X
  • September 19, 2018

Interconnecting Clouds with Oracle Cloud Infrastructure

A multicloud architecture uses more than one cloud service provider. Companies have more than one cloud provider for many reasons: to provide resiliency, to plan for disaster recovery, to increase performance, and to save costs. When companies want to migrate cloud resources from one cloud provider to another, cloud-to-cloud access and networking is required. Oracle Cloud Infrastructure provides the internet gateway (IGW) and dynamic routing gateway (DRG) service gateway options for connecting an Oracle Cloud Infrastructure virtual cloud network (VCN) with the internet, on-premises data centers, or other cloud providers.

This post describes the connectivity service options that are available to help you plan your network connectivity to the Oracle Cloud in general, and it discusses connectivity options between the cloud providers.

Connectivity Option Overview

All major cloud service providers (CSPs) offer three distinct network connectivity service options:

  • Public internet  
  • IPSec VPN
  • Dedicated connections (Oracle's service is called Oracle Cloud Infrastructure FastConnect)

Depending on the workloads and the amount of data that must be transferred, one, two, or all three network connectivity service options are required.

 

Max (Mb/s)

Latency

Jitter

Cost

Secure

Public internet

< 10,000

Variable

Variable

Variable

No

IPSec VPN

< 250

Variable

Variable

Variable

Yes

FastConnect

< 100,000

Predictable

Predictable

Predictable

Yes

 
  • Public internet provides accessibility from any internet-connected device.
  • IPSec VPN is a secured encrypted network that provides access by extending your network into the cloud.
  • FastConnect provides dedicated connectivity and offers an alternative connectivity to internet. Because of the exclusive nature of this service, it is more reliable and offers low latency, dedicated bandwidth, and secure access.

FastConnect offers the following connectivity models:

  • Connectivity via an Oracle network provider or exchange partner
  • Connectivity via direct peering within the data center
  • Connectivity via dedicated circuits from a third-party network

Connectivity Option Details

Following are optimal connectivity options. To compare the options based on speed, cost, and time, see the next section, “Choosing Your Connectivity Option.”

Option 1: Connecting via an IPSec VPN

IPSec VPN provides added security by encrypting data traffic. The achievable bandwidth over a VPN is limited to 250 Mbps. Therefore, multiple VPN tunnels might be required depending on the total amount of data to transfer and the required transfer rate.

Steps-by-step instructions for creating a secure connection between Oracle Cloud Infrastructure and other cloud providers are available in Secure Connection between Oracle and Other Cloud Providers.

Option 2: Connecting via a Cloud Exchange

Exchange providers can provide connectivity to a large ecosystem of cloud providers over the same dedicated physical connection between on-premises and the exchange provider. Some available providers are Megaport, Equinix, and Digital Realty.

To route between the clouds, you have the following options:

  • Use the virtual router service from the exchange provider—for example, Megaport Cloud Router (MCR).
  • Colocate a physical customer edge (CE) device with the exchange provider.

The following table shows the pros and cons of using a virtual router service versus colocating a physical router with the exchange provider:

 

Pros

Cons

Using a virtual router service

  • Easy to deploy
  • Provides bandwidth on demand
  • Is cost-effective to deploy and maintain
  • Flexibility to make routing changes is within the scope of support from the cloud exchange
  • Non-availability of public IP communication

Using a dedicated physical router

  • Provides flexibility in managing routing functions
  • Gives you the ability to deploy your choice of hardware
  • Long deployment times
  • Scaling limitations
  • Hardware maintenance and associated monetary costs
 

Although the scope of this blog is to provide optimal connectivity options with a partner-agnostic approach, we are using the Megaport Cloud Router (MCR) option as an example because it’s easy to deploy and provides a virtual router service. We are also using Amazon Web Services (AWS) for our example cloud provider connection, although Megaport supports connectivity to many cloud providers, including Azure and Google Cloud Platform.

                       

Setting up the connectivity involves the following steps:

  1. Connect FastConnect with Megaport through the Oracle Cloud Infrastructure Console.
  2. Connect AWS Direct Connect with Megaport through the AWS console.
  3. Create the MCR:
    1. Create a Virtual Cross Connect (VXC) connection to FastConnect from MCR
    2. Create a VXC connection to the connecting cloud provider (for example, AWS Direct Connect) from the MCR.

After you set up FastConnect, the MCR, and the connection with the cloud provider (for example, AWS Direct Connect, Azure ExpressRoute, or Google Cloud Platform), you can access the resources by their private IP addresses and the traffic will be routed via the high-bandwidth, low-latency connection.

Choosing Your Connectivity Option

Use the following high-level information to help you choose your connectivity option. However, be aware that the best connectivity option varies for different use cases. Information is given for AWS Direct Connect as an example.

Speed

  • FastConnect offers 1G and 10G port speeds.
  • Direct Connect offers port speeds of 50M, 100M, 200M, 300M, 400M, 500M, 1G, and 10G.
  • IPSec VPN speeds are limited under 500Mb/s in most cases.

Cost

  • Oracle FastConnect charges a flat port-hour fee, and there are no charges for data transfer. For more information, see Oracle FastConnect Pricing.
  • The Oracle IPSec VPN service does not charge for inbound data transfer, outbound data transfer is free up to a 10-TB transfer, and there is a small fee after the 10-TB limit is exceeded. For more information, see Oracle IPSec VPN Pricing.
  • Amazon pricing has a port fee and data transfer charge. Inbound data is not metered but outbound data is metered and charged. For more information, see Amazon Direct Connect Pricing.
  • Megaport pricing is based on the rate limit that you choose when you create the MCR. The options available are 100 Mbps, 500 Mbps, and 1, 2, 3, 4, and 5 Gbps. Charging rates (per monthly values) are displayed at the time of deployment based on where you are deploying the MCR and the regions that your connection spans.

Time

Data transfer times depend on the speed choices made at each hop. Comparing dedicated connectivity and IPSec VPN, dedicated connectivity provides a deterministic timeframe because the connectivity uses a private medium and is more reliable and consistent.

The following table shows hypothetical cost scenarios based on bandwidth for the time to data transfer from AWS to Oracle Cloud Infrastructure:

 

Data (TB)

10

100

1,000

10,000

Rate Gb/s

1

22h13m12s

9d6h13m12s

92d14h13m12s

925d22h13m12s

10

2h13m12s

22h13m12s

9d6h13m12s

92d14h13m12s

100

13m12s

2h13m12s

22h13m12s

9d6h13m12s

 

Summary

This post discusses the intercloud connectivity options that are available in general and how multicloud access can be implemented with Oracle Cloud Infrastructure. It provides high-level indicators that can help you define your connectivity path and compares the connectivity options available to help you choose the optimum connectivity for your use case. For more information and a detailed step-by-step guide for connectivity, see the Migrating Oracle Databases from Amazon Web Services to Oracle Cloud Infrastructure Database white paper.

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.