Designlet: Connectivity with Private FastConnect Peering on Oracle Cloud VMware Solution

Introduction

This document provides you with recommendations and guidelines on how to connect your Oracle Cloud VMware Solution SDDC to a corporate network using private FastConnect Peering.

There are several prerequisites and considerations that you must be aware of before you can start configuring the network.

Refer to the table below for a summary of the use case, considerations, and other details to see if it meets your requirements.

Summary and Considerations

Use Case

For private network connectivity with high bandwidth and low latency to the Oracle Cloud.

Pre-requisites

  • Hardware must support Jumbo Frames and BGP
  • Have physical connection to Oracle, Oracle partner, or third-party provider
  • Have one user with appropriate Oracle Cloud Infrastructure Identity and Access Management (IAM) permissions
  • Completed tenancy and compartment setup and design
  • Completed configuration of the Oracle Cloud Virtual Cloud Networking, Security Policies, and IAM polies
  • Consider HA requirements

Performance Considerations

  • HA physical connections are advised
  • Supports port speeds of 1 Gbps, 10 Gbps, or 100 Gbps

Network Considerations/Recommendations

  • For Colocation Connectivity, have cross-connect limits increased from the default of 0
  • Sharing of a FastConnect with Multiple DRGs and VCNs is only supported using third-party providers or collocated with Oracle

Cost Implications

  • FastConnect charges are based on per hour usage and bandwidth allocated. There is no additional charge for the amount of data transferred
  • Network and Datacenter (colo) providers will have their own fees that will need to be considered in order to use their service

Document Reference

Oracle FastConnect Documentation

Last Updated

July 2021

 

Planning

  • If connecting through an Oracle Partner to Oracle, use redundant physical connections between Customer edge and partner.
  • If connecting through an Oracle Partner to Oracle, setup dual virtual circuits to each physical port. One port will act as primary and the second as a secondary.
  • If connecting to Oracle through a partner, the partner will have redundant physical connectivity to Oracle, and you should plan for redundant connectivity to the partner.
  • If connecting directly to Oracle using a third-party provider or collocate with Oracle, use redundant physical connections between Customer edge and Oracle
  • Use Site to Site VPN as Backup for FastConnect.
  • Both IPv4 and IPv6 addressing is supported.
  • BGP sessions between the customer edge and Oracle should use a /30 or /31 per virtual circuit.
  • Oracle Commercial ASN is 31898. See oracle documentation for US Government Cloud and United Kingdom Government Cloud. BGP ASN 65534 is not available for you to use with FastConnect and VPN. All other private ASNs in the 64512 - 65533 can be used.
  • Oracle uses default BGP timers of 60s for BGP keep-alive and 180s for hold-time. Faster convergence, between 6-60s for keep-alive and 18-180s for hold-time, is supported if required.
  • Site-to-Site VPN which can act as a backup to FastConnect can use static routing or BGP, but FastConnect always uses BGP for route advertisement.
  • Dynamic Routing Gateways (DRGs) will advertise all routes contained in their routing table to the virtual circuit.

Implementation

Private FastConnect Virtual Circuits are created on the customer’s Oracle console under the tenancy and compartment where the OCVS instance is provisioned. The Virtual Circuit is not shared between compartments. As stated earlier, high available should be a priority and if you do not have it in place a warning will be displayed as you can see below.

Graphical user interface, application</p>
<p>Description automatically generated

Under the BGP Information tab the relevant BGP information pertaining to the Virtual Circuit can be found.

Graphical user interface, application, Teams</p>
<p>Description automatically generated

To utilize the virtual circuit, it needs to be associated to a Dynamic Routing Gateway (DRG) which is attached to the Virtual Cloud Network (VCN) that the OCVS instance is deployed in. From the OCVS portal run the Configure Connectivity to Your On-Premises Network wizard which will complete the missing task required to allow Virtual Machines deployed on a VMware workload portgroup to communicate with on-premises.

Authors and Contributors

  • Jason McKenzie, Senior Cloud Solutions Architect, Workload Mobility, VMware

 

 

 

Filter Tags

General Networking Oracle Cloud VMware Solution Document Technical Guide Intermediate Design