Oracle Cloud Networking And Security Exposed

Oracle Network Cloud Service
Foundations & Offering
Giuseppe Russo
Chief Technologist, Systems LoB
Claudio Paolucci
Principal Sales Consultant, Systems LoB
BrainTalks , Oracle Italy Systems Presales Linkedin Group
PRESENTS:

2
Agenda
• Why Networking matter in Cloud Computing?
• The Internet Layer revised
• Multi Protocol Label Switching
• Protecting Data in Transit - What is VPN?
• FastConnect - Overview

Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Why Networking matter in Cloud
Computing?

Why Networking matter in Cloud Computing?
• The National Institute of Standards and Technology (NIST) defines the
essential characteristics of cloud computing:
– Broad network access: Capabilities are available over the network and accessed
through standard mechanisms that promote use by heterogeneous thin or thick client
platforms (for example, mobile phones, laptops, and personal digital assistants
[PDAs]) and other traditional or cloud-based software services.
– Image Rapid elasticity
– Measured service
– On-demand self-service
– Resource pooling
Oracle Confidential – Internal 4

A typical cloud service context
• workstations within an
enterprise LAN or set of LAN
• connected by a router through
a network or the Internet to the
CSP
• CSP maintains a massive
collection of servers, which it
manages with a variety of
network management,
redundancy, and security tools

Cloud network model developed by ITU-T
• CSP maintains one or more local or regional cloud
infrastructures
• An intracloud network connects the elements of
the infrastructure, including database servers,
storage arrays, and other servers (FW, LB, IDS/IPS)
• Within the infrastructure, database servers are
organized as a cluster of virtual machines, providing
virtualized, isolated computing environments for
different users
• a core transport network is used by customers to
access and consume cloud services deployed within
the CSP data center
ITU-T. Focus Group on Cloud Computing Technical Report Part 3

Complete Infrastructure for Enterprise Workloads
Oracle Cloud Infrastructure
Compute
Elastic Compute
Network
Software-Defined
Storage
Elastic Storage

Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 8
Oracle Network Cloud Fast
Connect PE
Connect SE
VPN
Dedicated
Routers
Enterprise
Data Center
Branch
Office
MPLS/ECX
Enterprise
Data Center
Branch
Office
Confidential – Oracle Internal
Oracle Network Cloud Services

Problem Statement
9
 Public internet is shared, unpredictable and
unsecure.
 Applications that need to transfer large volume
of data require higher WAN bandwidth.
 Some applications are sensitive to network
latency.
 Sensitive data traversing through public internet
is a huge security risk.
 Enterprises would like to have access to
Dedicated compute zone as a part of their own
network
Security
and
Privacy
CIO’s
Concerns
Speed of IT
Delivery
and Time
to Market

Solution
10
Compute Storage
Backup
DatabaseJava
Big Data
 FastConnect
 Deterministic route to Oracle
Public Cloud with predictable
performance over 1G or 10G link
 VPN
 Encrypted data transfer
between your Datacenter and
Oracle Public Cloud while
extending your private network

Routing: The primary function of Internet
• a path or route through the network must be
determined
• more than one route is possible
• the selection of a route based on some
performance criterion:
– the minimum-hop route
– associated line’s costs
– Others
accept packets from a source station and deliver them to a destination station

Routing: Packet Forwarding
determining the right path

Routing: Packet Forwarding
• Each router makes routing decisions
based on knowledge of the topology
and traffic/delay conditions of the
internet
• the router must avoid:
– portions of the network that have failed
– portions of the network that are congested
• To make such dynamic routing
decisions, routers exchange routing
information using routing protocols
determining the right path

The Internet Layer revised

InfiniBand
Network Layered Design

Network Layer Design Issue
• Connection Oriented or Connectionless
• Reliable or Unreliable
Connection
Oriented
Connectionless
Reliable ATM
Unreliable IP
• Connection Oriented  virtual circuit (telephone systems)
• Connectionless  datagrams (like telegrams)
• The idea behind virtual circuits is to avoid having to choose a new route for every
packet sent.
• In datagrams networks successive packets may follow different routes.

