Prerequisites

To learn more about the prerequisites for restoring your database(s) in Oracle AI Database@AWS, see the Backup - Prerequisites section.

Network Prerequisites for a Cross-Region Exadata Database Restore

This topic describes the cross-region networking setup that you need to perform a cross-region restore. The setup enables a target Exadata Database in one AWS region to access backup files in OCI Object Storage that come from a source database in a different AWS region.

After you establish connectivity, follow the Exadata Database - Restore documentation to restore your Exadata Database.

The following diagram illustrates the cross-region architecture diagram for this configuration. This screenshot shows the cross-region architecture diagram.

In this architecture, the source database uses OCI Object Storage as its backup repository and routes backup traffic through a Service Gateway. To restore the database, you must configure the target database with network access to the Object Storage endpoint in the source region to retrieve those backups.

In this architecture:

The Source Hub VCN 10.101.0.0/24 is created.
The target Exadata VM Cluster is deployed within the target region's VCN, where the client and backup subnets utilize the CIDR blocks 100.200.0.0/24 and 10.200.1.0/24, respectively.
The Target Hub VCN 10.201.1.0/24 is created.

Note

Download and update the diagram with your CIDR.
Review the Remote Peering Connection Count service limit, and request a service limit increase if needed.
Plan Hub VCN CIDR to avoid overlapping IP addresses. The hub VCN CIDR can be small, for example, /28.
If you plan to deploy resources in the subnet, define the CIDR accordingly.

Complete the following steps to configure cross-region VCN peering and establish network communication between the target region and the source Object Storage bucket that the architecture diagram shows.

