Co-Author: Raul Gamez – I am a Cloud architect member of EMEA OCI Centre of Excellence at Oracle. I’m passionate about technology and how to use it, to make magic happens and create solutions that help our customers in their trip to the Cloud
OCI introduction
Oracle Cloud Infrastructure (in advance OCI) is the first specifically built for enterprise, second generation cloud.
OCI infrastructure platform delivers unmatched reliability, scalability and
performance for mission-critical databases, applications and workloads of any type.
In OCI you will find the most usual cloud services (included cloud native), and also the world’s first self-managing, self-repairing and self-securing
autonomous database and the first Linux Autonomous System.
OCI LPG
Interconnecting OCI Virtual Cloud Networks (VCNs) in the same region can be achieved using the Local Peering Gateways and establishing Local Peering Connections. You can find all the details in the official documentation.
“At a high level, the Networking service components required for a local peering include:
- Two VCNs with non-overlapping CIDRs, in the same region
- A local peering gateway (LPG) on each VCN in the peering relationship.
- A connection between those two LPGs.
- Supporting route rules to enable traffic to flow over the connection, and only to and from select subnets in the respective VCNs (if desired).
- Supporting security rules to control the types of traffic allowed to and from the instances in the subnets that need to communicate with the other VCN.”
This is a great solution when you need to interconnect a few VCNs with non-overlapping CIDR ranges.
Currently OCI has defined a soft limit of 10 LPGs per VCN — this limits to 10 the number of VCN you can connect to (official documentation). While we can assume that this default limit will be growing in the future, or that you will be able to request an increase, getting an extra flexibility to jump over this limit can be very useful.
This is where Aviatrix can help OCI customers
Aviatrix is a cloud networking solution, working closely with OCI and other CSPs to provide the unified, enterprise grade connectivity platform with multi-cloud optionality.
There is no real limit when it comes to the number of VCNs that can be interconnected leveraging Aviatrix solution.
Take a look at the diagram below — in this example Aviatrix builds a hub-and-spoke topology which interconnects 16 VCNs within a single region, without worrying about the standard 10 LPG limitation.
The main components of Aviatrix platform are:
- Aviatrix Controller — the brain of the system, management- and control-plane
- Aviatrix CoPilot — responsible for visibility and visualization of the network topology and traffic flows, troubleshooting, and more
- Aviatrix Gateways — nodes in the data-plane
Aviatrix Gateways in this scenario have a similar role to LPGs — they are leveraged to create peerings between VCNs.
Some additional benefits of leveraging Aviatrix Gateways:
- each of them can build IPSec tunnels to other devices (which helps overcome another limit, of 5 DRGs per region)
- you can group VCNs into Security Domains for easier management of which VCNs can talk to which resources
- you can build multiple hubs in a single region — and interconnect them or not, depending on your needs
- you can create similar architecture in a different region and peer these regional hubs, creating full inter-region connectivity
- also VCNs with overlapping IPs can be interconnected (Aviatrix Gateways have advanced NAT capabilities.
Getting started with Aviatrix
Aviatrix is a powerful and advanced platform providing networking and security services in the public clouds, with multi-cloud optionality. While being comprehensive, it is also perfectly modular — you can start really small with just one or two services, and if you need to add more services, or expand into other clouds, you can do it at any time. The platform is flexible and can easily follow your current needs. Start anywhere, grow anywhere.
In this scenario we were talking about multi-region connectivity for OCI. Once this base platform is built out, the customer can add more services:
- Next Generation Firewall inspection (Palo Alto, Fortinet, Checkpoint)
- Stateful L4 Firewall
- Network segmentation
- User VPN
- FQND Egress Filtering
- Multi-Cloud connectivity and network segmentation
- Encryption over FastConnect
- Advanced NAT for interconnecting networks with overlapping IPs
and many more.
Are you ready to deploy Aviatrix in your OCI environment?
Start here: https://cloudmarketplace.oracle.com/marketplace/en_US/listing/65804594
Contact us: [email protected], [email protected] for additional information.