3b

Connectivity to on-premises Network

April 2018
v2.0

Copyright © 2017, Oracle and/or its affiliates. All rights reserved.

Objectives

After completing this lesson, you should be able to:

• Describe IPsec VPN
• Describe Oracle FastConnect

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. 3b - 2

Connectivity options

Public Internet VPN FastConnect

• Reserved IPs • IPsec authentication and • Private Connection

• Ephemeral IPs encryption • Separate from the
• Internet Data out Pricing • Two main options internet
(first 10TB free) • OCI managed VPN • Consistent network
Service (free) experience
• Software VPN • Port speeds of 1 Gbps,
(running on OCI 10 Gpbs
Compute) • SLA

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. 3b - 3

Dynamic Routing Gateway

ORACLE CLOUD DATA CENTER REGION A virtual router that provides a single point
of entry for remote network paths coming
into your VCN
AVAILABILITY DOMAIN-1 AVAILABILITY DOMAIN-2

You can use it to establish a

connection with your on-premises
network via IPSec VPN or FastConnect
SUBNET A, SUBNET B, Internet
Gateway
10.0.1.0/24 10.0.2.0/24 After attaching a DRG, you must add a
Private Subnet Public Subnet route for the DRG in the VCN's route
table to enable traffic flow
VCN, 10.0.0.0/16

CUSTOMER DATA CENTER

Customer Premises Equipment (CPE)

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. 3b - 4

Dynamic Routing Gateway considerations

ORACLE CLOUD DATA CENTER REGION

Consideration
• Check if you need your service limits
AVAILABILITY DOMAIN-1 AVAILABILITY DOMAIN-2 increased
• DRG MUST be attached to a VCN to
be used
• Only 1 DRG can be attached to 1 VCN
SUBNET A,
10.0.1.0/24
SUBNET B,
10.0.2.0/24
Internet
Gateway • 1 DRG can have many IPsec VPN
Private Subnet Public Subnet connections and FastConnect virtual
circuits
VCN, 10.0.0.0/16

CUSTOMER DATA CENTER

Customer Premises Equipment (CPE)

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. 3b - 5

OCI VPN Service
ORACLE CLOUD DATA CENTER REGION
• OCI VPN securely connects on-premises network to
OCI VCN through an IPSec VPN connection
AVAILABILITY DOMAIN-2
• Service is offered for Free
• Customers often need a secure method to transfer files,
Custom Route
Table and start building their Tenant
• Customer Proof of Concepts usually start as a VPN and
SUBNET B,
10.0.2.0/24 then can morph into FastConnect designs
• Bandwidth is less than 250 Mbps, but your mileage may
VCN, 10.0.0.0/16 vary
• Bandwidth is dependent on the customer’s access to the
Internet and general Internal congestion
CUSTOMER
DATA CENTER

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. 3b - 6

OCI VPN Service
ORACLE CLOUD DATA CENTER REGION
• OCI uses Juniper MX series for Hardware based IPSEC
termination
AVAILABILITY DOMAIN-2
• OCI provisions redundant VPN tunnels located on
physically and logically isolated tunnel endpoints
Custom Route
Table • Currently, only static routes are supported (BGP is not
supported)
SUBNET B,
10.0.2.0/24 • OCI VPN supports only IKEv1 using a shared secret
• DRG: VPN headend at OCI end of the IPSec VPN
VCN, 10.0.0.0/16
• CPE: Actual VPN router in your on-premises network
(hardware or software)
• IPSec Connection
CUSTOMER
DATA CENTER

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. 3b - 7

IPsec VPN - Workflow
Route Table
10.0.0.0/16  DRG
Static Route
0.0.0.0/0
ORACLE CLOUD DATA CENTER REGION

On-Premises
Network

10.0.0.0/16
Internet

VCN, 172.16.0.0/16
CPE,
142.32.45.56

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. 3b - 8

Fast Connect

• Private dedicated connectivity to Oracle Cloud Services (IaaS, PaaS, SaaS)