Configure the Network in the Source Region

From the AWS Console, select the source Exadata VM Cluster, and then select the Manage in OCI button to open the OCI Console.
From the OCI Console, navigate to Networking to create a Virtual Cloud Network (VCN) of the source region (HUB VCN Source).
1. From the left menu, select Virtual cloud networks.
2. Select the Create VCN button.
  1. Name: Enter a descriptive name. For example, Source-hub-vcn.
  2. Create In compartment: Select the compartment where you want to create the VCN.
  3. IPv4 CIDR Blocks: Enter the CIDR block for your Hub VCN. Ensure that this block does not overlap with your existing network address space.
  4. Select the Create VCN button.
Create a dynamic routing gateway named Source-hub-drg.
1. From the OCI Console, select Networking.
2. Under the Customer connectivity section, select Dynamic routing gateway, and then select the Create dynamic routing gateway button.
3. In the Create dynamic routing gateway page, enter the following information.
  1. Enter a descriptive name. For example, Source-hub-drg.
  2. Select the Create dynamic routing gateway button.
Create a service gateway named primary-hub-sg to enable the private network communication to OCI Object Storage.
1. From the OCI Console, select Networking.
2. From the left menu, select Virtual cloud networks.
3. In the Hub VCN Source VCN, select the Gateways tab.
4. Scroll down to the Service Gateways section, and then select the Create Service Gateway button.
5. In the Create Service Gateway page, enter the following information.
  1. Name: Enter a descriptive name. For example, primary-hub-sg.
  2. Create In compartment: Select the compartment where you want to create your service gateway.
  3. Services: Select the OCI IAD Object Storage option.
  4. Expand the Advanced options section, and then select the default Route Table for source-hub-vcn.
  5. The Tags section is optional.
  6. Review your information, and then select the Create Service Gateway button.
Create a route table in the source hub VCN to route network traffic between the primary hub VCN and the service gateway.
1. From the OCI Console, select Networking.
2. From the left menu, select Virtual cloud networks, and then select the HUB VCN Source VCN.
3. Select the Routing tab, and then select the Create Route Table button.
4. In the Create Route Table page, enter the following information.
  1. Name: Enter a descriptive name. For example, source_hub_transit_sg.
  2. Select the + Another Route Rule button.
  3. Target Type: Select the Service Gateway option.
  4. Destination Service: Select the OCI IAD Object Storage option.
  5. Target Service Gateway: Select the service gateway that you created in the HUB VCN Source. For example, primary-hub-sg.
  6. Description: Enter a description.
  7. Select the Create button.
Attach the dynamic routing gateway to the HUB VCN Source VCN.
1. From the OCI Console, select Networking.
2. Form the left menu, select Virtual cloud networks, and then select the HUB VCN Source VCN.
3. In the HUB VCN Source VCN, select the Gateways tab.
4. From the Dynamic Routing Gateway Attachments section, select the Create DRG Attachment button.
5. In the Create DRG Attachment page, enter the following information.
  1. Name: Enter a descriptive name. For example, Source-hub-drg.
  2. DRG Location: Choose the Current tenancy option.
  3. From the dropdown list, select a DRG compartment and then select the DRG that you created in the previous step.
  4. Expand the Advanced Options section, and then enter the following information.
    1. From the Route Table Association section, choose the Select Existing option.
    2. Select the VCN Route Table Association compartment and then select the VCN Route Table Association that you created in the previous step. For example, primary_hub_transit_sg.
  5. The Tags section is optional.
  6. Select the Create DRG Attachment button.
In the HUB VCN Source VCN, create a second route table to direct network traffic to the target network.
1. From the HUB VCN Source VCN, select the Routing tab, then select the Create Route Table button.
2. In the Create Route Table page, enter the following information.
  1. Name: Enter a descriptive name. For example, source_hub_transit_drg.
  2. Select the + Another Route Rule button.
