Connect Your On-Premises Network Using FastConnect

Private lines have connected different locations for a long time. Extending your on-premises network to the cloud happens more often now, and using private lines meets the most demanding requirements. Oracle Cloud Infrastructure FastConnect provides an easy way to create a dedicated, private connection between your data center or existing network and Oracle Cloud Infrastructure.

Using FastConnect to extend your on-premises network offers the following advantages:
  • Higher bandwidth and lower latency

  • Flexibility of the type of peering: public, private, or both

  • SLAs that are not available on public lines

Architecture

This reference architecture shows how to set up a FastConnect connection between your on-premises network and virtual cloud network (VCN).

The following diagram illustrates this architecture.

Description of fastconnect-single-vc.png follows
Description of the illustration fastconnect-single-vc.png
This architecture has the following components:
  • On-premises network

    The local network used by your organization.

  • FastConnect

    Creates a dedicated, private connection between your local network and your Oracle Cloud Infrastructure VCN.

  • Virtual cloud network (VCN)

    A virtual, private network set up in Oracle data centers.

  • Subnets

    Subdivisions that you define within a VCN. A subnet has a contiguous range of IP addresses that don’t overlap with other subnets in the VCN.

  • Dynamic routing gateway (DRG)

    A virtual router added to your VCN to provide a path for private network traffic between your VCN and on-premises network (transit routing).

  • IPv4 and IPv6

    Address schemes used for the networks. IPv6 is supported only in US Government Cloud.

  • Border Gateway Protocol (BGP) routing

    Allows routes to be learned dynamically. The DRG dynamically learns the routes from your on-premises network. On the Oracle side, the DRG advertises the VCN's subnets.

  • Private peering

    Extends existing infrastructure by using private IP addresses.

  • Public peering

    Allows public Oracle Cloud Infrastructure services to be accessed using a private connection instead of the internet.

  • Virtual circuit

    The private path used to connect on-premises and Oracle Cloud Infrastructure. It can include multiples lines, physical or logical, depending on the requirements and capabilities of the line provider.

Recommendations

Your requirements might differ from the architecture described here. Use the following recommendations as a starting point.

  • VCN

    When you create the VCN, determine how many IP addresses your cloud resources in each subnet require. Using Classless Inter-Domain Routing (CIDR) notation, specify a subnet mask and a network address range large enough for the required IP addresses. Use an address space that falls within the standard private IP address blocks.

    Choose an address range that doesn't overlap with your on-premises network, in case you need to set up a connection between the VCN and your on-premises network later.

    After you create the VCN, you can't change the address range.

    When you design the subnets, consider functionality and security requirements. All compute instances within the same tier or role should go into the same subnet, which can be a security boundary.

  • Security lists

    Use security lists to define ingress and egress rules that apply to the entire subnet.

Considerations

  • Performance

    FastConnect offers two tiers: 1 Gbps and 10 Gbps. These values are the maximum throughput used in each tier. The virtual circuit throughput should be equal to or lower than the selected port.

  • Security

    Communication happens over private lines, and the usual security controls should be applied, granting the appropriate access.

  • Availability

    FastConnect components are redundant, and Oracle offers resources that can be combined with any of the connectivity models to meet the requirements.

  • Cost

    FastConnect ports are billed per hour. There is no charge for egress or ingress traffic. The cost of the virtual circuit is not included with the port.