Oracle Cloud is a next-generation cloud infrastructure designed for the future. It’s essentially a large platform with numerous cloud services with multiple clouds that allows end-users to construct applications as needed and stay connected with them to communicate.
This blog provides the discourse of the Connection of OCI to AWS through different connection options, VPN (IPSec / Site 2 Site), FastConnect and Directconnect
What is VPN ?
Virtual Private Network (VPN ) connects your corporate network to Oracle Cloud Infrastructure through your internet connection in a simple and secure way. For improved security and privacy, the data is encrypted using industry-standard encryption algorithms known as IPSec and tunnelled via the public internet.
IPSec or Site 2 Site VPN on OCI
Site-to-Site VPN establishes an IPSec link between your on-premises network and your virtual cloud network (VCN). The IPSec protocol suite encrypts IP communication before it is transmitted from source to destination and decrypts it once it arrives.
AWS IPSec or Site 2 Site VPN
Site-to-Site VPN in AWS is a fully managed solution that uses IP Security (IPSec) tunnels to establish a secure connection between your data center or branch office and your AWS resources.
FastConnect on OCI
FastConnect enables you to quickly establish a dedicated, private link between your data center and Oracle Cloud Infrastructure. When compared to internet-based connections, FastConnect offers higher-bandwidth alternatives as well as a more dependable and consistent networking experience.
AWS DirectConnect
AWS Direct Connect is a networking service that gives an option to connect to AWS over the internet. Data that would have previously been transferred over the internet is now delivered via a private network link between your facilities and AWS via AWS Direct Connect.
Site 2 Site/ IPSec Connection In OCI
An IPSec connection can be configured in the following ways:
Transport mode: IPSec encrypts and authenticates only the packet’s payload, leaving the header information unaltered.
Tunnel mode: IPSec encrypts and authenticates the entire packet in tunnel mode (supported by Oracle). Following encryption, the packet is encapsulated to generate a new IP packet with distinct header information.
Oracle Cloud Infrastructure (OCI) allows only the tunnel mode for IPSec VPNs.
(Source : Oracle)
You must establish numerous Networking components when configuring Site-to-Site VPN for your VCN. The components can be created using either the Console or the API.
Steps:
1.Create your VCN.
2.Create a DRG.
3.Attach the DRG to your VCN.
4.Create a route table and rule for the DRG.
5.Create a security list and required rules.
6.Create a subnet in the VCN.
7.Create a CPE object and enter the public IP address of your CPE device.
8.Configure an IPSec connection to the CPE object and enter the necessary routing information.
FastConnect Connection In OCI
A single FastConnect can be used to connect to several VCNs. Depending on your requirements and the FastConnect connectivity model you choose, various network possibilities are available.
The diagrams below show the two ways to connect to Oracle using FastConnect. The connection in both circumstances is made between the edge of your existing network and Oracle.
Connection with Colocation (Source : Oracle)
Connection with an Oracle Partner or third-party provider (Source : Oracle)
AWS IPSec / Site 2 Site Connection
When using Site-to-Site VPN, you can connect to both your Amazon VPCs and the AWS Transit Gateway, and two tunnels are used per connection for enhanced redundancy.
AWS Direct connect
AWS Direct Connect public virtual interfaces allow access to IPv6 addresses provided by public AWS services. Both the IPv4 and IPv6 communication protocols are supported by AWS Direct Connect.
The following are the essential components :
Connections
To build a network connection from your premises to an AWS Region, connection should be created at an AWS Direct connect Location..
Virtual interfaces
To allow access to AWS services, create a virtual interface. A public virtual interface provides access to publicly available services such as Amazon S3. Access to your VPC is provided by a private virtual interface.
Related/References
- Transit Routing: Access To Multiple VCNs From On-Premise
- [New Feature] IPSec VPN Now Supports BGP: Oracle Cloud (OCI)
- Oracle Cloud Infrastructure 2022 Architect Associate Certification | 1Z0-1072-22
- [Video 2 of 5] 3 Ways to Connect to Oracle Cloud
- Oracle Cloud Infra Architect Certification 1Z0-1072: Step by Step Hands-On Guides To Clear Exam
Next Task For You
Let’s know more about the VCNs and the connections with multi cloud options, About VPN, FastConnect and other OCI (Oracle cloud infrastructure) resources and services in cloud training program.
Begin your journey towards becoming a Certified Oracle Cloud Infrastructure Architect and earn a lot more in 2022 by joining our FREE CLASS. You will also know more about the Roles and Responsibilities, Job opportunities for OCI Architects in the market, and what to study Including Hands-On labs you must perform to clear the Oracle Cloud Architect Associate Certification (OCI) certification exam by registering for our FREE Masterclass.
The post Connect Oracle Cloud (OCI) with AWS using IPsec (Site 2 Site) VPN appeared first on Cloud Training Program.