Network Layer Design Issue
Issue Datagram Net VC net
Circuit Setup Not needed Required
Addressing
Each packet contains the full source and
destination address
Each packet contains a short VC number
State Information Net does not hold state information Each VC requires net table space
Routing Each packet is routed independently Route chsen when VC is set-up; all packets follow this route
Effect of Router Failure None; except for packets lost during the crash All VCs that passed throught the failed router are terminated
Congestion Control Difficult Easy if enough buffers can be allocated in advance for each VC
• For transaction processing systems use of VCs makes
little sense.
• In line sconnectiong DCs VCs that are set-up manually
and last for months or years may be useful.
datagrams virtual circuits
connectionless
UDP
IP
UDP
IP
ATM
connection oriented
TCP
IP
ATM AAL1
ATM
L3
L4

IP Protocol | IP Address
Special IP addresses
Net Type # Net # Host
A 126 16M
B 16382 64K
C 2M 254
• IP header has a 20-byte fixed part and a
variable length part
• Is transmitted in big-endian order (like SPARC).
In x86 CPU translation is required.

IP Protocol | IP Subnet & CIDR
• Classless Inter-Domain Routing (CIDR) is a method for allocating IP addresses and routing Internet Protocol packets.
• The IETF introduced CIDR in 1993 to replace the previous addressing architecture of classful network design in the
Internet.
• CIDR main goal was to slow the rapid exhaustion of IPv4 addresses.
• 192.168.100.14/24 represents the IPv4 address 192.168.100.14 and its associated routing prefix 192.168.100.0, or
equivalently, its subnet mask 255.255.255.0, which has 24 leading 1-bits. Old notation is 192.168.100.0/255.255.255.0
Consider 192.168.100.0/22 → 11000000.10101000.01100100.00000000
First address 11000000.10101000.01100100.00000000 → 192.168.100.0
Last address 11000000.10101000.01100111.11111111 → 192.168.103.255
• a.b.c.d/30 glue network (point-to-point link) and a.b.c.d/31 point-to-point link (RFC3021).

IP Protocol | IPv6
• IPv6 was developed by the Internet Engineering Task Force (IETF) to deal with the long-anticipated problem of IPv4
address exhaustion.
• IPv6 is intended to replace IPv4. a.b.c.d  84 bit 232 addresses = 4.3 109
(e.g. www.facebook.com IPv4  31.13.90.36)
a.b.c.d.e.f.g.h  168 bit 2128 addresses = 3.4 1038
(e.g. www.facebook.com IPv6  2a03:2880:f01a:1e:face:b00c:0:25de)
19109 IP/cm3
• As of 2014, IPv4 still carried more than 99% of worldwide Internet traffic.
• The Internet exchange in Amsterdam is the only large exchange that publicly shows IPv6 traffic statistics, which as of
November 2016 is tracking at about 1.6%, growing at about 0.3% per year.
• As of 22 April 2015, deployment of IPv6 on web servers also varied widely, with over half of web pages available via
IPv6 in many regions.

TCP/IP | Stacking Headers

Routing Algorithm
• Non adaptive algorithm
– Routing decision not based on measurement or estimates of traffic or
topology (aka static routing).
• Adaptive algorithm
– Change routing decision to reflect changes in traffic and topology.
22
• virtual circuits  routing decision made when VC is being set-up
• datagrams  routing decision made for every arriving data packet
Optimality Principle
If router J is on the optimal path from I to K,
then the optimal path from J to K falls along
the same route.
I 
 J
 Kr1
r2
A








A








sink tree – no loop
The goal of all routing algorithm is to discover
and use the sink tree for all routers.

