All Oracle Cloud Infrastructure (OCI) commercial regions interconnect by a dedicated backbone. The OCI backbone is designed to allow customer workloads to move between regions through an encrypted and reliable connection, avoiding any uncertainty of the internet. Each region’s public IP prefixes are advertised across the backbone. By default, the backbone is the preferred path over the internet without any extra customer configuration. When traffic is exchanged between two VCNs (remote VCN peering) or public endpoints in different OCI regions (public connectivity), traffic automatically traverses the backbone.
This blog details the various use cases for using the OCI backbone to allow workloads to communicate between different OCI regions or reach specific PaaS and SaaS services in other regions.
Remote VCN peering allows customers to interconnect two VCNs in different regions together over the OCI backbone. These VCNs must be in the same tenancy and can’t have overlapping IP addresses. After the peering has been established, customers can communicate between the regions directly using private IP resources defined in each VCN without the need to hairpin the traffic through on-premises or route it through the internet. OCI customers commonly use remote VCN peering for use cases, such as disaster recovery, data replication, or when they need consistent network performance with more predictable bandwidth and jitter than internet-based traffic. To learn more about private IP connectivity across the OCI backbone, see Remote VCN Peering (Across Regions).
Customers can also reach Oracle platform services (PaaS) or Oracle Cloud applications (SaaS) hosted in an OCI region’s Oracle Services Network. Oracle Services Network is designed to host Oracle services on OCI that have publicly reachable endpoints, such as Object Storage, Autonomous Data Warehouse Cloud, and Oracle Analytics Cloud. Each region’s publicly reachable service network routes are also advertised and preferred across the backbone to other regions.
Oracle services hosted in an OCI region’s service network have their public endpoints included in these OSN advertisements and prefer the path across the backbone if traffic is sent between regions. For example, if you have resources in Ashburn that need to communicate with a public endpoint for Oracle Identity Cloud service in Phoenix, that traffic can be routed to the internet gateway in your Ashburn VCN. Instead of traversing the internet, the traffic automatically routes over the OCI backbone from Ashburn to the service public endpoint in Phoenix. For a list of IP address ranges used for services deployed in OCI, see IP Address Ranges.
When customers connect to an OCI region with FastConnect public peering, the routes advertised over the FastConnect include public prefixes for the OCI region where the FastConnect is provisioned, public prefixes from other OCI regions in the same market (including Oracle Services Network), and certain OCI Classic regions in the same market. Examples of market areas include North America, LATAM, EMEA, and APAC. These options enable on-premises public IPs, which are advertised across the FastConnect public peering connection to OCI to reach public resources, the service network in that region, and other OCI regions at the market level.
Customers who need to access public resources in multiple regions can accomplish this task with a single FastConnect public peering virtual circuit, as long as the resources are in regions belonging to the same market. To verify which OCI regions are reachable with FastConnect public peering from your region of choice, see FastConnect Public Peering Advertised Routes.
Certain OCI Classic regions are also connected to OCI at the market level through the backbone. The connection enables an easier migration path and enables internet alternative access to PaaS and SaaS services still hosted in OCI-C data centers, along with private IaaS environments in OCI-C. The public IPs for resources in these OCI-C regions are advertised across the OCI backbone and preferred over the internet. Customers consuming PaaS and SaaS services in specific OCI-C regions can reach the service’s public endpoints from resources in an OCI region within the same market or from on-premises by using FastConnect public peering in a region in the same market.
For example, in the North America market, Ashburn Classic and Chicago Classic regions are reachable from resources in North America OCI regions, such as Ashburn, Phoenix, Toronto, Montreal, and San Jose, as well as any FastConnect public peering terminating in the same OCI regions. To enable the OCI backbone as the preferred path, customers who use services that rely on Akamai must disable it for that specific service with a service request. If Akamai is not disabled, then traffic travels over the internet to Akamai’s nearest CDN endpoint.
Customers interconnecting their private IaaS resources between OCI-C and OCI regions in the same market can use a VPN to encrypt the private traffic. This VPN traffic traverses the OCI backbone between the two regions, instead of using the internet. The internet is only used as a backup if there’s a backbone outage between the two regions.
Hopefully, this blog has been helpful and informative. Customers can use the backbone and FastConnect to enable multiple scenarios involving other regions, on-premises, disaster recovery, data replication, access to SaaS, PaaS, and Object Storage across multiple OCI regions, as well as OCI-C to OCI migrations. For more information on FastConnect, see FastConnect Overview.