Networking
Networking
Networking Overview
Networking Components
Allowed VCN Size and Address Ranges
Availability Domains and Your VCN
Default Components that Come With Your VCN
Connectivity Choices
Public vs. Private Subnets
How IP Addresses Are Assigned
Access to the Internet
Access to Public Oracle Cloud Infrastructure Services
Access to Your On-Premises Network
Access to Another VCN
Connection to Oracle Cloud Infrastructure Classic
Connection to Microsoft Azure
Connection to Other Clouds with Libreswan
Networking Scenarios
Regions and Availability Domains
Public IP Address Ranges
IP Addresses Reserved for Use by Oracle
Creating Automation with Events
Resource Identifiers
Ways to Access Oracle Cloud Infrastructure
Authentication and Authorization
IAM Policies for Networking
Limits on Your Networking Components
Networking Scenarios
Scenario A: Public Subnets
Required IAM Policy
Setting Up Scenario A in the Console
Task 1: Create the VCN
Task 2: Create the regional public subnet
Task 3: Create the internet gateway
Task 4: Update the default route table to use the internet gateway
Task 5: Update the default security list
Task 6: Create instances in separate availability domains
Setting Up Scenario A with the API
Scenario B: Private Subnets with a VPN
Prerequisites
Setting Up Scenario B
Task 1: Set up the VCN and subnet
Task 2: Create instances in separate availability domains
Task 3: Add Site-to-Site VPN to your VCN
Task 4: Configure your CPE
Using the API
Scenario C: Public and Private Subnets with a VPN
Prerequisites
Setting Up Scenario C
Task 1: Set up the VCN and subnets
Example: Ingress RDP access required for Windows instances
Example: Egress SQL*Net access to Oracle databases
Example: Egress SQL*Net access to instances in the private subnet
Task 2: Create instances in separate availability domains
Task 3: Add Site-to-Site VPN to your VCN
Task 4: Configure your on-premises router (CPE)
Using the API
Remote on-ramp
Step 1: Create new DRG route tables
Step 2: Create an import route distribution for "RT-VCN"
Step 3: Create an import route distribution for "RT-OnPrem"
Step 4: Create an import route distribution for "RT-RPC"
Step 5: Reassign the attachment route tables
Routing traffic through a central network virtual appliance
Task 1: Create DRG
Task 2: Attach the spoke VCNs
Task 3: Attach the hub VCN
Task 4: Create the DRG route table sending ingress traffic to the network virtual appliance
Task 5: Update the route table of spoke VCN attachments
Task 6: Create an import route distribution
Task 7: Create a DRG route table for ingress from VCN-Hub
Task 8: Update VCN-Hub's attachment
Task 9: Configure routing inside VCN-Hub route tables
Task 10: Configure VCN egress routing
Enabling north-south traffic through a network virtual appliance
Transit Routing: Private Access to Oracle Services
Highlights
Overview of the Oracle Services Network
Overview of On-Premises Network Private Access to Oracle Services
Transit Routing Options for Private Access to Oracle Services
Transit routing directly through gateways
Transit routing through a private IP in the VCN
Important Transit Routing Restrictions to Understand
Required IAM Policy
Setting Up Private Access to Oracle Services
For routing directly between gateways
For routing through a private IP
Turning Off Transit Routing
Transit Routing: Access to Multiple VCNs in Same Region
Highlights
Overview of Transit Routing
Example: Components and Routing for a Hub and Single Spoke
For transit routing directly through gateways
For transit routing through a private IP
Important Transit Routing Restrictions to Understand
About CIDR Overlap
Route Advertisement to the On-Premises Network and Spoke VCNs
Details About Routing for Different Traffic Paths
Traffic from the on-premises network to the spoke VCN
Traffic from the spoke VCN to the on-premises network
Traffic from the spoke VCN to a subnet in the hub VCN (routing directly between gateways only)
Required IAM Policy
Setting Up VCN Transit Routing in the Console
For routing directly between gateways
Task 1: Set up the hub VCN
Task 2: Connect the hub VCN with your on-premises network
Task 3: Set up a spoke VCN with at least one subnet
Task 4: Set up a local peering between the hub VCN and the spoke VCN
Task 5: Add a route rule to the spoke VCN's subnet
Task 6: Set up ingress routing for the DRG and LPG on the hub VCN
Later if you need more spoke VCNs
For routing through a private IP
Task 1: Set up the hub VCN
Task 2: Connect the hub VCN with your on-premises network
Task 3: Set up a spoke VCN with at least one subnet
Task 4: Set up a local peering between the hub VCN and the spoke VCN
Task 5: Add a route rule to the spoke VCN's subnet
Task 6: Set up the private IPs on an instance in the hub VCN
Task 7: Set up ingress routing for the DRG and LPG on the hub VCN
Later if you need more spoke VCNs
Turning Off Transit Routing
Changes to the API
FastConnect with Multiple DRGs and VCNs
Highlights
Overview of the Scenario
General Setup Process
Virtual Networking Quickstart
Create VCN with Internet Connectivity
Add Internet Connectivity and Site-to-Site VPN to a VCN
VCNs and Subnets
Overview of VCNs and Subnets
VCN and Subnet Limits
Working with VCNs and Subnets
DNS in Your Virtual Cloud Network
Choices for DNS in Your VCN
About the DNS Domains and Hostnames
If you create a VCN and subnets with the Console
If you create a VCN and subnets with the API
Scenario 1: Use Internet and VCN Resolver with DNS Hostnames Across the VCN