Shortest Path Routing | Static
23
• Labeling for distance, queing time and latency
• Dijkstra (1959)

Distance Vector Routing | Dynamic
24
• Bellman-Ford or Ford-Fulkerson
• Used in ARPANET and Internet with name RIP (Routing Information Protocol)
• In the vector we can have hop, queue lenght, delay (measured with ECHO packets)
PING (Packet INternet Groper)
ICMP (Internet Control Message Protocol)
ECHO request / ECHO reply

Hierarchical Routing
25
• As net grow in size, router routing tables grow
proportionally
• Router are divided in regions
• Router know details about region
• Router know nothing about other regions
• regions → clusters → zones → groups


 
 
 


 1A
1B
1C
2A 2B
2D2C
5B
5C
5D
5E
5A
4A
4C4B
3B
3A
Dest. Line Hops
1A - -
1B 1B 1
1C 1C 1
2A 1B 2
2B 1B 3
2C 1B 3
2D 1B 4
3A 1C 3
3B 1C 2
4A 1C 3
4B 1C 4
4C 1C 4
5A 1C 4
5B 1C 5
5C 1B 5
5D 1C 6
5E 1C 5
Full table for 1A
Dest. Line Hops
1A - -
1B 1B 1
1C 1C 1
2 1B 2
3 1C 2
4 1C 3
5 1C 4
Hierarchical table for 1A

The Network Layer in Internet | AS
26
• Autonomous System (AS) is a network or a group of networks
under a single administrative domain.
• ASs have a unique routing policy for their networks.
• Everything inside the AS is internal.
• Thus AS helps to draw a line between the external routing and
the internal routing.
• ASN is a unique 32-bit number allocated by IANA (Internet
Assigned Numbers Authority) in block to the RIRs (5 Regional
Internet Registry)
• ASN for private use are 64512-65534
• Routing inside the AS would be done by the internal routing
protocols and…
• …external routing protocol would be responsible for routing
between these ASs.

• Interior Gateway Routing Protocols (used inside the ASs) e.g. OSPF, RIP, EIGRP, etc.
• Exterior Gateway Routing Protocols (used between ASs) BGP (Border Gateway Protocol)
Enhanced Interior Gateway
Routing Protocol (by CISCO)
The Network Layer in Internet | ASs

• The Internet Backbone is simply the collection of the physical infrastructure (layer 1 to 3) that connects
one large network (i.e. an autonomous system) with another large network.
• The majority of these networks are ISPs and NSPs (Network Service Providers), and a few might be other
giant companies.
• The internet backbone is decentralized, distributed and managed by no single organization or entity.
• There are different ways to connect networks: transit, peering, IXPs (Internet Exchange Points) .
The Network Layer in Internet | Backbones
Big ISP
Small ISP
Upstream Provider
sell “transit service”
ISP A ISP B
Private Peering
ISP A ISP B
Peering via IXP
(e.g. TIX, MIX)
ISP A
IXP

The Network Layer in Internet | Global Traffic Flow

Interior Gateway Routing Protocol | OSPF
• Originally used distance vector or RIP
• In 1978 was replaced by link state
• In 1988 IETF began work on a successor
• It became a standard a standard in 1990: OSFP (Open
Shortest Path First) – RFC1247
• OSFP:
• is open
• support a variety of metrics (distance, delay, etc.)
• dynamic
• ToS support (e.g. IP ToS for real time traffic)
• load balancing
• support hierarchical systems
• security
OSPF OSPF
BGP

  




Area1 Area2 Area3
Backbone
Area Border
Router
Backbone Router
Internal Router
ASi

Exterior Gateway Routing Protocol | BGP
• For example:
• No transit through certain ASs
• Never put Iraq on a route starting at Pentagon
• Traffic starting at Oracle should not transit Microsoft
• etc.
• Policies are manually configured into each BGP router.
• From BGP point-of-view nets are grouped in:
• stub networks (1 connection to BGP graph)
• multiconnected networks (used for transit traffic, if accepted)
• transit network (backbones, handles 3-party packets)
AS 1 AS 2
AS 3
• EGRP have to worry about politics.