  3. Target Type: Select the Dynamic Routing Gateway option.
  4. Destination CIDR Block: Enter the VCN target client subnet CIDR which is 10.200.0.0/24.
  5. Target Dynamic Routing Gateway: select the DRG associated with the HUB VCN Source. For example, source-hub-drg.
  6. Description: Enter a description.
3. Select the + Another Route Rule button.
  1. Repeat the steps 7bi through 7bvi for the VCN target backup subnet CIDR (10.200.1.0/24).
4. Select the + Another Route Rule button.
  1. Target Type: Choose the Service Gateway option.
  2. Destination Service: Select the OCI IAD Object Storage option.
  3. Target Service Gateway: Select the service gateway associated with the HUB VCN Source. For example, primary-hub-sg.
  4. Description: Enter a description.
5. Select the Create button.
6. Once it is created, you can review the details from the Routing tab.
Edit the source-hub-drg attachment from the Source-Hub-VCN to update the dynamic routing gateway (DRG) route table.
1. From the Hub VCN Source VCN, select the Gateways tab.
2. From the Dynamic Routing Gateway Attachments section, select the name of your DRG attachment.
3. Select the Edit button.
  1. From the Edit attachment page, enter a Display name.
  2. From the Choose a DRG route table dropdown list, select the Autogenerated Drg Route Table for RPC, VC, and IPSec attachments option.
  3. From the VCN route table section, choose the Select existing option as your Associate route table.
  4. Choose the Route table compartment and Route table.
  5. From the VCN route type section, select the Subnet CIDR blocks option.
4. Select the Update button to save your changes.
Validate the dynamic routing gateway (DRG) route table options.
1. From the left menu, select Dynamic Routing Gateway, and then select the Attachments tab.
2. In the VCN attachments section, navigate to the DRG route table column, and then select the Autogenerated Drg Route Table for RPC, VC, and IPSec attachments link.
3. Select the Actions button, and then select the Edit option.
  1. From the Edit DRG route table page, make sure that the Enable import route distribution option is enabled and Import route distribution is set to Autogenerated Import Route Distribution for ALL routes.
  2. Select the Save changes option.
  Note
  - To configure routing more precisely, disable the import route distribution of the Autogenerated DRG Route Table for RPC, VC, and IPSec attachments route table.
  - For Autogenerated DRG Route Table for VCN attachments, create and assign a new import route distribution that includes only the required RPC attachment.
From the Source-hub-drg, create remote peering connection attachments.
1. From the Networking section, select Dynamic routing gateway.
2. Select the Attachments tab, and then scroll down to the Remote peering connection attachments section.
3. Select the Create remote peering connection button.
4. From the Create remote peering connection page, enter the following information.
  1. Name: Enter a descriptive name. For example, Source-hub-drg.
  2. Create in compartment: Select the compartment where you want to create your remote peering connection.
  3. The Tags section is optional.
  4. Select the Create remote peering connection button.
5. Once it is complete, select the remote peering connection Source-hub-drg which you created in the previous step, and take note of the OCID information.
Update the Source-Hub Default route table to add a route rule for the target VCN client subnet and backup CIDR range.
1. From the HUB VCN Source VCN, select the Routing tab, and then select the name of the default route table.
2. Select the Route Rules tab, then select the Add Route Rules button.
3. From the Add Route Tables page, enter the following information.
  1. Target Type: Choose the Dynamic Routing Gateway option.
  2. Destination Type: Select the CIDR Block option.
  3. Destination CIDR Block: Enter the target VCN client subnet CIDR. For example, 10.200.0.0/24.
  4. Target Dynamic Routing Gateway compartment: Select the compartment.
  5. Target Dynamic Routing Gateway: Select your DRG. For example, source-hub-drg.
  6. Description: Enter a description.
  7. Select the + Another Route Rule button.
  8. Repeat the steps 11ci through 11cvi for the target VCN's backup subnet CIDR block (10.200.1.0/24).
  9. Select the Add Route Rules button.