Scenario 2: Use a Private DNS Resolver to Resolve DNS Hostnames
Scenario 3: Use Different DHCP Options Per Subnet
Private DNS resolvers
Private Resolver Tasks
Adding a Private View to a Resolver
Using the Console
Using the CLI
Using the API
Removing a Private View From a Resolver
Using the Console
Using the CLI
Using the API
Listing Resolvers
Using the Console
Using the CLI
Using the API
Getting a Resolver's Details
Using the Console
Using the CLI
Using the API
Editing a Resolver
Using the Console
Using the CLI
Using the API
Moving a Resolver Between Compartments
Using the Console
Using the CLI
Using the API
Resolver Endpoints
Resolver Endpoint Tasks
Creating a Resolver Endpoint
Using the Console
Using the CLI
Using the API
Listing Resolver Endpoints
Using the Console
Using the CLI
Using the API
Getting a Resolver Endpoint's Details
Using the Console
Using the CLI
Using the API
Adding a Network Security Group (NSG) to a Resolver Endpoint
Using the Console
Removing a Network Security Group (NSG) from a Resolver Endpoint
Using the Console
Deleting a Resolver Endpoint
Using the Console
Using the CLI
Using the API
Resolver Rules
Resolver Rule Tasks
Creating a Resolver Rule
Using the Console
Editing a Resolver Rule
Using the Console
Removing a Resolver Rule
Using the Console
Reverse DNS (PTR)
VCN and Subnet Management
Creating a VCN
Using the Console
Using the CLI
Using the API
Listing VCNs
Using the Console
Using the CLI
Using the API
Getting a VCN's Details
Using the Console
Using the CLI
Using the API
Updating a VCN
Using the Console
Using the CLI
Using the API
Attaching a VCN to a DRG
Using the Console
Using the CLI
Using the API
Adding IP Address Ranges to a VCN
Using the Console
Using the CLI
Using the API
Changing a VCN's IPv4 CIDR blocks
Using the Console
Using the CLI
Using the API
Removing an IPv4 CIDR Block or IPv6 Prefix from a VCN
Using the Console
Using the CLI
Using the API
Tagging a VCN
Using the Console
Using the CLI
Using the API
Moving a VCN Between Compartments
Using the Console
Using the CLI
Using the API
Deleting a VCN
Using the Console
Using the CLI
Using the API
Creating a Subnet
Using the Console
Using the CLI
Using the API
Listing Subnets
Using the Console
Using the CLI
Using the API
Getting a Subnet's Details
Using the Console
Using the CLI
Using the API
Editing a Subnet
Using the Console
Using the CLI
Using the API
Adding an IPv6 Prefix to a Subnet
Using the Console
Using the CLI
Using the API
Removing an IPv6 Prefix from a Subnet
Using the Console
Using the CLI
Using the API
Moving a Subnet to a Different Compartment
Using the Console
Using the CLI
Using the API
Tagging a Subnet
Using the Console
Using the CLI
Using the API
Deleting a Subnet
Using the Console
Using the CLI
Using the API
Route Tables
Overview of Routing for Your VCN
Route Table Limits
Using a Private IP as a Route Target
Working with VCN Route Tables and Route Rules
To route a subnet's traffic to a DRG
To associate a VCN route table with an existing DRG attachment
Creating a VCN Route Table
Using the Console
Using the CLI
Using the API
Listing VCN Route Tables
Using the Console
Using the CLI
Using the API
Getting a VCN Route Table's Details
Using the Console
Using the CLI
Using the API
Updating a VCN Route Table's Rules
Using the Console
Using the CLI
Using the API
Changing Which VCN Route Table a Subnet Uses
Using the Console
Using the CLI
Using the API
Moving a VCN Route Table to a Different Compartment
Using the Console
Using the CLI
Using the API
Tagging a VCN Route Table
Using the Console
Using the CLI
Using the API
Deleting a VCN Route Table
Using the Console
Using the CLI
Using the API
Access and Security
Ways to Secure Your Network
Access Control
Compartments and Your Cloud Network
IAM Policies for Networking
Security Rules
Comparison of Security Lists and Network Security Groups
Security List Limits
Network Security Group Limits
Best Practices for Security Rules
If You Use Both Security Lists and Network Security Groups
Parts of a Security Rule
Stateful Versus Stateless Rules
Rules to Enable Ping
Rules to Handle Fragmented UDP Packets
Network Security Groups
Highlights
Support for Network Security Groups
Overview of Network Security Groups
Security Rules
Using the API
Working with Network Security Groups
Network Security Group Management
Creating an NSG
Using the Console
Using the CLI
Using the API
Listing NSGs
Using the Console
Using the CLI
Using the API
Getting an NSG's Details
Using the Console
Using the CLI
Using the API
Adding or Removing a Resource from an NSG
Example: Compute Instances
Example: Exadata Cloud VM Cluster
Managing Security Rules for an NSG
Using the Console
Using the CLI
Using the API
Moving an NSG to a Different Compartment
Using the Console
Using the CLI
Using the API
Managing Tags for an NSG
Using the Console
Using the CLI
Using the API
Deleting an NSG
Using the Console
Using the CLI
Using the API
Security Lists
Highlights
Overview of Security Lists
Default Security List
Security Rules for IPv6 Traffic
Security Rules
Working with Security Lists
Creating a Security List
Using the Console
Using the CLI
Using the API
Listing Security Lists
Using the Console
Using the CLI
Using the API
Getting Details for a Security List
Using the Console
Using the CLI
Using the API
Updating Rules in a Security List
Using the Console
Using the CLI
Using the API
Changing Which Security Lists a Subnet Uses
Using the Console
Using the CLI
Using the API
Tagging Security Lists
Using the Console