Exterior Gateway Routing Protocol | BGP
• BGP is a vector distance protocol with cost = accepted path
• router discard E and I
• choose between B and G based on scoring
• any route violating a policy has a score of infinity
• scoring function is not part of the BGP protocol
• BGP is described in RFC1654 (and RFC1268)
• Among routing protocols, BGP is unique in using TCP as its transport protocol.

MPLS | Introduction
• Multiprotocol Label Switching was invented to join technical features of IP and ATM
• Different protocol was proposed based on common principles:
• Use a standard routing protocol (e.g. OSPF) to find the route
• Label the path
• Attach the label to the packets (layer 2.5 protocol)
• Packet switching made on label basis (label switching)
• ATM is based on label switching and in the ‘90 ATM performance was higher than IP
• MPLS was released in January 2001; at that time IP performance was greater than ATM one
• MPLS survived for different reasons:
• QoS – IP is connectionless while circuits quarantee QoS
• Traffic Engineering – Whit MPLS is possible to create different paths and distribute traffic on available
resources
• Advanced Services – VPN is the more important
• Fault tolerance – Path reconfiguration in case of router fault

MPLS | Architecture
MPLS Domain
LSP (Label Switched Path) in a MPLS network

Protecting Data in Transit | What is VPN?

What is VPN?
• A virtual private network (VPN) in the context of IAAS/PAAS extends a private
network across the internet into the Cloud
• VPN provides the necessary security and control, enterprises need to move their
workloads into the cloud
• VPN connects two endpoints over a public network to form a logical connection.
• VPN technologies can be classified broadly on these logical connection models as
Layer 2 VPNs or Layer 3 VPNs
• VPN add a “delivery header” in front of the payload to get it to the destination site

Types of VPN
• Remote Access
– Provides a remote user access to the enterprise network
– Example: CiscoAnyConnect
• Site to Site
– A site-to-site VPN uses a VPN gateway appliance to connect one network to another
– Several Software or Hardware based solutions available
• Corente
• Cisco
• Juniper and others
37

Types of VPN: L2 VPN
• Layer 2 VPNs
– point-to-point and establish connectivity between sites over a virtual circuit.
– A virtual circuit is a logical end-to end connection between two endpoints in a
network, and can span multiple elements and multiple physical segments of a
network.
– The virtual circuit is configured end-to-end and is usually called a permanent virtual
circuit (PVC)
– A dynamic point-to-point virtual circuit is also possible and is known as a switched
virtual circuit (SVC)
– One of the advantages of a Layer 2 VPN is the independence of the Layer 3 traffic
payload that can be carried over it
38

Types of VPN: L3 VPN
• the delivery header is at Layer 3
of the OSI model
• Layer 3 VPNs can be:
– point-to-point to connect two sites
such as GRE and IPSec
– may establish any-to-any
connectivity to many sites using
MPLS VPNs.
39

Offering

Connect PE
Connect SE
VPN
Dedicated
Routers
Enterprise
Data Center
Branch
Office
MPLS/ECX
Enterprise
Data Center
Branch
Office
Confidential – Oracle Internal

FastConnect | Overview

• Dedicated: Access your Oracle Public cloud services in
a secure, consistent and cost effective manner.
• Reliable: Delivered as a fully redundant service with
two physical connections from your network edge.
• Standards Based: Leverages industry standard BGP
routing to manage the exchange of routes between
Oracle Public Cloud and your networks.
• Rapid Service Provisioning: Service can be turned up
rapidly (in minutes) if you are already in the same
Datacenter.
FastConnect : Overview
43
FastConnect Partner Edition

