Scribd Logo
Importer

Bienvenue sur Scribd !

  • Connectivity 100

    Transféré par

    Dharmesh B
    34 vues32 pages
    Connectivity 100

    Copyright

    © © All Rights Reserved

    Formats disponibles

    PDF, TXT ou lisez en ligne sur Scribd

    Avez-vous trouvé ce document utile ?

    Ce contenu est-il inapproprié ?

    Signaler ce document
    Connectivity 100

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    34 vues32 pages

    Connectivity 100

    Transféré par

    Dharmesh B
    Connectivity 100

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    sur 32

    Connectivity to on-premises Rohit Rahi

    Networks November 2018


    Level 100

    Copyright © 2018, Oracle and/or its Copyright


    affiliates.© All rights
    2018, reserved.
    Oracle 1 reserved.
    and/or its affiliates. All rights
    Safe Harbor Statement
    The following is intended to outline our general product direction. It is intended for
    information purposes only, and may not be incorporated into any contract. It is not a
    commitment to deliver any material, code, or functionality, and should not be relied upon
    in making purchasing decisions. The development, release, and timing of any features or
    functionality described for Oracle’s products remains at the sole discretion of Oracle.

    Copyright © 2018, Oracle and/or its affiliates. All rights reserved. 2


    Objectives

    After completing this lesson, you should be able to:


    • Describe IPsec VPN
    • Describe Oracle FastConnect

    Copyright © 2018, Oracle and/or its affiliates. All rights reserved. 3


    Connectivity options

    Public Internet VPN FastConnect

    • Internet Gateway/ NAT • IPsec authentication and • Private Connection


    Gateway encryption • Separate from the
    • Reserved and • Two main options internet
    Ephemeral IPs • OCI managed VPN • Consistent network
    • Internet Data out Pricing Service (free) experience
    (first 10TB free) • Software VPN • Port speeds of 1 Gbps
    (running on OCI and10 Gbps
    Compute) • SLA

    Copyright © 2018, Oracle and/or its affiliates. All rights reserved. 4


    VPN Basics
    VPN – using a public network to make end to end connection between two private networks in a
    secure fashion

    • Tunnel – a way to deliver packets through the


    internet to private RFC 1918 addresses
    • Authentication – provides a mechanism to
    Tunnel VPN Connection
    authenticate who you are
    • Encryption – packets need to be encrypted,
    so they cannot be sniffed over the public
    Private Private
    Network 1 Network 2 internet
    Internet • Static routing: configure a router to send
    traffic for particular destinations in
    preconfigured directions
    VPN VPN
    Router Router • Dynamic routing: use a routing protocol such
    as BGP to figure out what paths traffic should
    take

    Copyright © 2018, Oracle and/or its affiliates. All rights reserved. 5


    Dynamic Routing Gateway

    ORACLE CLOUD DATA CENTER REGION A virtual router that provides a path for
    private traffic between your VCN and
    AVAILABILITY DOMAIN-2 destinations other than the internet

    You can use it to establish a


    Destination Route
    connection with your on-premises network
    CIDR Target via IPsec VPN or FastConnect (private,
    10.0.0.0/16 DRG dedicated connectivity)
    SUBNET B,
    172.16.1.0/24
    After attaching a DRG, you must add a
    Private Subnet route for the DRG in the VCN's route table
    VCN, 172.16.0.0/16 to enable traffic flow

    DRG is a standalone object. You must


    attach it to a VCN. VCN and DRG have a
    CUSTOMER DATA CENTER, 1:1 relationship
    Customer Premises Equipment (CPE) 10.0.0.0/16

    Copyright © 2018, Oracle and/or its affiliates. All rights reserved. 6


    OCI VPN Overview
    • OCI VPN securely connects on-premises network to OCI VCN through an IPsec VPN connection
    • VPN can help ensure a business that its networks provide secure remote connectivity
    • Bandwidth is dependent on the customer’s access to the Internet and general Internal congestion
    (Typically less than 250 Mbps – but your mileage may vary)
    • VPN Service is offered for free
    • Customer Proof of Concepts usually start as a VPN and then morph into FastConnect designs
    • OCI provisions redundant VPN tunnels located on physically and logically isolated tunnel endpoints

    Copyright © 2018, Oracle and/or its affiliates. All rights reserved. 7


    IPsec VPN - Workflow
    Route Table
    10.0.0.0/16  DRG
    Static Route
    10.0.0.0/16
    OCI REGION

    On-Premises
    Network

    10.0.0.0/16
    Internet
    SUBNET, 172.16.1.0/24

    VCN, 172.16.0.0/16
    CPE,
    142.32.45.56

    Copyright © 2018, Oracle and/or its affiliates. All rights reserved. 8


    IPsec VPN workflow

    1. Create a Virtual Cloud Network (VCN)


    2. Create a Dynamic Routing Gateway (DRG)
    3. Attach DRG to your VCN
    4. Update VCN Router to route traffic to DRG
    5. Create a CPE Object and add on-premises router
    Public IP address
    6. From DRG, Create an IPsec Connection between
    CPE and DRG and provide a Static Route
    7. Configure on-premises CPE Router

    Copyright © 2018, Oracle and/or its affiliates. All rights reserved. 9


    FastConnect

    FastConnect provides a dedicated and private connection with higher bandwidth options, and a
    more reliable and consistent networking experience when compared to internet-based
    connections
    • Connect to OCI directly or via pre-integrated Network Partners
    • Port speeds of 1 Gbps and 10 Gbps increments
    • Extend remote datacenters into Oracle (“Private peering”) or connect to Public resources
    (“Public peering”)
    • No charges for inbound/outbound data transfer
    • Uses BGP protocol

