Select an Intercloud Connectivity Method

You can connect your workloads running on Oracle Cloud with the workloads deployed on other clouds by using the public internet, IPSec VPN tunnels, or a direct intercloud connection.

About the Connectivity Options

Depending on your security and latency requirements, you can choose an appropriate connectivity method or a combination of methods.

  • Public internet: The traffic between Oracle Cloud and the cloud providers traverses the public internet. You can access your workloads on Oracle Cloud from any internet-connected device.
  • IPSec VPN: The packets to and from Oracle Cloud are encrypted and transported through IPSec VPN tunnels.
  • Direct connection: Certain cloud providers offer dedicated connections to the cloud, bypassing the public internet. Oracle Cloud Infrastructure FastConnect enables you to set up dedicated, low latency, private connections to Oracle Cloud.

Considerations for Selecting a Connectivity Method

Understand the relative merits of the available intercloud connection methods, and select a method that meets your business and technical requirements.

  • Public Internet:

    The public internet is the simplest and most readily available method to connect other clouds with Oracle Cloud. This connection method doesn't require any setup or configuration.

    But the latency and bandwidth of the public internet aren't predictable. The quality of service varies depending on the internet service provider (ISP) and your contract with the ISP. The cost isn't predictable either. And this method is the least secure of the available methods.

  • IPSec VPN:

    IPSec VPN tunnels provide more secure connectivity. Each packet is encrypted before it is transported. The encrypted packet is encapsulated to form a new IP packet, which has different header information than the original packet. The internal IP addresses of the networks and nodes at either end of the tunnel are hidden from external users. So the risk of information theft is lower when compared with traffic traversing the public internet.

    IPSec VPN tunnels that you create by using the Oracle Cloud Infrastructure VPN Connect service provide the following advantages:
    • Each VPN connection consists of redundant IPSec tunnels. You can configure each tunnel to use either static routing or Border Gateway Protocol (BGP) routing. With BGP routing, the gateway at the Oracle end advertises the subnets in Oracle Cloud, and the gateway learns the routes from the remote cloud dynamically.
    • When required, you can change the routing type, one tunnel at a time. So the VPN connection isn't affected while you change the routing type.

    But because IPSec VPN tunnels still use the public internet, the latency and bandwidth aren't predictable. The quality of service varies depending on the ISP.

  • Direct Intercloud Connection:

    Direct connections can support higher bandwidth when compared with internet-based connections. Such connections are dedicated and private; so the networking experience is more reliable, and the latency is predictable. Because direct connections bypass the public internet, the traffic to and from Oracle Cloud is secure.

    You can set up direct intercloud connectivity using any of the following methods:
    • Connect through a cloud exchange provider such as Megaport or Equinix.

      You can either use a virtual router service from the exchange provider or deploy a dedicated physical router at the exchange provider's site. Setting up a virtual router service is easier. A dedicated physical router requires more effort and money to set up and maintain, but it provides greater routing flexibility.

      To connect through a cloud exchange provider, you should set up an Oracle Cloud Infrastructure FastConnect circuit to the exchange provider, connect your other cloud to the exchange provider, and then configure the router (virtual or physical) at the exchange provider.

    • Use a direct cross-cloud interconnect service.

      For direct networking between Oracle Cloud and Microsoft Azure, you can set up a connection between a FastConnect circuit in Oracle Cloud and an ExpressRoute circuit in Microsoft Azure.

      This method is simpler than connecting through an exchange provider.

      Oracle Cloud Infrastructure FastConnect provides 1G and 10G bandwidth options. Oracle charges a flat port-hour fee based on the bandwidth option that you choose. There's no separate charge for data transfer. FastConnect uses BGP routing. The gateway at the Oracle end advertises the subnets in Oracle Cloud, and the gateway learns the routes from the remote cloud dynamically.

The following table summarizes the relative merits and disadvantages of the intercloud connection methods:

Method Latency Cost Reliability Security
Public internet Variable Variable Variable Least secure
IPSec VPN Variable Variable Variable Traffic is encrypted, but the tunnel is through the public internet
Direct connection Low, and predictable Predictable Most reliable Most secure; traffic traverses a private connection

For redundancy, you can use a combination of methods to Oracle Cloud with other cloud providers. For example, use both direct connections and VPN, or use multiple VPN connections.