FastConnect | Use Cases
• Bidirectional transfer of large volumes of data
(batch jobs)
• Application that require consistent latency and
network performance
• Sensitive data transfers that cannot traverse the
public internet
44
MPLS VPN service
Public facing services
from Oracle Public Cloud.
DMZ
(Public Access)
Customer Collocated at same
Datacenter as Oracle
Private
cloud
DMZ
(Public Access)
Customer Premise
(Remote Datacenter)
Private
cloud
DMZ
(Public Access)
Customer DMZ within Equinix
datacenter
DMZ
(Public Access)
Customer DMZ (Not at Equinix
datacenter)
DMZ
(Public Access)
Customer Private Network
(MPLS VPN service)
Private
cloud
Equinix
Cloud
Exchange
MPLS-Service-Provider
Gateway
Private line
Private Line
Private network extension
Private Ethernet WAN link
Local crossconnect within
datacenter
Private Extension Public services
Metro/ City
Fast Connect Routers Internet Routers
Oracle Data Center
Public
Services
Public
services
Dedicated
Compute
Dedicated
Compute
Oracle Data Center
IPSec
Tunnel
IPSec
Tunnel IPSec
Tunnel
IPSec
Tunnel

• Standard Edition
• Connectivity at any Datacenter with Oracle Cloud
Service collocated
• Partner Edition - Equinix Cloud Exchange
• Easy connectivity at Equinix facilities
• Partner Edition - BT Cloud Connect (EMEA)
• Directly connect your BT MPLS IP VPN to Oracle
Public Cloud Services
• Partner Edition - Verizon SCI (NA)
• Leverage your existing Verizon infrastructure (MPLS
IP VPN) to connect to Oracle Public Cloud Services
FastConnect : Options
45

MPLS VPN service
Public facing services
DMZ
(Public Access)
Customer Collocated at same
Datacenter as Oracle
Private
cloud
DMZ
(Public Access)
Customer Premise
(Remote Datacenter)
Private
cloud
DMZ
(Public Access)
Customer DMZ within Equinix
datacenter
DMZ
(Public Access)
Customer DMZ (Not at Equinix
datacenter)
DMZ
(Public Access)
Customer Private Network
(MPLS VPN service)
Private
cloud
Equinix
Cloud
Exchange
MPLS-Service-Provider
Gateway
Private line
Private Line
Private network extension
Private Ethernet WAN link
Local crossconnect within
datacenter
Metro/ City
Fast Connect Routers Internet Routers
Oracle Data Center
Public
Services
Public
services
Dedicated
Compute
Dedicated
Compute
Oracle Data Center
IPSec
Tunnel
IPSec
Tunnel IPSec
Tunnel
IPSec
Tunnel
46
FastConnect : Options
• Customers will be able to access their
Oracle PaaS and Compute services
through one of the following options
• Equinix Cloud Exchange - for all
Platform or Compute services that
are publicly accessible
• MPLS/VPN service provider
Gateways – for publicly accessible
Platform and Compute services as
well as Dedicated Compute
• Direct connectivity from customer
premise or from the customer cage
– for publicly accessible Platform
and Compute services as well as
Dedicated Compute
Oracle Confidential – Restricted

FastConnect : Scenarios
There can be two scenarios
• Local
– Customer is considered as Local if they are collocated in the same Datacenter in the city
where they desire Oracle Cloud Services
• Remote
– Customer is considered as Remote if they are NOT collocated in the Datacenter in the city
where they desire Oracle Cloud Services.
47Oracle Confidential – Restricted

Public Internet
Metro/ City
Fast Connect Routers
Public facing services from Oracle
Public Cloud.
Customer
DMZ
(Public access)
Customer Collocated at same Datacenter as Oracle
Customer
Private network
Internet Routers
Customer orders crossconnects from
the Datacenter provider to Oracle
cage. LOA/CFA will be provided by
Oracle to the customer
Provisioned by Datacenter provider
Customer establishes BGP Peering
with Oracle after physical connectivity
to Oracle routers is setup
Datacenter where Fast Connect will be available
Customer orders Oracle Fast-Connect
Standard Edition from Oracle
Provisioned by Oracle
Dedicated
ComputeDedicated
Compute
Oracle Data Center
1
2
3
Oracle Data Center
Public
Services
Public
services
IPSec
Tunnel
• Both 1Gbps and 10Gbps options are available.
• LOA/CFA (Letter of Authority / Customer facility
Assignment) will be provided by Oracle.
• Customers will work with their datacenter
provider to order the cross connects. Customers
can request for armored cables from the
datacenter provider to enhance the physical
security within the facility.
• Upon completion of the cross connect with the
Oracle Routers, customers will establish logical
connectivity and setup BGP with Oracle. Two
independent BGP sessions will need to be
established for the public and private address
space respectively.
Fast Connect – Standard Edition