    Copyright © 2018, Oracle and/or its affiliates. All rights reserved. 10


    Virtual Circuit

    • Virtual circuit - isolated network path that runs over one or more physical network connections
    to provide a single, logical connection between customer's edge router and their DRG
    • Each virtual circuit is made up of information shared between the customer, Oracle, and a
    provider
    • Possible to have multiple virtual circuits to isolate traffic from different parts of organization
    (e.g. one virtual circuit for 10.0.1.0/24; another for 172.16.0.0/16), or to provide redundancy
    • FastConnect uses BGP to exchange routing information

    Copyright © 2018, Oracle and/or its affiliates. All rights reserved. 11


    FastConnect Use Scenarios

    • Private Peering
    • Extension of the on premise network to the OCI VCN
    • Communication across connection with private IP addresses
    • Public Peering
    • To access public OCI services such as Object storage, OCI Console or APIs over
    dedicated FastConnect connection
    • Doesn’t use DRG

    Copyright © 2018, Oracle and/or its affiliates. All rights reserved. 12


    FastConnect Use Cases
    ORACLE CLOUD INFRASTRUCTURE (REGION)

    Availability Availability Availability


    Domain 1 Domain 2 Domain 3

    Customer or Oracle
    Partner Edge Edge

    Fast Connect Data center Location

    Public Peering
    Private Peering

    Copyright © 2018, Oracle and/or its affiliates. All rights reserved. 13


    FastConnect Connectivity Partners

    https://cloud.oracle.com/en_US/fastconnect/providers

    Copyright © 2018, Oracle and/or its affiliates. All rights reserved. 14


    FastConnect Locations

    https://cloud.oracle.com/en_US/fastconnect/providers

    Copyright © 2018, Oracle and/or its affiliates. All rights reserved. 15


    IPsec VPN and FastConnect

    IPsec VPN FastConnect


    Dev/test and small scale production Enterprise-class and mission critical
    Use case
    workloads workloads, Oracle Apps, Backup, DR
    Supported Services All OCI Services within VCN All OCI Services within VCN
    Higher bandwidth; increments of 1 Gbps,
    Typical bandwidth Typically < 250 Mbps aggregate
    and 10 Gbps ports
    Protocols IPsec BGP
    Routing Static Routing Dynamic Routing
    Connection Resiliency active-active active-active
    Encryption Yes, by default No * (can be achieved using virtual firewall)
    • Billable port hours
    Pricing Free for the managed service
    • No data transfer charge between ADs
    SLA No SLA 99.9% Availability SLA

    Copyright © 2018, Oracle and/or its affiliates. All rights reserved. 16


    Connectivity Demo

    Copyright © 2018, Oracle and/or its affiliates. All rights reserved. 17


    1. Create connection

    Copyright © 2018, Oracle and/or its affiliates. All rights reserved. 18


    1. Setup a virtual circuit

    Select the type of circuit

    Select the DRG

    Private Peering: Provide


    customer and oracle BGP IP
    address and ASN
    Public Peering: Customer
    Public BGP ASN and public
    Prefixes

    Copyright © 2018, Oracle and/or its affiliates. All rights reserved. 19


    1. Setup a virtual circuit

    OCID of the Virtual


    Circuit

    Pending Provider

    Copyright © 2018, Oracle and/or its affiliates. All rights reserved. 20


    2. Setup Megaport Connection

    Create a
    Virtual Circuit

    Copyright © 2018, Oracle and/or its affiliates. All rights reserved. 21


    Copyright © 2018, Oracle and/or its affiliates. All rights reserved. 22
    Choose POP Location Provide OCI virtual
    circuit OCID

    Copyright © 2018, Oracle and/or its affiliates. All rights reserved. 23


    Copyright © 2018, Oracle and/or its affiliates. All rights reserved. 24
    Copyright © 2018, Oracle and/or its affiliates. All rights reserved. 25
    Copyright © 2018, Oracle and/or its affiliates. All rights reserved. 26
    Copyright © 2018, Oracle and/or its affiliates. All rights reserved. 27
    Copyright © 2018, Oracle and/or its affiliates. All rights reserved. 28
    Copyright © 2018, Oracle and/or its affiliates. All rights reserved. 29
    VPN and FastConnect Pricing
    • No hourly or monthly VPN connection charge for IPsec VPN, but data transfer rates (below) apply

    Metric Pay as You Go Monthly Flex


    Outbound Data Transfer - First 10 TB / Month GB/month Free Free
    Outbound Data Transfer - Over 10 TB / Month GB/Month $0.0085 $0.0085
    Inbound Data Transfer GB/Month Free Free

    • Fast Connect pricing


    Metric Pay as You Go Monthly Flex

    FastConnect 1 Gbps – Metered Port-hours $.2125 $.2125


    FastConnect 10 Gbps - Metered Port-hours $1.2750 $1.2750

    Port-hours are billed once the connection between the FastConnect Service router and your router is established, or 30 days after you
    ordered the port, whichever comes first. Port charges will continue to be billed anytime the FastConnect Service port is provisioned.

    https://cloud.oracle.com/en_US/fastconnect/pricing

    Copyright © 2018, Oracle and/or its affiliates. All rights reserved. 30


    Summary

    • OCI connectivity options – Public Internet, IPsec VPN, FastConnect


    • Free, managed VPN service to securely connect on-premises networks to
    OCI using IPSec connection
    • Dedicated, private connection between on-premises data centers and OCI with higher-
    bandwidth options and a more reliable and consistent networking experience

    Copyright © 2018, Oracle and/or its affiliates. All rights reserved. 31


    cloud.oracle.com/iaas

    cloud.oracle.com/tryit

    Copyright © 2018, Oracle and/or its affiliates. All rights reserved. 32

    Vous aimerez peut-être aussi