Lets understand how OCI VCN can be connected with other VCNs in same or different regions.
So when we have a VCN, we can either connect this VCN to another VCN, which is in the same region, or we can connect the VCN to another VCN which is in a different region.
So both options are supported in Oracle Cloud Infrastructure. When both the VCNs are in same region, we call that process local peering. And when the VCNs are in different regions, we call it remote peering.
Now there are two ways in which you can configure local peering. The first option is you can use local peering gateways. The second option is you can also use dynamic routing gateway.
Then in case of remote peering connection, you can configure it using dynamic routing gateway. So this is with respect to when you need to connect a VCN to another VCN if you would like to connect the VCN to your on-premises network. So this is basically the customer location or on-prem network.
Now if that is the case, here there are three options. The first option is you use public internet. The second option is you use something which is known as site-to-site VPN. So site-to-site VPN connection. And the third option that you have is FastConnect.
So in case of public internet, we typically use gateways like internet gateway or NAT gateway. And then we can configure connectivity over the internet. In case of site-to-site VPN, it’s basically an encrypted connection. So in terms of security, it is a secure connectivity over internet. IPsec VPN. But ultimately, the traffic traverses over internet.
So what it means is there is no throughput guarantee. And in case of FastConnect, this one is dedicated connectivity. And when I say dedicated connectivity, it implies that you will get low latency and high bandwidth.
So these are the options when it comes to VCN connectivity. You can connect your VCN to another VCN in the same region or in a different region. And then you can also connect your VCN to on-premises network.
So as I mentioned, there are two options. You can configure local peering. You can also configure remote peering. So if there are two VCNs in the same region. And we are connecting them via local peering gateway. So that is your local peering. And if there are two VCNs in two different regions. And we are using dynamic routing gateway in order to facilitate communication between these two Virtual Cloud networks.
Now I also mentioned that there are two ways in which you can configure local peering. The first is using local peering gateway and the second is using dynamic routing gateway attachments. Instead of creating two local peering gateways, you can just have one DRG. And if you connect both the VCNs to that particular DRG, you establish local peering.
Now one thing to note here is that after configuring peering, you also need to have appropriate route rules added in the route table.
Now when it comes to connecting on-premises to Oracle Cloud Infrastructure, there are three options. The first is public internet. Typically the communication happens via internet gateway and NAT gateway. And it is useful in scenarios where you need to conduct a POC. Because the traffic traverses over the internet, it is going to be unencrypted. However, you may apply some application level encryption.
The second option is site-to-site VPN, where there is secure connectivity over the internet. So there is a secure VPN tunnel. Since the communication traverses over internet, there is no guarantee of the throughput. It is managed by Oracle Cloud Infrastructure and it’s a free service.
Now the third option is FastConnect where you get a dedicated connectivity between your customer location or on-premise network and Oracle Cloud Infrastructure. So dedicated connection means it is going to have low latency. And it’s also going to be secure, as well as it’s going to provide high bandwidth up to 100 Gbps.
It’s also an OCI managed service, and there is no egress data transfer charges. So it has a competitive pricing. The only thing that you have to pay is the port charges on an hourly basis. So this FastConnect, it is suitable for business critical applications and also latency sensitive applications because it caters to both compliance and security requirement.
So these are some of the considerations for Cloud connectivity options. You see that for FastConnect, as I mentioned, it has higher throughput. It provides low latency as it is a dedicated connection, which means it provides consistent performance.
In case of site-to-site VPN, it is recommended for proof of concept. The connection is going to be encrypted, but ultimately the traffic will traverse through the internet. And in case of public internet, it is suitable for SaaS applications because the communication is going to happen using internet gateway or NAT gateway. At the same time, it is going to traverse over internet.
Recent Comments