Using the CLI
Using the API
Moving a Security List to a Different Compartment
Using the Console
Using the CLI
Using the API
Deleting a Security List
Using the Console
Using the CLI
Using the API
Virtual Network Interface Cards (VNICs)
Overview of VNICs and Physical NICs
Using the Console
To view an instance's VNICs
To create and attach a secondary VNIC
To update an existing VNIC
To add or remove a VNIC from a network security group
To detach and delete a secondary VNIC
To manage tags for a VNIC
Using the API
Oracle Linux: Configuring the OS for Secondary VNICs
Windows: Configuring the OS for Secondary VNICs
Windows VM instances
Windows bare metal instances: adding the first secondary VNIC
Windows bare metal instances: adding additional secondary VNICs
IP Addresses and DNS in Your VCN
Private IP Addresses
Overview of IP Addresses
Private IP Tasks
Assigning a New Secondary Private IP to a VNIC
Using the Console
Using the CLI
Using the API
Next Steps
Configuring Linux to Use a Secondary Private IP Address
For Oracle Linux and CentOS
For Ubuntu
Configuring Windows to Use a Secondary IP Addresses
Using a PowerShell Script
Using the Network and Sharing Center UI
Moving a Secondary Private IP Address to a Different VNIC
Using the Console
Using the CLI
Using the API
Listing Private IP Addresses
Using the Console
Using the CLI
Using the API
Getting a Private IP Address's Details
Using the Console
Using the CLI
Using the API
Editing Private IP Address Information
Using the Console
Using the CLI
Using the API
Managing Tags For a Private IP Address
Using the Console
Using the CLI
Using the API
Deleting a Private IP Address
Using the Console
Using the CLI
Using the API
Public IP Addresses
Overview of Public IP Addresses
Public IP Tasks
Choosing Whether an Ephemeral Public IP is Assigned at Instance Creation
Using the Console
Using the CLI
Using the API
Assigning an Ephemeral Public IP When Creating a Secondary VNIC
Using the Console
Using the CLI
Using the API
Assigning an Ephemeral Public IP to an Existing Primary Private IP
Using the Console
Using the CLI
Using the API
Changing the Display Name for an Ephemeral Public IP
Using the Console
Using the CLI
Using the API
Deleting an Ephemeral Public IP From an Instance
Using the Console
Using the CLI
Using the API
Viewing Reserved Public IP Addresses
Using the Console
Using the CLI
Using the API
Creating a Reserved Public IP
Using the Console
Using the CLI
Using the API
Deleting a Reserved Public IP
Using the Console
Using the CLI
Using the API
Assigning a Reserved Public IP to a Private IP
Using the Console
Using the CLI
Using the API
Unassigning a Reserved Public IP
Using the Console
Using the CLI
Using the API
Reassigning a Reserved Public IP to a Different Private IP
Using the Console
Using the CLI
Using the API
Changing the Display Name of a Reserved Public IP
Using the Console
Using the CLI
Using the API
Managing Tags for a Reserved Public IP
Using the Console
Using the CLI
Using the API
Moving a Reserved Public IP to a Different Compartment
Using the Console
Using the CLI
Using the API
Bring Your Own IP
Using the console
To import a BYOIP IPv4 CIDR block or IPv6 prefix
To view your BYOIP CIDR blocks and prefixes
To rename a BYOIP CIDR block or prefix
To remove a BYOIP IPV4 CIDR block from a pool
To delete a BYOIP IPv4 CIDR block or IPv6 prefix
To advertise a BYOIP CIDR block or prefix
To withdraw a BYOIP CIDR block
To divide a BYOIP IPv4 CIDR block and assign subranges to a public IP pool
To manage BYOIPv6 prefixes
Using the API
Public IP Pools
Managing IP pools using the console
To view your public IP pools
To create a public IP pool
To delete a public IP pool
To rename a public IP pool
To add CIDR blocks to a public IP pool
To remove CIDR blocks from an IP pool
To reserve a public IP
To move a public IP pool to another compartment
Using the API
IPv6 Addresses
Highlights
Overview of IPv6 Addresses
Example of Enabling IPv6 in your VCN
Routing for IPv6 Traffic
Security Rules for IPv6 Traffic
FastConnect and IPv6
Site-to-Site VPN and IPv6
DHCPv6
DNS
Load Balancers
Comparison of IPv4 and IPv6 for Your VCN
Setting Up an IPv6-Enabled VCN with Internet Access
Task 1: Create the IPv6-enabled VCN
Task 2: Create a regional IPv6-enabled public subnet
Task 3: Create the internet gateway
Task 4: Update the default route table to use the internet gateway
Task 5: Update the default security list (optional)
Task 6: Create an instance
Task 7: Add an IPv6 address to the instance
Task 8: Configure the instance's OS to use IPv6
Managing IPv6s in the Console
To create an IPv6-enabled VCN
To create an IPv6-enabled subnet
To assign an IPv6 address to a VNIC
To move an IPv6 address to another VNIC in the subnet
To delete an IPv6 address from a VNIC
Using the API
Configuring an Instance OS to use IPv6
IP Address Insights
Required IAM Policies
Viewing IP Address Insights
Using the Console
Using the CLI
Using the API
Viewing IP Address Insights of a Subnet
Using the Console
Using the CLI
Using the API
Viewing CIDR or Prefix Utilization of a Subnet
Using the Console
Using the CLI
Using the API
Creating Alarms
Using the Console
Deleting Alarms
Using the Console
DHCP Options
Overview of DHCP Options
Working with DHCP Options
Important Notes about Your Instances and DHCP Options
Using the Console
To view a VCN's set of default DHCP options
To update options in an existing set of DHCP options
To create a new set of DHCP options
To change which set of DHCP options a subnet uses