Configure the Network in the Target Region

From the AWS Console, select the target Exadata VM Cluster, and then select the Manage in OCI button to open the OCI Console.
From the OCI Console, navigate to Networking to create a Virtual Cloud Network (VCN) on the target region (HUB VCN Target).
1. From the left menu, select Virtual cloud networks, and then select the Create VCN button.
  1. Name: Enter a descriptive name. For example, target-hub-vcn.
  2. Create In compartment: Select the compartment where you want to create the VCN.
  3. Enter the CIDR block for your Hub VCN in the IPv4 CIDR Blocks field. Ensure that this block does not overlap with your existing network address space.
  4. Select the Create VCN button.
Deploy two local peering gateways (LPGs), Target-hub-LPG and Target-LPG , in HUB VCN Target and the VCN of the target Exadata VM Cluster respectively.
1. In the Target-Hub VCN detail page, select the Gateways tab, scroll down to the Local Peering Gateways section, and then select the Create Local Peering Gateway button.
2. In the Create Local Peering Gateway page, enter the following information.
  1. Name: Enter a descriptive name. For example, target-hub-lpg.
  2. Review the Create in compartment field and make sure it is the compartment that you want to create your Local Peering Gateway in.
  3. The Advance options section is optional.
  4. Select the Create Local Peering Gateway button.
3. In the Target Exadata VM Cluster VCN detail page, select the Gateways tab, scroll down to the Local Peering Gateways section, and then select the Create Local Peering Gateway button.
  1. Name: Enter a descriptive name. For example, target-lpg.
  2. Review the Create in compartment field and make sure it is the compartment that you want to create your Local Peering Gateway in.
  3. The Advance options section is optional.
  4. Select the Create Local Peering Gateway button.
Establish a local peering connection between the local peering gateways (LPGs) for VCN Target and HUB VCN Target.
1. In your Target Exadata VM Cluster VCN, select the Gateways tab, and select Local Peering Gateways. Locate the LPG that you previously created, and select the three dots menu. Select the Establish Peering option.
  1. From the Establish Peering Connection page, choose the Browse Below option.
  2. Select the compartment from the Virtual Cloud Network Compartment dropdown list.
  3. From the Virtual Cloud Network dropdown list, select your Target-Hub VCN. For example, target-hub-vcn.
  4. Select the compartment from the Local Peering Gateway Compartment dropdown list.
  5. From the Unpeered Peer Gateway, select your Target-Hub-LPG. For example, target-hub-lpg.
  6. Review your information, and then select the Establish Peering Connection button.
Create a dynamic routing gateway (DRG) named target-hub-drg.
1. From the OCI Console, navigate to Networking. From the Customer connectivity section, select Dynamic routing gateway, and then select the Create dynamic routing gateway button.
  1. Name: Enter a descriptive name. For example, target-hub-drg.
  2. Review the Create in compartment field and make sure it is the compartment that you want to create your Local Peering Gateway in.
  3. The Tags section is optional.
  4. Select the Create dynamic routing gateway button.
Create a route table in the HUB VCN Target VCN, to route the network traffic between the HUB VCN Target and VCN Target.
1. From the OCI Console, navigate to Networking, select Virtual cloud networks, and then select the HUB VCN Target VCN.
2. Select the Routing tab, then select the Create Route Table button.
  1. Name: Enter a descriptive name. For example, target_hub_transit_lpg.
  2. Select the + Another Route Rule button.
  3. Target Type: Select the Local Peering Gateway as your target type.
  4. Destination CIDR Block: Enter the target Exadata VM Cluster Client Subnet CIDR (10.200.0.0/24).
  5. Target Local Peering Gateway: Select the LPG which is created in the HUB VCN Source. For example, target-hub-lpg.
  6. Description: Enter a description.
  7. Select the + Another Route Rule button.
  8. Repeat steps iii through vi for the VCN Target backup subnet CIDR (10.200.1.0/24).
  9. Review your information and then select the Create button.
Attach the DRG to the HUB VCN Target VCN.
1. In the HUB VCN Target VCN, select the Gateways tab. From the Dynamic Routing Gateway Attachments section, select the Create DRG Attachment button.
2. Name: Enter a descriptive name. For example, target-hub-drg.
3. DRG Location: Choose the Current tenancy option.
4. Choose a DRG: Select the DRG name that you previously created.
5. Expand the Advanced Options section.
6. From the Route Table Association section, choose the Select Existing option. Select the VCN Route Table Association compartment. Select the routing table that you previously created from the VCN Route Table Association dropdown list. For example, Target_hub_transit_lpg.
7. Select the Create DRG Attachment button.
Identify Public IP Addresses for Oracle Services Network in the source region.
Note

