Virtual Router Multi-Cloud Connectivity using FastConnect Customer directly connected to both clouds. • Private circuit to both clouds • Customer responsible for routing. • Reduced latency depending on where customer is located. • Minimum incremental cost, minimum implementation time Oracle Cloud Infrastructure Azure AWS Customer Data Center Customer Data Center CPE Oracle Cloud Infrastructure AWS Azure Customer Data Center CPE Partner Network Customer connected to partner who has connectivity to multiple cloud providers. • Partners are coming up with virtual router(or equivalent) products (E.g MCR) • Virtual router would keep latency to minimum • Customer may have existing relationships which would lead to minimal implementation time. • Enables seamless, direct access to multiple clouds.
  45. 45. 45Copyright © 2018, Oracle and/or its affiliates. All rights reserved. Demo: Via Partner • Partners who has multi-cloud connectivity. • Minimal implementation time due to existing relationship • Minimized cost due existing relationship. • Reduced troubleshooting time for operational issue. • Enables seamless, direct access to multiple clouds.
  46. 46. 46Copyright © 2018, Oracle and/or its affiliates. All rights reserved. ORACLE CLOUD INFRASTRUCTURE (Ashburn) AWS – OCI Connectivity via Megaport Logical Connectivity – L3 AD 3 AD1 AD 2 Subnet A 10.0.30.0/24 Subnet B 10.0.40.0/24 Subnet C 10.0.50.0/24 virtual private cloud (Ohio East) Availability Zone Availability Zone Availability Zone VPC subnetVPC subnet VPC subnet Megaport Cloud Router eBGPeBGP VXCVXC virtual private Gateway Demo available on Confluence (Demo Section)
  47. 47. 47Copyright © 2018, Oracle and/or its affiliates. All rights reserved. AWS – OCI Connectivity via Megaport • Setup VCN and associate a DRG with VCN • Create a FC Virtual Circuit with Megaport Partner • Setup a Megaport Cloud Router • Create a VXC from MCR to OCI (use OCID and BGP info from OCI) • FastConnect VC provisioned with OCI • Setup a VPC and associate a Virtual Private Gateway on AWS • Create a VXC from MCR to AWS • Accept VIF on AWS • Propagate routes to VPC Route table • AWS – OCI Connectivity Provisioned Demo available on Confluence (Demo Section)
  48. 48. 48Copyright © 2018, Oracle and/or its affiliates. All rights reserved. 4 BGP advertisement and Traffic-flow CI Icons – white with captions ID & Access Management Object Storage Virtual Cloud Network Load Balancer FastConnectVPN Dynamic Routing Gateway FirewallVirtual Machine Container Oracle Cloud Identifier API/Service Route TableCustomer Premises Equipment Encryption Customer Data Center Security Lists Policies Compartments Back Up/ Restore Telemetry/ Monitoring Backbone Data Transfer WAF CDN DNS AVAILABILITY DOMAIN – 3 AVAILABILITY DOMAIN - 1 AVAILABILITY DOMAIN - 2 VCN SUBNET SUBNET SUBNET CIDR 10.0.0.0/16 10.0.0.0/24 10.0.1.0/24 10.0.2.0/24 Dynamic Routing Gateway ASN: 31898 MCR ASN: 64555 eBGP DRG Routing Table 10.0.0.0/24  Directly Connected 10.0.1.0/24  Directly Connected 10.0.2.0/24  Directly Connected 172.31.0.0/16  172.16.0.1 (Next Hop) 172.16.0.0/30  172.16.0.1 (Next Hop) 169.254.6.136/30  172.16.0.1 (Next Hop) 172.16.0.0/30 .1 .2 virtual private cloud 172.31.0.0/16 169.254.6.136/30 .37 .38 VPC Routing Table 10.0.0.0/24  VPN GW 10.0.1.0/24  VPN GW 10.0.2.0/24  VPN GW 10.0.0.0/16  VPN GW 172.16.0.0/30  VPN GW 169.254.6.136/30  VPN GW 172.31.0.0/16  Local 0.0.0.0/0  Internet GW Availability Zone VPC subnet MCR Routing Table 10.0.0.0/24  172.16.0.2 (Next Hop) 10.0.1.0/24  172.16.0.2 (Next Hop) 10.0.2.0/24  172.16.0.2 (Next Hop) 172.31.0.0/16  169.254.6.137 (Next Hop) 172.16.0.0/30  Directly Connected 169.254.6.136/30  Directly Connected eBGPVPN GW ASN: 64666 VCN Default Routing Table 172.31.0.0/16  DRG 172.16.0.0/30  DRG 0.0.0.0/0  IGW
  49. 49. 49Copyright © 2018, Oracle and/or its affiliates. All rights reserved. Summary After completing this lesson, you should have learned: • FastConnect Public and Private Peering • FastConnect Redundancy Options • Intercloud connectivity options • Hybrid Architectures using FastConnect
  50. 50. 50Copyright © 2018, Oracle and/or its affiliates. All rights reserved. cloud.oracle.com/iaas cloud.oracle.com/tryit

×