Connect Your On-Premises Network Using FastConnect

Private lines have connected different locations for a long time. Extending your on-premises network to the cloud happens more often now, and using private lines meets the most demanding requirements. Oracle Cloud Infrastructure FastConnect provides an easy way to create a dedicated, private connection between your data center or existing network and Oracle Cloud Infrastructure.

Using FastConnect to extend your on-premises network offers the following advantages:

• Higher bandwidth and lower latency

• Flexibility of the type of peering: public, private, or both

• SLAs that are not available on public lines

Architecture

This reference architecture shows how to set up a FastConnect connection between your on-premises network and virtual cloud network (VCN).

The following diagram illustrates this architecture.

Description of the illustration fastconnect-single-vc.png

fastconnect-single-vc-oracle.zip

This architecture has the following components:

• On-premises network

  The local network used by your organization.

• FastConnect

  Oracle Cloud Infrastructure FastConnect provides an easy way to create a dedicated, private connection between your data center and Oracle Cloud Infrastructure. FastConnect provides higher-bandwidth options and a more reliable networking experience when compared with internet-based connections.

• Virtual cloud network (VCN) and subnet

  A VCN is a customizable, software-defined network that you set up in an Oracle Cloud Infrastructure region. Like traditional data center networks, VCNs give you complete control over your network environment. A VCN can have multiple non-overlapping CIDR blocks that you can change after you create the VCN. You can segment a VCN into subnets, which can be scoped to a region or to an availability domain. Each subnet consists of a contiguous range of addresses that don't overlap with the other subnets in the VCN. You can change the size of a subnet after creation. A subnet can be public or private.

• Subnets

  Subdivisions that you define within a VCN. A subnet has a contiguous range of IP addresses that don’t overlap with other subnets in the VCN.

• Dynamic routing gateway (DRG)

  The DRG is a virtual router that provides a path for private network traffic between VCNs in the same region, between a VCN and a network outside the region, such as a VCN in another Oracle Cloud Infrastructure region, an on-premises network, or a network in another cloud provider.

• IPv4 and IPv6

  Address schemes used for the networks. IPv6 is supported only in US Government Cloud.

• Private peering

  Extends existing infrastructure by using private IP addresses.

• Public peering

  Allows public Oracle Cloud Infrastructure services to be accessed using a private connection instead of the internet.

• Virtual circuit

  The private path used to connect on-premises and Oracle Cloud Infrastructure. It can include multiples lines, physical or logical, depending on the requirements and capabilities of the line provider.

Recommendations

Your requirements might differ from the architecture described here. Use the following recommendations as a starting point.

• VCN

  When you create a VCN, determine the number of CIDR blocks required and the size of each block based on the number of resources that you plan to attach to subnets in the VCN. Use CIDR blocks that are within the standard private IP address space.

  After you create a VCN, you can change, add, and remove its CIDR blocks.

  When you design the subnets, consider your traffic flow and security requirements. Attach all the resources within a specific tier or role to the same subnet, which can serve as a security boundary.

• Security lists

  Use security lists to define ingress and egress rules that apply to the entire subnet.

Considerations

• Performance

  FastConnect offers two tiers: 1 Gbps and 10 Gbps. These values are the maximum throughput used in each tier. The virtual circuit throughput should be equal to or lower than the selected port.

• Security

  Communication happens over private lines, and the usual security controls should be applied, granting the appropriate access.

• Availability

  FastConnect components are redundant, and Oracle offers resources that can be combined with any of the connectivity models to meet the requirements.

• Cost

  FastConnect ports are billed per hour. There is no charge for egress or ingress traffic. The cost of the virtual circuit is not included with the port.

More Information

• FastConnect Overview
• FastConnect Requirements
• FastConnect Redundancy and Best Practices
• Best practices framework for Oracle Cloud Infrastructure
• Oracle Cloud Infrastructure documentation
• Oracle Cloud Cost Estimator

Change Log

This log lists significant changes:

September 2, 2022

Added the option to download editable versions (.SVG and .DRAWIO) of the architecture diagram. Enhanced the content in Architecture, Recommendations, and Considerations.