Note:
- This tutorial requires access to Oracle Cloud. To sign up for a free account, see Get started with Oracle Cloud Infrastructure Free Tier.
- It uses example values for Oracle Cloud Infrastructure credentials, tenancy, and compartments. When completing your lab, substitute these values with ones specific to your cloud environment.
Enable multicloud cross-region interconnectivity between Microsoft Azure and Oracle Cloud Infrastructure
Introduction
To create an integrated multicloud experience, Microsoft and Oracle offer direct interconnection between Microsoft Azure and Oracle Cloud Infrastructure (OCI) using Microsoft Azure ExpressRoute and OCI FastConnect. The Microsoft Azure ExpressRoute and OCI FastConnect interconnection, provides low latency, high throughput, and private direct connectivity between the two clouds.
You can set up the interconnection between Microsoft Azure and Oracle Cloud Infrastructure using instructions provided in this step-by-step guide. Once the interconnect is set up, you must connect Virtual Network to ExpressRoute.
This tutorial outlines how you can extend interconnected cross-region connectivity using ExpressRoute cross connection and OCI region peering.
Objective
Enable cross-region connectivity between Oracle Cloud Infrastructure and Microsoft Azure environment through OCI-Azure Interconnect network connectivity. We have covered deploying the environment within Azure and OCI and validating network connectivity between OCI/Azure interconnected regions.
Prerequisites
- An active Microsoft Azure subscription and an active OCI tenancy.
- An Azure ExpressRoute peering location in proximity to or in the same peering location as OCI FastConnect. For more information, see Region Availability.
- Configure direct connectivity between Azure and OCI interconnected regions successfully. For more information, see Configure Direct Connectivity between ExpressRoute and FastConnect.
- Familiarity with networking and cloud services, including OCI FastConnect and Azure ExpressRoute.
- Understanding of OCI Azure Interconnect is required.
Audience
This tutorial is intended for Cloud Service Provider professionals and multicloud administrators.
Architecture
Below is a sample network topology and high level architecture of the solution.
You can refer to this architecture when you want to extend interconnected region connectivity using ExpressRoute cross connections and region peering within OCI regions.
Task 1: Configure Virtual Network and Subnet on Azure
-
Sign in to the Azure Portal.
-
On the upper-left side of the screen, select Create a resource, Networking, Virtual network or search for Virtual network in the search box.
-
In the Create virtual network screen, enter or select this information in the Basics tab.
Project Details
- Subscription: Select your Azure subscription
- Resource Group: Select Create new, enter resource-group-name, then select OK, or select an existing resource-group-name based on parameters.
Instance details
-
Name: Enter virtual-network-name.
-
Region: Select region-name.
-
Select the IP Addresses tab or select the Next: IP Addresses button at the end of the page.
-
In the IP Addresses tab, enter the following information.
- IPv4 address space: Enter ipv4-address-range; Example: 10.20.0.0/16 for US East Region, 10.40.0.0/16 for US West3 Region.
-
Under Subnet name, select the word default.
-
In Edit subnet, enter the following information.
- Subnet name: Enter subnet-name.
- Subnet address range: Enter subnet-address-range; Example: 10.20.1.0/24 for Compute Subnet in US East , 10.40.1.0/24 for Compute Subnet in US West3.
-
Select Save.
-
Select the Review + create tab or select the Review + create button.
-
Select Create.
Repeat Steps 1-9 for both Interconnected Regions and then proceed to the next section to create Gateway Subnets and Virtual Network Gateways.
Task 2: Create a Gateway Subnet and Virtual Network Gateway on Azure
-
In this section, you’ll create Gateway Subnets, Virtual Network Gateways and the following tables describe the minimum parameters required.
Gateway Subnet Parameters
Parameter Value gateway-subnet-name GatewaySubnet name filled automatically. subnet-address-range Enter Gateway Subnet Address Range. Example: 10.20.0.0/24 for US East VNET, 10.40.0.0/24 for US West3 VNET. VNET Gateway parameters
Setting Value Project Details Subscription Select your Azure subscription. Resource Group This will be automatically selected on your VNET selection. Gateway details Name Enter gateway-name. Region Select (US) East US or Region where you have created VNET. Gateway type Select ExpressRoute. SKU Select the Gateway SKU from the drop-down list. Virtual Network Select VNET created earlier within your region. Public IP Address Public IP address Select Create new. Public IP address name Enter a name for Public IP address. -
You can follow the step-by-step guide to create a Gateway Subnet and Virtual Network Gateway. Once you have created the required resources in both Azure Regions, proceed to the next section to create a Virtual Network Gateway ExpressRoute connection.
