What You Need to Know about Oracle Cloud Connectivity

Copyright © 2018, eProseed and/or its affiliates. All rights reserved. | Confidential
WHAT YOU NEED TO KNOW ABOUT
ORACLE CLOUD CONNECTIVITY
Simon Haslam

Copyright © 2018, eProseed and/or its affiliates. All rights reserved. | Confidential3
Connectivity =
“how servers connect to one another over a network”
• Server Instance  Server Instance
• Server Instance  Internet hosts/services
• Server Instance  Servers/services running on-prem
MY DEFINITION OF “CONNECTIVITY” FOR THIS SESSION
(e.g. I’m not talking about new RDMA features in OCI etc!)

4
• Overview
• OCI Classic Networking
• OCI Networking
• VPN
• FastConnect
• Summary

OCI CLASSIC & OCI
• First incarnation of IaaS, sometimes called
“Oracle Public Cloud”, is now called
Oracle Cloud Infrastructure Classic
– The IaaS related terms now also have Classic suffix, e.g.
Compute Classic, Storage Classic, Networking Classic
• New or “next gen” IaaS is now called
Oracle Cloud Infrastructure
(without the suffix) or OCI
5

OCI OR OCI CLASSIC?
• State of transition (18Q4) – some (most, all?) PaaS services are
now provisioning via PSM on OCI but Classic is still available.
• Very little ‘new’ PaaS yet on OCI (database & load balancers)
6
Both use
IDCS
PSM
OCI Classic
aka OPC
Mature, around for 3-4 years
Simpler, lower tech
Blogs, discussions & docs mostly
about this
Legacy but not EOL
OCI
aka Next Gen IaaS
New, around for ~2 years
More sophisticated, esp. DR, better
meets enterprise needs
New services & autonomous
are OCI
Info harder to find, e.g. PaaS+OCI
Strategic
C L A S S I C Shiny!

REGIONS
Both Classic and OCI have concept of “Region”
• For Classic a region = 1 data centre
• For OCI a region = 3 Availability Domains*
– 3 geographically-close data centres
– Very well connected (“25 Gbps, 0.1 ms latency”)
9
https://cloud.oracle.com/data-regions
* In most cases

10
• Overview
• OCI Networking
• VPN
• FastConnect
• Summary

SHARED VS IP NETWORKS
• Shared Network
– First kind of network available in Oracle Cloud
– Dynamic IPs
– Internal networks but address space shared with other customers
– GRE tunnels needed for VPN connections to provide static addresses
– Simple (you don’t need to make any decisions)
– There are no situations now where you should use Shared Network for new
implementations AFAIK
• IP Network
– You choose your own internal subnets (independent of any other cloud tenancies)
– Static IP Reservations*
– Uses ACLs & vNICs to set firewall policy
11
CLASSIC

SHARED NETWORK
• Security Applications define ports of interest
• Security IP Lists define subnets
• Security Rules define firewall policy
– map security applications to Lists/IP Lists
• IP Reservations are for static IPs
12
CLASSIC
“Not entirely intuitive”

IP NETWORK
• IP Network base construct (~a VLAN)
• IP Exchange: acts as a virtual router
– Routing only, no policy – that is still done on ACLs & vNICs
– Without an IP Exchange all IP Networks are isolated from each other
• Internal hosts can be NAT’d to public addresses
• IP Reservations are for static IPs
13
CLASSIC

DEMO

EXAMPLE OF IP NETWORKS IN USE
CLASSIC
SOA, DB,
utility VMs
Classic Region
SOA, DB,
utility VMs
SOA, DB,
utility VMs
SaaS
Dev net Test net Production net
SOA, DB,
utility VMs
Acceptance net
Oracle firewalls, IPS etc
Internet
SaaS

16
• Overview
• OCI Networking
• VPN
• FastConnect
• Summary

COMPARTMENT
• High-level subdivision of tenancy from admin perspective
– Lines of Business, Prod vs Dev, Prod vs Prod-PCI, etc
• Not networking directly but important as they “contain” Virtual Cloud Networks (VCN)
• A VCN cannot belong to more than one Compartment
17
OCI

VIRTUAL CLOUD NETWORK (VCN)
• Your logical network
• Contained in a Region, but spans Availability Domains
18
OCI

SUBNET
• Part of a VCN
– Subnets are subnets of the VCN
• Cannot span an Availability Domain
– No equivalent of “stretched” VLAN
19
OCI

