There are two options to peer Oracle OCI VCNs in the same region.
1- Use local peering gateway (LPG). Steps are demonstrated in blog Peering using LPG
2- Use dynamic routing gateway (DRG).
In this blog, we will demonstrate the steps to peer two VCNs in the same region using a DRG in the same tenancy.
Peering two VCNs in the same region through a DRG gives you more flexibility in your routing and simplified management but comes at the cost of microseconds increase in latency due to routing traffic through a virtual router.
At a high level, the networking service components required for this scenario include:
- Two VCNs with non-overlapping CIDRs, in the same region
- A single dynamic routing gateway (DRG) attached to each peer VCN.
- Supporting route rules to enable traffic to flow over the connection between private subnets in the respective VCNs.
- Supporting security rules to control the types of traffic allowed to and from the instances in the private subnets.
|
VCN1 |
VCN2 |
VCN Name |
TOR-VCN1 |
TOR-VCN2 |
Private
Subnet CIDR |
172.10.0.64/26 |
172.20.0.64/26 |
DRG |
TOR-DRG |
|
Compute
Instance |
VCN1-VM (172.10.0.124) |
VCN2-VM (172.20.0.124) |
- Prerequisites:
- An Oracle cloud fee trial or paid account.
- Two OCI VCNs in the same tenancy with private subnet, security list, and route table.
- One OCI compute instance located in the first VCN’s private subnet with API RSA private key.
- One OCI compute instance located in the second VCN’s private subnet with API RSA private key.
Step #1: Create a DRG
1. Open the navigation menu and click Networking. Under Customer connectivity, click Dynamic routing gateway.
2. Click "Create Dynamic Routing Gateway" button.
3. In "Create dynamic routing routing gateway" page, enter DRG name and the compartment where you want to create DRG.
Step #2: Attach DRG to VCNs
1. Attach DRG to TOR-VCN1.
- Go to TOR-DRG detail page and click on "VCN attachments" tab.
- Click "Create virtual cloud network attachment" button.
2. Attach DRG to TOR-VCN2. Repeat the same steps done above to attach TOR-VCN1.
Step #3: Configure route table in VCNs to send traffic destined to DRG attachment
1. Configure route table in TOR-VCN1 to send traffic to TOR-VCN2's private subnet CIDR.
- Go to TOR-VCN1 detail page and click on "Route Tables" tab.
- Under the list of route tables, click on "route table for private subnet-TOR-VCN1".
- In route table page, click "Add Route Rules" button and enter below route rule information.
Target
Type |
Destination
Type |
Destination
CIDR Block |
Dynamic Routing Gateway |
CDIR Block |
172.20.0.64/26 (VCN2-private subnet CIDR) |
Target Type | Destination Type | Destination CIDR Block |
Dynamic Routing Gateway | CDIR Block | 172.10.0.64/26 (VCN2-private subnet CIDR) |
Step #4: Add security Ingress rule to allow traffic between VCNs' private subnets through DRG
1. Add Ingress rule to "security list for private subnet-TOR-VCN1" of the first VCN (TOR-VCN1) to allow traffic coming from VCN2-private subnet to VCN1-private subnet.
- Go to TOR-VCN1 detail page and click on "security list" tab, then click on "security list for private subnet-TOR-VCN1".
- In security list page, click "Add Ingress Rules" button and enter below Ingress rule information.
Source Type | Source CIDR | IP PROTOCOL |
CIDR | 172.20.0.64/26 (VCN2-private subnet CIDR) | All Protocols |
2. Add Ingress rule to "security list for private subnet-TOR-VCN2" of the second VCN (TOR-VCN2) to allow traffic coming from VCN1-private subnet to VCN2-private subnet.
- Repeat the same steps done above to add Ingress rule for VCN1, but use below Ingress rule.
Source Type | Source CIDR | IP PROTOCOL |
CIDR | 172.10.0.64/26 (VCN1-private subnet CIDR) | All Protocols |
Step #5: Test SSH connection between VMs
1. Connect to VCN1-VM, then ssh to VCN2-VM.
- ssh to opc@VCN1-VM using OCI cloud shell tool. Use RSA private key which was generated while creating VCN1-VM.
- Use RSA private key, which was generated while creating VCN2-VM, to ssh from VCN1-VM to opc@VCN2-VM.
2. Connect to VCN1-VM, then ssh to VCN2-VM. Repeat the same steps.
Thanks for reading. Hope you like it !!!.
No comments:
Post a Comment