Task 3: Connect your ExpressRoute Circuit to the Virtual Network Gateway via a connection on Azure
-
In this section, you’ll create an ExpressRoute Circuit connection to the Virtual Network Gateway and the following table describes the minimum required parameters.
Parameter Value Subscription Select your subscription. Resource Group your-resource-group. Select the resource group which you must have created during prerequisite steps. connection-type Select ExpressRoute Name Enter Connection Name Region Select (US) East US or Region where you have created VNET Gateway. virtual-network-gateway Select VNET gateway created earlier. expressroute-circuit Select ExpressRoute Circuit created in pre-requisites steps. -
You can follow the step-by-step guide to create a ExpressRoute connection. Once you have created required connections in both Azure Regions, proceed to next section to enable cross connection on ExpressRoute Circuits.
Note: [Optional] You can also enable Global Reach at ExpressRoute level to support connectivity from either on-premises or a fall back option between OCI region peering to support connectivity. To learn more about Global reach, check this step-by-step guide.
Task 4: Create ExpressRoute cross connections using Virtual Network Gateways on Azure
-
In this section, you’ll create ExpressRoute cross connections using Virtual Network Gateways at each ExpressRoute circuits and the following table describes the minimum required parameters.
Parameter Value Subscription Select your subscription. Resource group Select your-resource-group. Select the resource group which you must have created during pre-reqs steps. connection-type Select ExpressRoute Name Enter connection-name Region Select (US) East US or Region where you have created VNET Gateway. virtual-network-gateway Select VNET gateway created earlier. Choose different VNET Gateway to have a cross connection expressroute-circuit Select ExpressRoute Circuit created in pre-requisites steps. -
You can follow the step-by-step guide to create VNET ExpressRoute connections in each cross-region using VNET Gateways. Once you have created connections in both the ExpressRoute circuits, proceed to the next section to create Virtual machines to validate the traffic between Azure and OCI.
Task 5: Create virtual machine on Azure
In this section you will create virtual machines to validate the connectivity from Azure to Oracle Cloud Infrastructure.
-
On the upper-left side of the screen in the Azure portal, select Create a resource, Compute, Virtual machine.
-
In Create a virtual machine - Basics, enter or select this information.
Setting Value Project details Subscription Select your subscription. Resource group Select your-resource-group. Select the resource group which you have created during prerequisite steps. Instance details Virtual machine name Enter vm-name. Region Select (US) East US or Region where you are deploying. Availability options Leave the default No infrastructure redundancy. required. Image Select Ubuntu Server 18.04 LTS - Gen1. Size Select Standard_B2s. Administrator account Authentication type Select Password. You can also choose SSH based authentication and update required value as needed. Username Enter a user name. Password Enter a password. The password must be at least 12 characters long and meet the defined complexity requirements. Confirm Password Re-enter password. Inbound port rules Public inbound ports Select None. -
Select Next: Disks.
-
In Create a virtual machine - Disks, leave the defaults and select Next: Networking.
-
In Create a virtual machine - Networking, select this information:
Setting Value Virtual network Select virtual-network. Subnet Select compute-subnet. Example: 10.20.1.0/24 in US East Region. Public IP Leave the default (new) my-vm-ip. Public inbound ports Select Allow selected ports. Select inbound ports Select SSH. -
Select Review + create. You’re taken to the Review + create page where Azure validates your configuration.
-
When you see the Validation passed message, select Create.
Repeat Steps 1-7 for both region VMs and proceed to the next section to create required resources on Oracle Cloud Infrastructure.
Task 6: Create resources on Oracle Cloud Infrastructure
In this section you will create the required resources to support validation from OCI console within interconnected regions. In the OCI console, create following resources in each region:
- Create a Virtual Cloud Network with a Compute Subnet.
- Create a VCN attachment to DRG created in the prerequisite steps which has OCI/Azure Interconnection virtual circuit.