GATEWAYS
Internet Gateway
• Used by a Public Subnet to allows data in/out to internet
Dynamic Routing Gateway (DRG)
• Used by Public or Private Subnet to connect to:
– Another Subnet in another VCN
– On-prem network (via VPNaaS or FastConnect)
– Another cloud network
20
OCI

BIG PICTURE EXAMPLE
21
DRG
Dynamic
Routing
Gateway
On-prem
Another
VCN
Another
cloud
admin
OCI

DEMO

23
• Overview
• OCI Networking
• VPN
• FastConnect
• Summary

3 WAYS TO CONNECT TO ORACLE CLOUD FOR CLASSIC
(0) Directly over Internet
1. Corente
– Manually create CSGs & AppNet Portal
2. VPNaaS
- Highly abstracted service
3. FastConnect
24
“manually provisioned” Corente not
available / needed for new accounts

VPNAAS
• “Black box” IPsec end-point
• Used to connect:
– OIC (C) to on-prem customer equipment
– OIC (C) to OIC (C)
– OIC to 3rd party cloud
• Fully abstracted configuration
– through console or REST API
25

EXAMPLE OF VPNAAS IN USE
CLASSIC
VPNaaS
SOA, DB,
utility VMs
VPN device pair
VPNaaS VPNaaS
Customer Data Centre(s)
Classic Region
Customer global MPLS network
SOA, DB,
utility VMs
SOA, DB,
utility VMs
SaaS
Dev net Test net Production net
On-prem
systems
VPNaaS
SOA, DB,
utility VMs
Acceptance net
Oracle firewalls, IPS etc
On-prem
systems
(internet is transport here too)
Internet
SaaS

TIP 18:
NO OVERLAPPING NETWORKS ON VPNAAS
Example:
i.e. not how you’d expect with normal routing
VCN/IP network planning – liaise with all your network teams to choose global network
27
On-premises
10.5.0.0/16
IP Network
10.5.1.0/8
IP Network
10.6.1.0/8
VPNaaS tunnel VPNaaS tunnel
✓

28
• Overview
• OCI Networking
• VPN
• FastConnect
• Summary

FAST CONNECT
• Equinix re-badged product – connects your on-prem networks
to their “Cloud Exchange” (CX) network
• You set up a POP (note: new virtual option) in your nearest
Equinix data centre & connect your on-prem there
• You can buy access (by bandwidth) to multiple clouds
• Not going over internet  SLAs, prioritisation, etc
• Typically buy through your WAN provider or Equinix Partner
• Comparable to:
– AWS Direct Connect
– Azure ExpressRoute
29
“manually provisioned” Corente not
available / needed for new accounts

30
• Overview
• OCI Networking
• VPN
• FastConnect
• Summary

SUMMARY
• Classic vs OCI – know which you need
• Classic:
– Use IP Networks
• Connectivity to on-prem:
– VPNaaS fairly easy
– FastConnect for SLAs (predictable performance)
• Make friends with your networks team ☺
31

ABOUT ME
Simon Haslam
• Platform / Infrastructure
Architect
• Focus includes HA, DR,
security, automation
Relevant to this session
• Building SOA & DB CS since
May 2016, inc Corente.
Manual CSG gateway setup
• 3rd year presenting “how to
connect on-prem to cloud”
• Designed & built SOA CS
integration platform for global
use since Oct 2017, inc
VPNaaS
@simon_haslam

ABOUT EPROSEED
• Partner focussed only on Oracle technology
• Globally distributed with centralised delivery
management, and local resources
• 19 Oracle Excellence Awards in 8 years
25 Oracle Specializations… and counting.

3 Membership Tiers
• Oracle ACE Director
• Oracle ACE
• Oracle ACE Associate
bit.ly/OracleACEProgram
500+ Technical Experts
Helping Peers Globally
Connect:
Nominate yourself or someone you know: acenomination.oracle.com
@oracleace
Facebook.com/oracleaces
oracle-ace_ww@oracle.com

IF YOU LIKED THIS YOU MAY ALSO LIKE…
Monday
Wednesday
Wednesday

What You Need to Know about Oracle Cloud Connectivity

What You Need to Know about Oracle Cloud Connectivity

Recommandé

Recommandé

Contenu connexe

Tendances

Tendances (20)

Similaire à What You Need to Know about Oracle Cloud Connectivity

Similaire à What You Need to Know about Oracle Cloud Connectivity (20)

Plus de Simon Haslam

Plus de Simon Haslam (20)

Dernier

Dernier (20)

What You Need to Know about Oracle Cloud Connectivity