• Predictable performance
• Enterprise-grade resiliency with availability SLA
• Large and growing Partner ecosystem

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. 3b - 9

FastConnect Connectivity Models

OCI OCI OCI

FastConnect
FastConnect
FastConnect

Direct to Oracle: Direct to Oracle: Dedicated Oracle Network Provider or

Datacenter Circuits from a 3rd Party Exchange Partner
Colocation Network Carrier

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. 3b - 10

Fast Connect Use Cases

ORACLE CLOUD INFRASTRUCTURE (REGION)

Availability Availability Availability

Domain 1 Domain 2 Domain 3

Customer or Oracle
Partner Edge Edge

Fast Connect Datacentre Location

Public Peering
Private Peering

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. 3b - 11

FastConnect Partner Ecosystem

• https://cloud.oracle.com/en_US/fastconne
ct/providers

• More in the pipeline..

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. 3b - 12

IPsec VPN and FastConnect

Site-to-Site IPsec VPN FastConnect

Dev/test and small scale production Enterprise-class and mission critical
Use case
workloads workloads, Oracle Apps, Backup, DR
All OCI Services within VCN – All OCI Services within VCN – compute –
Supported Services
compute –VMs and BMs, Database VMs and BMs, Database
Typically < 250 Mbps aggregate, Higher bandwidth; increments of 1 Gbps,
Typical bandwidth
varies on internet path traversal and 10 Gbps ports
Protocols IPSec MPLS, VPLS
Routing Static Routing BGP
Connection Resiliency active-active active-active
Encryption Yes, by default No
• Billable port hours
Pricing Free!
• No data transfer charge between ADs
SLA No SLA 99.9% Availability SLA

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. 3b - 13

VPN and FastConnect Pricing
• No hourly or monthly VPN connection charge for IPSEC VPN, but data transfer rates (below) apply

Metric Pay as You Go Monthly Flex

Outbound Data Transfer - First 10 TB / Month GB/month Free Free
Outbound Data Transfer - Over 10 TB / Month GB/Month $0.0085 $0.0085
Inbound Data Transfer GB/Month Free Free

• Fast Connect pricing

Metric Pay as You Go Monthly Flex

FastConnect 1 Gbps – Metered Port-hours $.2125 $.2125

FastConnect 10 Gbps - Metered Port-hours $1.2750 $1.2750

Port-hours are billed once the connection between the FastConnect Service router and your router is established, or 30 days after you
ordered the port, whichever comes first. Port charges will continue to be billed anytime the FastConnect Service port is provisioned.

https://cloud.oracle.com/en_US/fastconnect/pricing

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. 3b - 14

FastConncect Pricing comparison
FastConnect Dedicated Network Peering
10 Gb/s Dedicated Bandwidth Consumed Oracle Cloud FastConnect AWS DirectConnect AWS Cost
Peering Connection per month (GB) price / month price / month Compared
3% utilization 97.2K $1,080 $3,564 3.3X
10% utilization 324K $1,080 $8,100 7.5X
30% utilization 648K $1,080 $14,580 13.5X
40% utilization 1296K $1,080 $27,540 25.5X
50% utilization 1620K $1,080 $34,020 31.5X

Outbound Internet Transit

Standard Outbound Bandwidth Transferred Out Oracle Cloud AWS AWS Cost
Internet Transit per month (TB) price / month price / month Compared
1 $0 $0
10 $0 $91
50 $400 $4,403 11X
100 $900 $7,987 8.9X
500 $4,900 $34,020 6X
1000 $9,900 $55,091 5.6X

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. 3b - 15

Summary

• Connectivity options – Public Internet, site-to-site VPN, FastConnect

• OCI provides a free, managed VPN service to securely connect on-premises network to
OCI using IPSec connection
• FastConnect provides a dedicated, private connection between on-premises data center
and OCI with higher-bandwidth options and a more reliable and consistent networking
experience

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. 3b - 16