- Create a Virtual Machine within Compute Subnet and update required routes/security lists to connect with Azure VNETs.
- Extend Virtual Cloud Network connectivity to Azure VNET via DRG. You can follow this step-by-step guide.
You can follow this step-by-step guide to create a VM and complete required Virtual Cloud Network/Subnet set up. You need to follow this step-by-step guide to establish region peering between OCI Regions through DRG.
Once you have created the required resources and configuration based on architecture, proceed to the next section to validate interconnected regions connectivity.
Task 7: Validate the traffic in OCI/Azure Interconnect
In this section, you will connect to Linux VMs of both Cloud Providers and do a ping test to check the connectivity.
-
Connect to Linux VMs on both cloud providers using your terminal.
-
Initiate a ICMP RTT from Azure VMs to OCI VMs and vice-versa.
-
This will ensure network connectivity.
-
Below table shows a connectivity test performed based on shared network topology and reflects you can reach from OCI Ashburn, OCI Phoenix to US East, US West3 and vice-versa.
Traffic Validation SRIOV/Accelerated Networking ICMP RTT (Milliseconds) OCI Ashburn VM to Azure US East VM; 10.10.0.168 > 10.20.1.4 yes 2.2 OCI Ashburn VM to Azure US West3 VM; 10.10.0.168 > 10.40.1.4 yes 48.47 OCI Ashburn VM to OCI PHX VM; 10.10.0.168 > 10.30.0.194 yes 58.75 OCI PHX VM to Azure US East VM; 10.30.0.194 > 10.20.1.4 yes 62.00 OCI PHX VM to Azure US West3 VM; 10.30.0.194 > 10.40.1.4 yes 2.2 OCI PHX VM to OCI Ashburn VM; 10.30.0.194 > 10.10.0.168 yes 49.0 Azure US East VM to OCI Ashburn VM; 10.20.1.4 > 10.10.0.168 yes 2.3 Azure US East VM to OCI PHX VM; 10.20.1.4 > 10.30.0.194 yes 61.7 Azure US East VM to Azure US West3 VM; 10.20.1.4 > 10.40.1.4 yes 52.9 Azure US West3 VM to OCI Ashburn VM; 10.40.1.4 > 10.20.1.4 yes 59.5 Azure US West3 VM to OCI PHX VM; 10.40.1.4 > 10.30.0.194 yes 2.2 Azure US West3 VM to Azure US East VM; 10.40.1.4 > 10.30.1.4 yes 62.0 -
ICMP RTT between Azure and OCI reflects connectivity established between regions using ExpressRoute cross connection and regions peering as per our network topology.
-
Note: The above table reflects ICMP RTT as a reference point which could vary depending on the regions and use-case architecture. It is recommended to do a POC.
-
You can find more information about Azure latency between regions in Microsoft Learn: Azure network round-trip latency statistics.
-
For more information on how to test Virtual Machine latency, see Microsoft Learn: Test Azure virtual machine network latency in an Azure virtual network.
-
Note: You can validate DR failover using disabling ExpressRoute private peering option to ensure traffic: Microsoft Learn: Azure ExpressRoute: Reset circuit peering by using the Azure portal.
-
Task 8: Clean up resources
After you are done using the resources, delete the resource group and associated resources.
-
Delete the interconnect link if you haven’t done already. For details see the step-by-step guide.
-
Enter your-resource-group-name in the Search box at the top of the portal and select your-resource-group-name from the search results.
-
Select Delete resource group.
-
Enter your-resource-group-name for TYPE THE RESOURCE GROUP NAME and select Delete.
-
Similarly delete the resources in Oracle Cloud Infrastructure.
Related Links
Acknowledgments
- Author - Arun Poonia, Principal Solution Architect
- Contributor - Daniel Mauser, Principal Solutions Specialist Global Black Belt – Azure Networking
More Learning Resources
Explore other labs on docs.oracle.com/learn or access more free learning content on the Oracle Learning YouTube channel. Additionally, visit education.oracle.com/learning-explorer to become an Oracle Learning Explorer.
For product documentation, visit Oracle Help Center.
Enable multicloud cross-region interconnectivity between Microsoft Azure and Oracle Cloud Infrastructure
F81089-02
July 2023
Copyright © 2023, Oracle and/or its affiliates.