To delete a set of DHCP options
To manage tags for a set of DHCP options
To move a set of DHCP options to a different compartment
Using the API
Dynamic Routing Gateways (DRGs)
Overview of Dynamic Routing Gateways
DRG Routing
Using BGP to prefer routes from Oracle to your on-premises network
DRG Management
Creating a DRG
Using the Console
Using the CLI
Using the API
Listing DRGs
Using the Console
Using the CLI
Using the API
Getting a DRG's Details
Using the Console
Using the CLI
Using the API
Getting a List of DRG Attachments
Using the Console
Using the CLI
Using the API
Finding the DRG Upgrade Status
Using the Console
Using the CLI
Using the API
Getting the DRG Redundancy Status
Using the Console
Using the CLI
Using the API
Updating the Name of a DRG
Using the Console
Using the CLI
Using the API
Upgrading a DRG
Using the Console
Using the CLI
Using the API
Moving a DRG to a Different Compartment
Using the Console
Using the CLI
Using the API
Deleting a DRG
Using the Console
Using the CLI
Using the API
Attaching a DRG to a VCN
Using the Console
Using the CLI
Using the API
Attaching a DRG to a VCN in a Different Tenancy
Using the Console
Using the CLI
Using the API
Getting a DRG Attachment's Details
Using the Console
Using the CLI
Using the API
Listing DRG Attachments
Using the Console
Using the CLI
Using the API
Updating a DRG Attachment
Using the Console
Using the CLI
Using the API
Deleting a DRG Attachment
Using the Console
Using the CLI
Using the API
DRG Routing Management
Creating a DRG Route Table
Using the Console
Using the CLI
Using the API
Getting DRG Route Table Information
Using the Console
Using the CLI
Using the API
Listing DRG Route Tables
Using the Console
Using the CLI
Using the API
Updating a DRG Route Table
Using the Console
Using the CLI
Using the API
Deleting a DRG Route Table
Using the Console
Using the CLI
Using the API
Listing Route Rules in a DRG Route Table
Using the Console
Using the CLI
Using the API
Adding Static Route Rules to a DRG Route Table
Using the Console
Using the CLI
Using the API
Updating a Route Rule in a DRG Route Table
Using the Console
Using the CLI
Using the API
Removing a Route Rule from a DRG Route Table
Using the Console
Using the CLI
Using the API
Creating a Route Distribution
Using the Console
Using the CLI
Using the API
Getting Route Distribution Details
Using the Console
Using the CLI
Using the API
Listing Route Distributions
Using the Console
Using the CLI
Using the API
Updating a Route Distribution
Using the Console
Using the CLI
Using the API
Removing an Export Route Distribution from a DRG Route Table
Using the Console
Using the CLI
Using the API
Removing an Import Route Distribution from a DRG Route Table
Using the Console
Using the CLI
Using the API
Deleting a Route Distribution
Using the Console
Using the CLI
Using the API
Listing Route Distribution Statements
Using the Console
Using the CLI
Using the API
Adding a Route Distribution Statement
Using the Console
Using the CLI
Using the API
Updating a Route Distribution Statement
Using the Console
Using the CLI
Using the API
Delete a Route Distribution Statement
Using the Console
Using the CLI
Using the API
Remote Peering Management
Listing Remote Peering Connections
Using the Console
Using the CLI
Using the API
Getting Remote Peering Connection Details
Using the Console
Using the CLI
Using the API
Creating a Remote Peering Connection
Using the Console
Using the CLI
Using the API
Connecting Two Remote Peering Connections
Using the Console
Using the CLI
Using the API
Moving an RPC to a Different Compartment
Using the Console
Using the CLI
Using the API
Editing a Remote Peering Connection
Using the Console
Using the CLI
Using the API
Deleting a Remote Peering Connection
Using the Console
Using the CLI
Using the API
Site-to-Site VPN
Site-to-Site VPN Overview
Required Personnel and Knowledge
About the Oracle IPSec Connection
Routing for Site-to-Site VPN
Overview of Site-to-Site VPN Components
Resources for Configuring the CPE
Monitoring Your Connection
What's Next?
Site-to-Site VPN Quickstart
Purpose of the Wizard
Alternative to the Wizard
What the Wizard Creates for You
Where to Access the Wizard in the Console
Related Topics
Multiple Connections to Your On-Premises Network
DRG Route Advertisements to Your On-Premises Network
Using AS_PATH to prefer routes from Oracle to your on-premises network
Routing Preferences for Traffic from Your On-Premises Network to Oracle
Route Filtering
Related Resources
Supported IPSec Parameters
Supported Parameters for the Commercial Cloud
Supported Parameters for the Government Cloud
References
Configuring Your On-Premises Router for Site-to-Site VPN
Encryption domain for route-based tunnels
Encryption domains for policy-based tunnels
Setting Up Site-to-Site VPN
Before You Get Started
Overall Process
Example: Setting Up a Proof of Concept Site-to-Site VPN
Task 1: Gather information
Task 2a: Create the VCN
Task 2b: Create the DRG
Task 2c: Attach the DRG to the VCN
Task 2d: Create a route table and route rule for the DRG
Task 2e: Create a security list
Task 2f: Create a subnet
Task 2g: Create a CPE object and provide your CPE device's public IP address
Task 2h: Create an IPSec connection to the CPE object
For BGP dynamic routing
For static routing
For policy-based routing
Task 3: Use the CPE Configuration Helper
Task 4: Have your network engineer configure your CPE
Task 5: Validate connectivity
Example Layout with Multiple Geographic Areas
Example Layout with PAT
What's Next?
