██FR█████ █INTELL███████████

How to set up Interconnect / FastConnect between GCP and OCI


This content originally appeared on DEV Community and was authored by Faris Durrani

How to set up an Oracle Cloud (OCI) Partner Interconnect / FastConnect connection with Google Cloud (GCP)

Arch diagram

You have an Oracle Cloud tenancy and you want to set a private, high-speed connection between OCI and GCP. Fortunately, OCI and GCP has collaborated on a new partner connection between those two tenancies.

This tutorial will largely follow the official demo tutorial to illustrate the steps to establish and confirm connectivity between an OCI VM instance and an GCP VM instance from scratch, located in the Ashburn / us-east4 region respectively. We provide screenshots and more thorough details.

1. Create an OCI VCN

Log in to Oracle Cloud (cloud.oracle.com) and create a standard internet-enabled virtual cloud network through the VCN wizard.

Go to ☰ Menu > Networking > Virtual Cloud Networks > Actions > Start VCN Wizard > Create VCN with Internet Connectivity.

Create VCN

Using the default settings will do. Our VCN name is ellipse4543-vcn. Click Next and Create.

VCN details

After creating the VCN, we’ll need to modify the subnet’s security control list to allow for external pings. We assume we’ll be using the public subnet to host our test VM instance simply to make SSH login into it easier.

Head to the public subnet’s Security tab and modify the security list to allow for ICMP type 8 (Echo) ingress connections from 0.0.0.0/0.

Choose SL

ICMP 8 ingress

2. Create an OCI DRG

Next, we’ll create an OCI Dynamic Routing Gateway (DRG). Go to ☰ Menu > Networking > Customer connectivity > Dynamic routing gateway. Create a new DRG. Give it a name, in my case, ellipse4543-drg.

Create DRG

3. Set up DRG routing

First, we’ll need to attach the DRG to the VCN.

Go to the DRG you created, head to the Attachments tab and click Create virtual cloud network attachment.

Click create virtual attachment

Give the attachment a name and click Create VCN attachment.

Create attachment

Next, we’ll need to modify the route table on the VCN subnet to route any GCP-bound traffic to the DRG.

Go to the VCN you created and head to the Subnets tab. Click the public subnet and click on its route table.

Click route table

Click Add Route Rules.

Add route rule

Assuming the GCP subnet CIDR range is 192.168.0.0/16, we input that as our Destination CIDR Block. Click Add Route Rules.

Add CIDR

Now, we have the DRG route rule established. Make sure the Internet Gateway route rule to destination 0.0.0.0.0 has been created as well (should have been automatically provisioned).

DRG and IG route

4. Create a GCP VPC

Head over to Google Cloud (console.cloud.google.com) and head over to VPC network > VPC networks > Create VPC network.

Give it a name (ellipse4543-vpc). Set the MTU to 1500 to match the future OCI FastConnect value.

Create VPC name

ℹ Note: it may be possible to optionally use the default MTU of 1460 but presumably, you would need to configure firewall rules to enable and response of detection of ICMP “Fragmentation Needed” (Type 3, Code 4) message.

Name the virtual private cloud (VPC) subnet. Set the region to us-east4, and add the IPv4 range (192.168.0.0/16).

Create subnet

Allow firewall rules to enable the OCI VM to ping any instances created in this subnet.

Firewall in subnet

Leave the rest as default. Click Create.

Click Create

5. Create a GCP Partner Interconnect

In GCP, head to Network Connectivity > Interconnect > Create VLAN attachments.

Create VLAN attachment

Select Partner Interconnect connection. Click Continue.

Partner interconnect

In the next page, click I already have a service provider.

Already have provider

Select the option Create a single VLAN (no redundancy). Select the created VPC and the region as us-east4 (Northern Virginia). Create a new router with a new name.

Select vpc, router

Give VLAN A an attachment name and select an MTU value of 1500 to match the future OCI FastConnect value. Click Create.

Create attachment

Copy the pairing key. Select the Enable button to pre-activate the VLAN attachment. You may also optionally enable it later.

Pairing key

6. Create an OCI FastConnect

With the pairing key, head to the OCI console. Go to ☰ Menu > Networking > Customer connectivity > FastConnect > Create FastConnect.

Create FC

Ensure the connection type is FastConnect partner. Click Next.

FC Partner

Choose:

  • Partner: Google Cloud: OCI Interconnect
  • Dynamic routing gateway: the DRG you created
  • Proposed bandwidth: 1 Gbps
  • Partner service key: the copied pairing key
  • MTU: 1500

Click Create.

Create connection

Wait until the Lifecycle State is Provisioned and the IPv4 BGP state is Up (5 mins).

State is Up

Congratulations, we established connection. Now, let’s test it.

7. Create an OCI VM instance

We’ll need to create a new OCI virtual machine (VM) instance so we can test connectivity between the two cloud providers. Go to ☰ Menu > Compute > Instances > Create instance.

Create instance

I’m creating the instance in a public subnet so I can SSH login into it easily.

Create public instance

Make sure to download the SSH private key under 3. Networking > Add SSH keys so you can SSH into the instance. Other settings can be kept to their default. Go through the creation steps until you create the instance.

Wait until it is provisioned. Get the public IP address and login using SSH into the instance using the command ssh -i your_ssh_key.pem opc@the_ip_addr.

public ip

successful ssh

8. Create a GCP VM instance

Back in GCP, head over to Compute Engine > VM instances and click Create instance.

Create instance

Choose the us-east4 region. Don’t click Create yet.

Region

Go to the Networking tab and select the subnet we created. Choose VirtIO as the Network interface card. Click Create.

Network

9. Test pings

Once created, click on the instance and click SSH to log in. Get the private (not public) IP address of the OCI instance you created and try pinging that OCI instance from the GCP VM. In my case, that is ping 10.0.0.100.

Received ping responses indicate successful connection to the OCI instance from GCP on the private network.

Successful ping

And on the OCI VM’s SSH instance, we try the same thing. Retrieve the GCP instance’s private IP address (192.168.0.2 in my case) and ping that address from the OCI instance.

private ip

Received ping responses indicate successful connection to the GCP instance from OCI on the private network.

received ping

This confirms successful interconnection pairing between the GCP and OCI virtual private clouds.

References

  1. Oracle University: Demo: Setting up Oracle Interconnect for Google Cloud
  2. Oracle Blogs: https://blogs.oracle.com/cloud-infrastructure/post/interconnecting-oci-google-cloud

Safe harbor statement

The information provided on this channel/article/story is solely intended for informational purposes and cannot be used as a part of any contractual agreement. The content does not guarantee the delivery of any material, code, or functionality, and should not be the sole basis for making purchasing decisions. The postings on this site are my own and do not necessarily reflect the views or work of Oracle or Mythics, LLC.

This work is licensed under a Creative Commons Attribution 4.0 International License.


This content originally appeared on DEV Community and was authored by Faris Durrani