Public Internet
Metro/ City
Public Cloud.
Customer
DMZ
(Public access)
Customer Premise (or Remote Datacenters)
Customer
Private cloud
Internet Routers
Network Service Provider orders
crossconnects through the Datacenter
provider for connection to Oracle routers
Customer establishes BGP Peering with
Oracle after physical connectivity to Oracle
routers is setup through the Network
Service Provider
Network service
provider
Customer orders Metro Ethernet or
Ethernet-WAN circuits through a Network
service provider from their premises to the
Oracle facility where Fast Connect is
required.
Provisioned by Network Service Provider
Dedicated
ComputeDedicated
Compute
Oracle Data Center
1
2
3
4
Oracle Data Center
Public
Services
Public
services
IPSec
Tunnel
• Oracle Fast Connect Standard Edition (Remote) will
allow customers to establish private connectivity from
their datacenter, collocation environment, IT hubs or
offices using dedicated private links provided by
network service providers.
• Customers will need to select and work with a network
service provider and confirm their ability to provision
private line service from the customer location to the
Oracle Datacenter. Additionally customers will need to
confirm that their network equipment will meet the
needs for Fast Connect Standard Edition.
• Provides Layer3 connectivity for services that are
accessible over the public internet as well as allow
customers to access and manage their Dedicated
Compute services as an extension of their private
network. All configurations are managed between
Oracle and the Customer.
Fast Connect – Standard Edition (Remote)

• Both 1Gbps and 10Gbps options are available.
• Customers will work with their selected network service
provider to setup a private line from their facility to the
Oracle Datacenter. The service provider will typically
work with the datacenter provider to extend this private
line to the Oracle assigned facility.
• Customers can request for armored cables within the
datacenter to enhance the physical security within the
facility.
• Upon completion of private line turn-up by the network
service provider, customers will establish logical
connectivity and setup BGP with Oracle. Two
independent BGP sessions will need to be established for
the public and private address space respectively.
• Customers are responsible for all configurations on their
end as well as traffic management over FastConnect
Standard Edition for the network addresses pertaining to
their Oracle Cloud Services.
Public Internet
Metro/ City
Public Cloud.
Customer
DMZ
(Public access)
Customer Premise (or Remote Datacenters)
Customer
Private cloud
Internet Routers
Network Service Provider orders
crossconnects through the Datacenter
provider for connection to Oracle routers
Customer establishes BGP Peering with
Oracle after physical connectivity to Oracle
routers is setup through the Network
Service Provider
Network service
provider
Customer orders Metro Ethernet or
Ethernet-WAN circuits through a Network
service provider from their premises to the
Oracle facility where Fast Connect is
required.
Provisioned by Network Service Provider
Dedicated
ComputeDedicated
Compute
Oracle Data Center
1
2
3
4
Oracle Data Center
Public
Services
Public
services
IPSec
Tunnel
Fast Connect – Standard Edition (Remote)

FastConnect – Standard Edition: Prerequisites
As a customer of FastConnect-Standard Edition, you need to meet the following pre-requisites:
– You need a valid Oracle Order for FastConnect – Partner Edition with the appropriate port
speed defined (currently 1 Gbps or 10 Gbps)
– You will require network equipment capable of supporting Layer3 routing
– You are responsible to provision the physical connectivity to the Oracle routers through a
network service provider or carrier of your choice.
– The network service provider must be capable of connecting to the Oracle routers over single
mode fiber.
– You can only advertise public IPv4 prefixes over this connection and the prefixes must be
registered to you in an IRR/RIR (Internet Routing Registry/Regional Internet Registry).
Oracle Confidential – Internal/Restricted/Highly Restricted 51