To access the source OCI Object Storage endpoints, you must identify the public IP CIDR blocks required to route traffic and grant the necessary network permissions. For more information, see Public IP Addresses for VCNs and the Oracle Services Network and Downloading the JSON File.
In the HUB VCN Target VCN , create a second route table to direct network traffic to the source network.
1. From the HUB VCN Target VCN, select the Routing tab, and then select the Create Route Table button.
2. Name: Enter a descriptive name. For example, Target_hub_transit_sg.
3. Select the + Another Route Rule button.
4. Target Type: Select the Dynamic Routing Gateway as your target type.
5. Destination CIDR Block: Enter the source OCI Object Storage endpoint IP CIDR such as 134.70.24.0/21.
6. Target Dynamic Routing Gateway compartment: Select the DRG associated with the HUB VCN Target VCN. For example, Target-hub-drg.
7. Description: Enter a description.
8. Repeat the steps 9c through 9g for all the Object Storage Endpoint IP CIDRs in the source region (134.70.32.0/22).
9. Select the Create button.
Associate the Target_hub_transit_sg route table to the Hub-Target-LPG gateway.
1. From the Hub VCN Target VCN, select the Gateways tab, navigate to the Local Peering Gateways section.
2. Select the three dots, then select Associate Route Table option.
3. Select the route table that you previously created for the Local Peering Gateway. For example, Target_hub_transit_sg.
4. Select the Associate button.
Edit Target-Hub-DRG attachment from the Target-Hub-VCN to add DRG route table.
1. From the Target-Hub-VCN VCN, select the Gateways tab. From the Dynamic Routing Gateway Attachments section, select the name of your DRG attachment.
2. Select the Edit button.
3. From the Choose a DRG route table dropdown list, select Autogenerated Drg Route Table for RPC, VC, and IPSec attachments.
4. Select the Update button.
Validate the DRG route table options.
1. From the Dynamic Routing Gateway section, select the Attachments tab. From the VCN attachments section, under the DRG route table column, select Autogenerated Drg Route Table for RPC, VC, and IPSec attachments.
2. Select the Actions button, and then select the Edit option.
3. Make sure that the Enable import route distribution option is enabled and Import route distribution is set to Autogenerated Import Route Distribution for ALL routes.
4. Select the Save changes option.
Note
- To configure routing more precisely, disable the import route distribution of the Autogenerated DRG Route Table for RPC, VC, and IPSec attachments route table.
- For Autogenerated DRG Route Table for VCN attachments, create and assign a new import route distribution that includes only the required RPC attachment.
From the Target-Hub-DRG, create a remote peering connection attachments.
1. From Dynamic routing gateway page, select the Attachments tab, scroll down to the Remote peering connection attachments section. Select the Create remote peering connection button.
2. Name: Enter a descriptive name. For example, Target-hub-drg.
3. Select the Create remote peering connection button.
4. From the Target-Hub-DRG, scroll down to the Remote peering connection attachments section, under Remote peering connection column, select the remote peering connection. For example, Target-hub-drg.
5. Select the Establish Connection button and then enter the following information.
  1. Region: Select your Source Region
  2. Remote peering connection OCID: Provide the Source-Hub-drg remote peering connection OCID that you copied.
  3. Select the Establish connection button.
  Note
  
  When the peering status becomes peered, both regions are connected.
Update the Target VCN default route table, add a route rule to the source region OCI Object Storage endpoint CIDRs range.
1. From your target Exadata VM Cluster VCN, select the Routing tab, then select the name of the default route table.
2. Select the Route Rules tab, then select the Add Route Rules button.
3. Target Type: Select the Local Peering Gateway as your target type.
4. Destination CIDR Block: Select the source region Object Storage endpoint public IP CIDR such as 134.70.24.0/21.
5. Target Local Peering Gateway: Select your LPG. For example, Target-lpg.
6. Description: Enter a description.
7. Select the + Another Route Rule button.
8. Repeat the steps 14c through 14g for all the Object Storage Endpoint IP CIDR in the source region such as 134.70.32.0/22.
9. Select the Add Route Rules button.
Create a custom Network Security Group (NSG) in the target Exadata VM Cluster VCN.
1. From your target Exadata VM Cluster VCN, select the Security tab. scroll down to the Network Security Groups section, and then select the Create Network Security Group button.
  1. Name: Select a name for your custom NSG
  2. Name: Select Ingress.
  3. Source Type: Select CIDR.
  4. Source CIDR: Enter your source CIDR.
  5. IP Protocol: Select All Protocols.
  6. Select the Create button.
2. Attach the Custom NSG to target Exadata VM Cluster backup subnet.
  1. From your target Exadata VM Cluster information page, scroll down to the Network section. From the Backup network security groups section, select the Edit button.
  2. Select the + Another network security group button.
  3. Select the compartment that you created the custom NSG.
  4. Select the name of the custom NSG.
  5. Select the Save button.

Test Connectivity

Connect via SSH to your target Exadata VM Cluster and run a curl command against the OCI Object Storage URL endpoint.

curl -v https://swiftobjectstorage.<OCI-Region>.oraclecloud.com:443

Example (US East - Ashburn):
curl -v https://swiftobjectstorage.us-ashburn-1.oraclecloud.com:443

Oracle Cloud Infrastructure Documentation

Prerequisites