Simplify OCI and Azure Interconnect encryption and observation for multicloud using Aviatrix

As companies adopt multiple public clouds for different applications, key data resides in more than one place. To repurpose that data for tasks running elsewhere, fast, secure network connectivity between clouds is a must. To achieve this goal, you need a robust platform like Aviatrix cloud network platform, which delivers the advanced networking, security, monitoring, and operational visibility required by the enterprise, while maintaining the simplicity and automation of cloud. Enterprise customers place high value on a consistent, secure network operating model that can be adopted at scale in multicloud environments.

In this blog post, we deploy Aviatrix Transit in a multicloud environment utilizing the private Interconnect service between Oracle Cloud Infrastructure (OCI) and Microsoft Azure. If you’re utilizing the OCI Interconnect for Azure interested in encrypting the traffic beyond MACSec (IETF IEEE 802.1AE-2006) without suffering a performance penalty, read on!

Aviatrix overview

Aviatrix is redefining networking for the cloud and putting enterprise IT back in control. The Aviatrix cloud network platform delivers a single, common platform for multicloud networking, regardless of which public cloud providers used. Aviatrix delivers the simplicity and automation enterprises expect in the cloud with the operational visibility and control they require.

Customer pain points

Customers want the ability to choose application infrastructure technology from multiple clouds and have those different clouds coexist and interoperate gracefully. Oracle and Azure have partnered to provide a direct network integration between their public clouds, the Interconnect. The workloads that customers want to communicate with aren’t located within the same virtual cloud network (VCN) or VNET used to establish the interconnect between OCI and Azure. On either side of the equation, one of the first questions that comes up is, “How do I engineer the transit routing between Azure and OCI to let the applications know the Oracle database is one hop away?”

Engineers from Oracle can’t support with networking on the Azure side, and the same problem exists the other way. They can only support you as far as the boundary of their cloud. OCI and Azure have done the first critical step in providing the Interconnect. Your applications need to behave and act like a single experience, so you’re left with assembling this experience on both sides of the fence yourself, securing it, scaling it, and defining an operating model.

Using Aviatrix, you can solve the multicloud transit problem in an afternoon. As we show in this blog, you can accomplish it with Terraform or easily click through the UI. The following snippets show the Aviatrix CoPilot solution, which provides advanced monitoring and analytics on top of your multicloud network, providing Day 2 teams with the tools they need to ensure a steady state network operations.

^{Figure 1 : CoPilot dashboard}

^{Figure 2: CoPilot topology}

The workflow launches a controller, onboards your OCI and azure accounts, and deploys Aviatrix Transit. From there, you can add as many spokes as you want in any cloud, any region, different accounts to your multicloud application network. All the traffic is encrypted, all the routing configuration is automated, and the entire environment is centrally managed and monitored.

Deployment architecture

In this scenario, we focus on using Aviatrix Transit to set up high speed encryption over the Interconnect between OCI and Azure clouds opening both to Aviatrix advanced network capabilities. When this base platform is built out, you can easily connect nonadjacent workloads, use Aviatrix automated routing and encryption, and gain visibility over the multicloud environment for Day 2 operations.

^{Figure 3: Deployment architecture}

The use case architecture is deployed in OCI US-Phoenix-1 and Azure US West 3 regions, which incurs no performance penalty while improving security and gaining the core value of the Aviatrix platform.

Configuration

You can follow this automated Quick Start, which provisions and configures Aviatrix high-performance encryption between OCI and Microsoft Azure including the interconnect. When provisioning is completed, ensure that the OCI-Azure Interconnect is up.

^{Figure 4: OCI FastConnect Circuit}

^{Figure 5: Azure ExpressRoute circuit}

^{Figure 6: Aviatrix Controller Dashboard view of encrypted transit peering of OCI-Azure Interconnect}

Validation

Now that the connectivity is set up, you can validate the connection. Use SSH to connect to the virtual machine (VM) in each environment and validate the connectivity by doing a basic ping and traceroute test.

^{Figure 7: OCI spoke VM to Azure spoke VM ping and traceroute tests}

^{Figure 8: Azure spoke VM to OCI spoke VM ping and traceroute tests}

Similarly using IPERF3, you can validate encrypted throughput:

• Encrypted traffic: iperf3 -c 10.3.0.20 -M 1460 -P 128 -t 60 -i 2

  
  ^{Figure 9: Encrypted traffic throughput validation}

• Jumbo frames: iperf3 -c 10.3.0.20 -M 800 -P 128 -t 60 -i 2

  
  ^{Figure 10: Encrypted jumbo frames traffic throughput validation}

You get no performance degradation with Aviatrix high-performance encryption using 1-Gbps circuit observed line rate throughput.

Conclusion

This blog explained how you can use Aviatrix to automate secure deployment of multicloud infrastructure in OCI and Microsoft Azure environment sand how you can achieve encryption and deploy Aviatrix Transit in both clouds included using Terraform. To learn more about the benefits and use cases of the Oracle Cloud Infrastructure and Microsoft Azure Interconnect, see the Oracle and Azure Partnership page. For more information, see the following resources:

• Aviatrix listings on Oracle Cloud Marketplace

• Aviatrix Controller listing on Azure Marketplace

• Aviatrix OCI account onboarding guide

• Aviatrix Transit Terraform modules