FastConnect – Standard Edition: Prerequisites
• As a customer of FastConnect-Standard Edition, you need to meet the following pre-
requisites:
– You will require a public ASN that is registered to you for establishing the peering
session. If you do not have a registered public ASN, you can use private ASNs or
Oracle will provide fixed ASN to be used for the configuration.
– You will need to provide two /30 or /31 public IP subnets for the routing
interfaces. These IP subnets should be owned by you and registered in an IRR/RIR.
If you do not have registered IP subnets for this purpose, Oracle will provision two
/31 IP subnets for the connection.

• Customers that are not already connected to Equinix
Cloud Exchange will need to establish that connectivity
by ordering a port and cross connect from Equinix
• Customers meeting the above requirements will order
Oracle FastConnect Partner Edition from Oracle. Both
1Gbps and 10Gbps options are available
• Customers will then need to enable their Oracle
FastConnect service through the Equinix Cloud Exchange
portal (or work with Equinix to automate the process
using their APIs)
• The enablement process with Equinix will set up BGP
peering between the customer’s network and Equinix,
allowing routes to be exchanged between Oracle and the
customers.
• Customers will need to manage their routing policy to
prefer the Equinix Cloud Exchange for traffic to the
network addresses pertaining to their Oracle service
53
Fast Connect – Partner Edition : Equinix Cloud Exchange
(Local)
Equinix
Cloud Exchange
(ECX)
Public Internet
Customer
DMZ
(Public access)
Metro
Customer Cage at Equinix in the Metro
Customer orders ECX Port (with Cross
connect) from Equinix to connect to
ECX
Provisioned by Equinix
EQUNIX facility
Public Cloud.
Customer configures BGP on their
routers with the information obtained
from ECX portal and policies for
Oracle Fast Connect
Completed by Customer
Internet Routers
Partner Edition from Oracle to connect
via ECX
Public services
1
2
4
Oracle Data Center
Public
Services
Public
services
Customer requests Layer3 connectivity
to Oracle Fast Connect on ECX portal
3
IPSec
Tunnel
Dedicated
Compute
Dedicated
Compute
Oracle Data Center

• Customers will need to establish connectivity to Equinix
Cloud Exchange by ordering the ECX Port (and cross
connect) from Equinix and order an Ethernet Private Line
from their network edge to Equinix Cloud Exchange.
• Customers meeting the above requirements will order
Oracle FastConnect Partner Edition from Oracle. Both
1Gbps and 10Gbps options are available.
• Customers will then need to enable their Oracle
FastConnect service through the Equinix Cloud Exchange
portal (or work with Equinix to automate the process
using their APIs).
• The enablement process with Equinix will set up BGP
peering between the customer’s network and Equinix,
allowing routes to be exchanged between Oracle and the
customers.
• Customers will need to manage their routing policy to
prefer the Equinix Cloud Exchange for traffic to the
network addresses pertaining to their Oracle service
Fast Connect – Partner Edition : Equinix Cloud Exchange
(Remote)
Equinix
Cloud Exchange
(ECX)
Public Internet
Customer
DMZ
(Public access)
Metro/ City
Customer Datacenter not collocated within Equinix
Customer orders Metro Ethernet or Ethernet-
WAN circuits from a Network service provider
to connect to ECX.
Also valid if a customer is located in a different
metro or city than Equinix/Oracle
Provisioned by Network Service Provider in
collaboration with EquinixEQUNIX facility
Network provider
Public Cloud.
Customer configures BGP on their routers
with the information obtained from ECX
portal and policies for Oracle Fast Connect
Completed by Customer
Internet Routers
Customer orders ECX port from Equinix
Partner Edition from Oracle to connect via
ECX
Public services
1
2
3
5
Oracle Data Center
Public
Services
Public
services
Customer requests Layer3 connectivity
to Oracle Fast Connect on ECX portal
4
IPSec
Tunnel
Dedicated
Compute
Dedicated
Compute
Oracle Data Center