CPE Configuration
Requirements and Prerequisites
Site-to-Site VPN Best Practices
Confirming the Status of the Connection
Device Configurations
Verified CPE Devices
Using the CPE Configuration Helper
Overview of the Helper
Using the Helper
One-time prerequisite: Specify the CPE vendor
Open the Helper from one of three locations
Generate the content
If You Update Your Site-to-Site VPN
Related Topics
Check Point
Check Point: Route-Based
Best Practices
Caveats and Limitations
Encryption domain for route-based tunnels
Encryption domain for policy-based tunnels
If Your CPE Is Behind a NAT Device
Supported IPSec Parameters
CPE Configuration (Route-Based)
Task 1: InstallSite-to-Site VPN on Check Point CloudGuard Security Gateway
Task 2: Create the VTI interface from GAIA
Task 3: Create an interoperable device
Task 4: Create a VPN community
Task 5: Create a security policy
Task 6: Enable BGP
Task 7: Redistribute routes into BGP
Verification
Check Point: Policy-Based
Best Practices
Caveats and Limitations
Encryption domain for route-based tunnels
Encryption domain for policy-based tunnels
If Your CPE Is Behind a NAT Device
Supported IPSec Parameters
CPE Configuration (Policy-Based)
Task 1: Install Site-to-Site VPN on Check Point CloudGuard Security Gateway
Task 2: Configure IPSec settings for Check Point CloudGuard Security Gateway
Task 3: Create an interoperable device
Task 4: Create a VPN community
Task 5: Create a security policy (recommended for a production scenario)
Verification
Cisco ASA
Cisco ASA: Route-Based
Best Practices
Specific to Cisco ASA: Caveats and Limitations
Option 1: TCP MSS adjustment
Option 2: Clear/set the Don't Fragment bit
VPN Traffic Might Enter One Tunnel and Exit Another
General Caveats and Limitations
Encryption domain for route-based tunnels
Encryption domain for policy-based tunnels
If Your CPE Is Behind a NAT Device
Supported IPSec Parameters
CPE Configuration
IKEv1 Configuration Template
IKEv2 Configuration Template
Verification
Cisco ASA: Policy-Based
Best Practices
Specific to Cisco ASA: Caveats and Limitations
Option 1: TCP MSS adjustment
Option 2: Clear/set the Don't Fragment bit
General Caveats and Limitations
Encryption domain for route-based tunnels
Encryption domain for policy-based tunnels
Supported IPSec Parameters
CPE Configuration
IKEv1 Configuration Template
IKEv2 Configuration Template
Verification
Cisco IOS
Best Practices
Caveats and Limitations
Encryption domain for route-based tunnels
Encryption domain for policy-based tunnels
If Your CPE Is Behind a NAT Device
Supported IPSec Parameters
CPE Configuration
IKEv1 Configuration Template
IKEv2 Configuration Template
Verification
Fortigate
Best Practices
Caveats and Limitations
Encryption domain for route-based tunnels
Encryption domain for policy-based tunnels
If Your CPE Is Behind a NAT Device
Supported IPSec Parameters
CPE Configuration
Task 1: Use the wizard to create the VPN
Task 2: Add Phase 1 and Phase 2 parameters to each IPSec tunnel
Task 3: Verify the IPSec connection
To change the CPE IKE identifier that Oracle uses (Oracle Console)
Redundancy with BGP Over IPSec
Task 1: Edit the tunnel interface
Task 2: Add a static route for the Oracle IP address
Task 3: Configure BGP
Verification
Furukawa Electric
Before Starting
Parameters from API or Console
Parameters Based on Current CPE Configuration and State
Config Template Parameter Summary
ISAKMP Policy Options
IPSec Policy Options
CPE Configuration
Juniper MX
Best Practices
Caveats and Limitations
Encryption domain for route-based tunnels
Encryption domain for policy-based tunnels
Supported IPSec Parameters
CPE Configuration
Verification
Juniper SRX
Best Practices
Caveats and Limitations
Encryption domain for route-based tunnels
Encryption domain for policy-based tunnels
If Your CPE Is Behind a NAT Device
Supported IPSec Parameters
CPE Configuration
Verification
Libreswan
Best Practices
Caveats and Limitations
Encryption domain for route-based tunnels
Encryption domain for policy-based tunnels
If Your CPE Is Behind a NAT Device
Supported IPSec Parameters
CPE Configuration
Task 1: Prepare the Libreswan instance
Task 2: Determine the required configuration values
Task 3: Set up the configuration file: /etc/ipsec.d/oci-ipsec.conf
Task 4: Set up the secrets file: /etc/ipsec.d/oci-ipsec.secrets
Task 5: Restart the Libreswan configuration
Task 6: Configure IP routing
Verification
Strongswan
Best Practices
Caveats and Limitations
If Your CPE Is Behind a NAT Device
Supported IPSec Parameters
CPE Configuration
Task 1: Prepare the Strongswan instance
Task 2: Determine the required configuration values
Task 3: Set up the configuration file: /etc/strongswan/ipsec.conf
Task 4: Set up the secrets file: /etc/strongswan/ipsec.secrets
Task 5: VTI Creation
Task 6: Modify Routes
Task 7: Restart Strongswan
Task 8: Configure IP routing
Verification
Configure Dynamic Routing with Strongswan
NEC IX
Best Practices
Caveats and Limitations
Encryption domain for route-based tunnels
Encryption domain for policy-based tunnels
If Your CPE Is Behind a NAT Device
Supported IPSec Parameters
CPE Configuration
IKEv1 Configuration Template
IKEv2 Configuration Template
Openswan
How Openswan and Libreswan Are Related
Palo Alto
Best Practices
Caveats and Limitations
Encryption domain for route-based tunnels
Encryption domain for policy-based tunnels
If Your CPE Is Behind a NAT Device
Supported IPSec Parameters
CPE Configuration
Task 1: Configure the ISAKMP Phase 1 policy
Task 2: Define the ISAKMP peers
Task 3: Define the IPSec Phase 2 policy
Task 4: Configure the virtual tunnel interfaces
Task 5: Configure the IPSec sessions
Task 6: Configure BGP over IPSec
Subtask 6-a: Configure the BGP parameters
Subtask 6-b: Wait for the BGP sessions to establish and then check the BGP status
Subtask 6-c: Confirm that the BGP routes have been inserted in the route table
Configuring Static Routing
Changing the IKE Identifier
Verification
WatchGuard
Yamaha RTX Series
Before Starting
Parameters from API or Console
Parameters Based on Current CPE Configuration and State
Config Template Parameter Summary
ISAKMP Policy Options
IPSec Policy Options
CPE Configuration
Working with Site-to-Site VPN
Migrating to Policy-Based VPN
Viewing Tunnel Status and Configuration
To view the status and configuration information for the IPSec tunnels
Using the CPE Configuration Helper
Changing the Static Routes
To edit the static routes
Changing the CPE IKE Identifier That Oracle Uses
To change the CPE IKE identifier that Oracle uses
Using IKEv2
New IPSec connection: using IKEv2
Existing IPSec connection: upgrading to IKEv2
Changing the Shared Secret That an IPSec Tunnel Uses
To change the shared secret that an IPSec tunnel uses
Changing from Static Routing to BGP Dynamic Routing
To change from static routing to BGP dynamic routing
Monitoring Your Site-to-Site VPN
Viewing Your Site-to-Site VPN Log Messages
Disabling or Terminating Site-to-Site VPN
To delete an IPSec connection
To delete a CPE object
Managing Tags for an IPSec Connection or CPE Object
To manage tags for an IPSec connection
To manage tags for a CPE object
Moving an IPSec Connection or CPE Object to a Different Compartment
To move a CPE object to a different compartment
Managing Your DRG
Using the API for Site-to-Site VPN
VPN Connection to AWS
AWS - Create Temporary Customer Gateway
AWS - Create and Attach Virtual Private Gateway
AWS - Create VPN Connection
AWS - Download Configuration
OCI - Create CPE Object
OCI - Create IPSec Connection
AWS - Create New Customer Gateway
AWS - Modify VPN Connection for New Customer Gateway
Verification
VPN Connection to Azure
Azure - Create VPN Gateway
OCI - Create CPE Object
OCI - Create IPSec Connection
OCI - Change PFS
OCI - Save Site-to-Site VPN IP Address and Shared Secret
Azure - Create Local Network Gateway
Azure - Create a VPN Connection
Verification
VPN Connection to Google
GCP - Start VPN Configuration
OCI - Create CPE Object
OCI - Create IPSec Connection
OCI - Save Oracle VPN IP Address and Shared Secret
GCP - Create a VPN Peer Gateway
GCP - Create a Cloud Router
GCP - Complete configuring VPN Tunnel
GCP - Configure BGP Sessions
Verification
Site-to-Site VPN Metrics
Overview of Metrics: oci_vpn
Available Metrics: oci_vpn
Using the Console
To view default metrics charts for an individual tunnel in an IPSec connection
To view default metric charts for all IPSec connections in a compartment
Using the API
Site-to-Site VPN Troubleshooting
General Site-to-Site VPN Issues
Troubleshooting Site-to-Site VPN with a Policy-Based Configuration
BGP Session Troubleshooting for Site-to-Site VPN
Troubleshooting Redundant IPSec connections
FastConnect
FastConnect Overview
Uses for FastConnect
How and Where to Connect
Concepts
Basic Network Diagrams
To use FastConnect if you do not own a Public ASN or Public IP Address
FastConnect with Access to Multiple VCNs
What's Next?
FastConnect Security
IPSec over FastConnect
Loopback Attachments
TransportOnly Mode: Only Allowing Encrypted Traffic on a Virtual Circuit
MACsec Encryption
MACsec Hitless Key Rollover
FastConnect Requirements
Before Getting Started: Learn and Plan
General Requirements
Hardware and Routing Requirements
If you're using an Oracle partner
If you're colocating in a FastConnect location or using a third-party provider
Required IAM Policy
If you're using an Oracle partner
If you're colocating in a FastConnect location or using a third-party provider
Identifiers for FastConnect Resources
What's Next?
FastConnect Redundancy Best Practices
Overview
If You Use an Oracle Partner
If You Use a Third-Party Provider or Colocate with Oracle
Site-to-Site VPN as Backup for FastConnect
Related Resources
What's Next?
Multiple Connections to Your On-Premises Network
DRG Route Advertisements to Your On-Premises Network
Using AS_PATH to prefer routes from Oracle to your on-premises network
Routing Preferences for Traffic from Your On-Premises Network to Oracle
Route Filtering
Related Resources
FastConnect: With an Oracle Provider
Getting Started with FastConnect
Task 1: Set up connection to the Oracle partner
Task 2: Set up a DRG (private peering only)
Task 3: Set up your virtual circuits
Task 4: Complete the partner end of the virtual circuit
Task 5: Configure your edge
Task 6: Check light levels
Task 7: Confirm your interfaces are up
If the BGP Session Goes to Oracle
Task 9a: Ping the Oracle BGP IP address
Task 9b: Confirm that the BGP session is established
If BGP Session Goes to the Partner
Task 10a: Ping the partner's edge
Task 10b: Confirm the BGP session is established
Task 10c: Ping the Oracle BGP IP address
Task 11: Test the connection
Managing Your Virtual Circuit
To get the status of your virtual circuit
To edit a virtual circuit
To terminate a virtual circuit
To manage public IP prefixes for a public virtual circuit
To move a connection to a different compartment
Monitoring Your Connection
Troubleshooting
FastConnect: With a Third-Party Provider
Important Points and Responsibilities
Getting Started with FastConnect
Task 1: Set up a DRG (private peering only)
Task 2: Set up your cross-connect group and cross-connect
Task 3: Forward the LOA to your third-party provider
Task 4: Check light levels
Task 5: Activate each cross-connect
Task 6: Confirm that your interfaces are up
Task 7: Set up your virtual circuit
Task 8: Configure your edge
Task 9: Ping the Oracle BGP IP address
Task 10: Confirm that the BGP session is established
Task 11: Test the connection
Managing Your Connection
To get the status of your connection
Cross-Connect: PENDING CUSTOMER
Virtual circuit: DOWN
To add a new cross-connect to an existing cross-connect group
To edit a virtual circuit
To edit a cross-connect
To terminate a connection, or part of it
To manage public IP prefixes for a public virtual circuit
To move a connection to a different compartment
Monitoring Your Connection
Troubleshooting
FastConnect: Colocation with Oracle
Getting Started with FastConnect
Task 1: Set up a DRG (private peering only)
Task 2: Set up your cross-connect group and cross-connect
Task 3: Submit LOA and request cabling in the FastConnect location
Task 4: Check light levels
Task 5: Activate each cross-connect
Task 6: Confirm that your interfaces are up
Task 7: Set up your virtual circuit
Task 8: Configure your edge
Task 9: Ping the Oracle BGP IP address
Task 10: Confirm that the BGP session is established
Task 11: Test the connection
Managing Your Connection