FastConnect Partner Edition - Equinix Cloud Exchange:
Prerequisites
• As a customer of FastConnect-Partner Edition via Equinix Cloud Exchange, you need to meet
the following pre-requisites:
– You will require network equipment capable of supporting Layer3 routing using BGP
collocated at the Equinix IBX in the city where you desire service.
– You will need to establish connectivity with ECX –L3 at the city where you desire service.
– You need a valid Oracle Order for FastConnect – Partner Edition with the appropriate port
speed defined (currently 1 Gbps or 10 Gbps)
– You will require a valid Public IP address and a valid Autonomous System Number (ASN) to
establish configuration with Equinix Cloud Exchange. Please work with your ISP or one of the
registries to obtain public IP address and an ASN.
Note: Please work with your Oracle Sales Team to determine the location where your OPC
services are provisioned

Fast Connect – Partner Edition : BT Cloud Connect
• Can be leveraged by customers that use BT Cloud Connect MPLS IP VPNs to create a private enterprise
network. BT Cloud Connect will extend the Private VPN through Oracle FastConnect to enable dedicated
access into Oracle Public Cloud from the customers’ enterprise network
• Build on your existing network architecture taking advantage of pre provisioned infrastructure to deliver
the service and realize the benefits faster.
Oracle Confidential – Internal/Restricted/Highly Restricted 56Oracle Confidential – Restricted

• Customers will order Oracle Network Cloud Service -
FastConnect Partner Edition - BT Cloud Connect at the
location where your Oracle Cloud IaaS and PaaS services are
provisioned.
• Customers will Specify the location where you desire
connectivity through Oracle Network Cloud Service -
FastConnect Partner Edition - BT Cloud Connect. This is the
location where your Oracle Cloud IaaS and PaaS services, that
you would like to access through the service, are provisioned.
• Customers will contact their BT Global Services account
manager to order BT Cloud Connect for Oracle FastConnect.
• BT contacts Oracle to validate the details that you have
provided and to ensure that your service is provisioned
correctly. BT configures its routers to route your traffic
through BT Cloud Connect for Oracle FastConnect, and then
provides configuration information to Oracle. Oracle
configures the Oracle edge routers based on the information
received from BT.
Fast Connect – Partner Edition : BT Cloud Connect

FastConnect – Partner Edition via BT Cloud Connect:
Prerequisites
• As a customer of FastConnect-Partner Edition via BT Cloud Connect, you need to meet the
following pre-requisites:
– You must be an existing customer of BT IP Connect Global – MPLS IP VPN and have an active
MPLS VPN in service. If you are not an existing customer of BT IP Connect Global - MPLS IP
VPN, contact your BT Global Services account team to order the service.
– You will need network equipment as required by the BT IP Connect Global service
requirements.
– You are responsible to provision any infrastructure or equipment as required by BT for
connectivity through BT Cloud Connect for Oracle FastConnect.
Note: Please work with your Oracle Sales Team to determine the location where your OPC
services are provisioned

• Leverage your existing Verizon Private IP
network
• Pre provisioned infrastructure hence deliver
the service and realize the benefits faster.
• Add as many sites as you want at no
additional cost
• Initially available in North America only
• EMEA – Q2 FY17
Fast Connect – Partner Edition : Verizon SCI (Secure Cloud Interconnect)

The Ultimate in Cloud Flexibility
On-Premises. Cloud at Customer. Public Cloud.
Any Way You Like It.

Oracle Cloud Networking And Security Exposed

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (15)

Similar to Oracle Cloud Networking And Security Exposed

Similar to Oracle Cloud Networking And Security Exposed (20)

More from Riccardo Romani

More from Riccardo Romani (10)

Recently uploaded

Recently uploaded (20)

Oracle Cloud Networking And Security Exposed