To get the status of your connection
Cross-Connect: PENDING CUSTOMER
Virtual circuit: DOWN
To add a new cross-connect to an existing cross-connect group
To edit a virtual circuit
To edit a cross-connect
To terminate a connection, or part of it
To manage public IP prefixes for a public virtual circuit
To move a connection to a different compartment
Monitoring Your Connection
Troubleshooting
FastConnect Public Peering Advertised Routes
Oracle Cloud Infrastructure Classic Regional Routes
Amsterdam-Classic
Ashburn-Classic
Chicago-Classic
Sao Paulo-Classic
Slough-Classic
Sydney-Classic
Maintaining Virtual Circuits
FastConnect Metrics
Overview of Metrics: oci_fastconnect
Available Metrics: oci_fastconnect
Using the Console
To view default metric charts for a single FastConnect connection
To view default metric charts for all FastConnect connections in a compartment
To view default metric charts for a single FastConnect connection
To view default metric charts for all FastConnect connections in a compartment
Using the API
Troubleshooting FastConnect
Microsoft Azure Connection Issues
Problems terminating the Azure connection
General Issues
FastConnect is DOWN
Cross-connect and physical connection (layer 1)
Data-link (layer 2)
Network and transport (layers 3 and 4)
FastConnect virtual circuit is UP, but BGP session is DOWN
FastConnect virtual circuit is UP, but no traffic is passing through
FastConnect virtual circuit is UP, but traffic is passing in only one direction
Redundant Connections
IPSec and FastConnect are both set up, but traffic is only passing through IPSec
Access to the Internet
Internet Gateway
Highlights
Overview of Internet Gateways
Working with Internet Gateways
Internet Gateway Setup
Internet Gateway Management
Creating an Internet Gateway
Using the Console
Using the CLI
Using the API
Listing Internet Gateways
Using the Console
Using the CLI
Using the API
Getting Details for an Internet Gateway
Using the Console
Using the CLI
Using the API
Updating an Internet Gateway
Using the Console
Using the CLI
Using the API
Tagging an Internet Gateway
Using the Console
Using the CLI
Using the API
Moving an Internet Gateway to a Different Compartment
Using the Console
Using the CLI
Using the API
Deleting an Internet Gateway
Using the Console
Using the CLI
Using the API
NAT Gateway
Highlights
Overview of NAT
Overview of NAT Gateways
Setting Up a NAT Gateway
Task 1: Create the NAT gateway
Task 2: Update routing for the subnet
Managing a NAT Gateway
Creating a NAT Gateway
Using the Console
Using the CLI
Using the API
Getting Details for the NAT Gateway
Using the Console
Using the CLI
Using the API
Listing NAT Gateways
Using the Console
Using the CLI
Using the API
Updating a NAT Gateway
Using the Console
Using the CLI
Using the API
Blocking or Allowing Traffic for a NAT Gateway
Using the Console
Using the CLI
Using the API
Moving a NAT Gateway to a Different Compartment
Using the Console
Using the CLI
Using the API
Tagging a NAT Gateway
Using the Console
Using the CLI
Using the API
Deleting a NAT Gateway
Using the Console
Using the CLI
Using the API
Access to Your On-Premises Network
Private Access
Highlights
About Private Endpoints
About Service Gateways
Access to Object Storage: Service Gateway
Access to Oracle Services
Highlights
Overview of Service Gateways
Setting Up a Service Gateway in the Console
Task 1: Create the service gateway
Task 2: Update routing for the subnet
Task 3: (Optional) Update security rules
Task 4: (Optional) Update IAM Policies to Restrict Object Storage Bucket Access
Service Gateway Management
When You Switch to a Different Service CIDR Label
Creating a Service Gateway
Using the Console
Using the CLI
Using the API
Listing Service Gateways
Using the Console
Using the CLI
Using the API
Getting Details for a Service Gateway
Using the Console
Using the CLI
Using the API
Adding a Service CIDR Label to a Service Gateway
Using the Console
Using the CLI
Using the API
Removing or Changing a Service Gateway's Service CIDR label
Using the Console
Using the CLI
Using the API
Controlling Traffic for a Service Gateway
Using the Console
Using the CLI
Using the API
Associating a Route Table with an Existing Service Gateway
Using the Console
Using the CLI
Using the API
Updating a Service Gateway's Route Table Association
Using the Console
Using the CLI
Using the API
Tagging a Service Gateway
Using the Console
Using the CLI
Using the API
Moving a Service Gateway to a Different Compartment
Using the Console
Using the CLI
Using the API
Deleting a Service Gateway
Using the Console
Using the CLI
Using the API
Access to Other VCNs: Peering
Important Implications of Peering
IAM Policies for Routing Between VCNs
Local VCN Peering (Within Region)
Overview of Local VCN Peering
Important Local Peering Concepts
Important Implications of VCN Peering
Setting Up a Local Peering
Task A: Create the LPGs
Task B: Share information
Task C: Set up the IAM policies
Task D: Establish the connection
Task E: Configure the route tables
Task F: Configure the security rules
Local Peering Gateway Management
Creating a Local Peering Gateway
Using the Console
Using the CLI
Using the API
Listing the LPGs
Using the Console
Using the CLI
Using the API
Getting Details for an LPG
Using the Console
Using the CLI
Using the API
Updating the Name of an LPG
Using the Console
Using the CLI
Using the API
Connecting to Another LPG
Using the Console
Using the CLI
Using the API
Configuring VCN Route Tables to Use an LPG
Using the Console
Using the CLI
Using the API
Associating a Route Table with an Existing LPG
Using the Console
Using the CLI
Using the API
Configuring Security Rules to Use an LPG
Using the Console
Using the CLI
Using the API
Tagging an LPG
Using the Console
Using the CLI
Using the API
Moving a local peering gateway to a different compartment
Using the Console
Using the CLI
Using the API
Deleting an LPG
Using the Console
Using the CLI
Using the API
Remote VCN Peering (Across Regions)
Overview of Remote VCN Peering
Important Remote Peering Concepts
Important Implications of Peering
Setting Up a Remote Peering
Task A: Create the RPCs
Task B: Share information
Task C: Set up the IAM policies
Task D: Establish the connection
Task E: Configure the route tables
Task F: Configure the security rules
Example
Using the Console
To create a remote peering connection
To delete a remote peering connection
Local VCN Peering Through an Upgraded DRG
Task A: Create a DRG
Task B: Attach VCN-A to the DRG
Task C: Attach VCN-B to the DRG
Task D: Configure route tables in VCN-A to send traffic destined to VCN-B's CIDR to the DRG attachment
Task E: Configure route tables in VCN-B to send traffic destined to VCN-A's CIDR to the DRG attachment
Task F: Update security rules
Remote VCN Peering through an Upgraded DRG
Task A: Create the RPCs
Task B: Share information
Task C: Establish the connection
Task D: Configure the route tables
Task E: Configure the security rules
Access to Oracle Cloud Infrastructure Classic
Connection Over Oracle Network
Highlights
Overview
Connecting Your IP Network and VCN
Task 1: Set up a private gateway for your IP network
Task 2: Set up a dynamic routing gateway (DRG) for your VCN
Task 3: Configure route tables
For the IP network
For the VCN
Task 4: Configure the security rules
For the IP network
For the VCN
Example:
Task 5: Create a My Oracle Support ticket
Task 6: Test the connection
Terminating the Connection
Connection Over Site-to-Site VPN
Highlights
Overview
Setting Up Site-to-Site VPN Between Your IP Network and VCN
Task 1: Set up a VPNaaS gateway for your IP network
Task 2: Set up the VCN's components and IPSec tunnel
Task 2a: Set up a dynamic routing gateway (DRG) for your VCN
Task 2b: Configure routing to the DRG
Task 2c: Configure the security rules
For the IP network
For the VCN
Example
Task 2d: Create a CPE object
Task 2e: Create the IPSec connection
Task 3: Update the VPNaaS connection with the tunnel information
Task 4: Test the connection
Terminating the Connection
Access to Microsoft Azure
Highlights
Availability
Overview of Supported Traffic
Important Implications of Connecting Clouds
Setting Up a VNet-to-VCN Connection
Task 1: Configure the network security groups and security rules
Example: Outgoing ping from VCN to VNet
Example: Incoming ping to VCN from VNet
Example: Incoming SSH to VCN
Example: SQL*Net connections to database
Task 2: Set up Azure ExpressRoute circuit
Task 3: Set up an Oracle Cloud Infrastructure FastConnect virtual circuit
Task 4: Confirm that both circuits are provisioned
Task 5: Configure the route tables
Task 6: Test the connection
Managing a VNet-to-VCN Connection
To get the status of your FastConnect virtual circuit
To edit a FastConnect virtual circuit
To terminate the connection to Azure
Access to Other Clouds with Libreswan
Architecture
Supported IPSec Parameters
Configuration
Task 1: Prepare the AWS Libreswan instance
Task 2: Configure the Oracle Cloud Infrastructure DRG and CPE object
Task 3: Determine the required configuration values
Task 4: Set up the configuration file: /etc/ipsec.d/oci-ipsec.conf
Task 5: Set up the secrets file: /etc/ipsec.d/oci-ipsec.secrets
Task 6: Restart the Libreswan configuration
Task 7: Configure IP routing
Verification
Network Performance
Testing Methodology
Networking Metrics
DRG Metrics
Overview of Metrics: oci_dynamic_routing_gateway
Required IAM Policy
Available Metrics: oci_dynamic_routing_gateway
Using the Console
Using the API
FastConnect Metrics
Overview of Metrics: oci_fastconnect
Available Metrics: oci_fastconnect
Using the Console
To view default metric charts for a single FastConnect connection
To view default metric charts for all FastConnect connections in a compartment
To view default metric charts for a single FastConnect connection
To view default metric charts for all FastConnect connections in a compartment
Using the API
Internet Gateway Metrics
Overview of Metrics: oci_internet_gateway
Available Metrics: internet_gateway
Using the Console
To view default metric charts for all internet gateways in a compartment
Using the API
NAT Gateway Metrics
Overview of Metrics: oci_nat_gateway
Available Metrics: oci_nat_gateway
Using the Console
To view default metric charts for all NAT gateways in a compartment
Using the API
Service Gateway Metrics
Overview of Metrics: oci_service_gateway
Available Metrics: oci_service_gateway
Using the Console
To view default metric charts for all service gateways in a compartment
Using the API
Site-to-Site VPN Metrics
Overview of Metrics: oci_vpn
Available Metrics: oci_vpn
Using the Console
To view default metrics charts for an individual tunnel in an IPSec connection
To view default metric charts for all IPSec connections in a compartment
Using the API
VNIC Metrics
Overview of Metrics for an Instance and Its Network Devices
Overview of Metrics: oci_vcn
Raw Data Point Frequency
Required IAM Policy
Minimum required policy for getting VNIC metrics
Policy for viewing a VNIC's details and metrics in the Console
Available Metrics: oci_vcn
Tips for Working with VNIC Metrics
Using the Console
To view default metric charts for a single VNIC
To view default metric charts for multiple VNICs
Using the API
VTAP Metrics
Overview of Metrics
Required IAM Policy
Available Metrics: oci_vcn
Available Metrics: oci_nlb
Using the Console
Using the API
Network Command Center Services
Inter-Region Latency
Using the Console
Network Path Analyzer
Network Path Analyzer Tasks
Creating a Path Analysis Test
Using the Console
Using the CLI
Using the API
Running a Path Analysis Test
Using the Console
Using the CLI
Using the API
Listing Path Analysis Tests
Using the Console
Using the CLI
Using the API
Getting a Path Analysis Test's Details
Using the Console
Using the CLI
Using the API
Editing a Path Analysis Test
Using the Console
Using the CLI
Using the API
Moving a Path Analysis Test to a different compartment
Using the Console
Using the CLI
Using the API
Deleting a Path Analysis Test
Using the Console
Using the CLI
Using the API
Listing Path Analysis Work Requests
Using the Console
Using the CLI
Using the API
Getting a Path Analysis Work Request's Details
Using the Console
Using the CLI
Using the API
Listing Path Analysis Work Request Errors
Using the Console
Using the CLI
Using the API
Listing Path Analysis Work Request Logs
Using the Console
Using the CLI
Using the API
Listing Path Analysis Work Request Results
Using the Console
Using the CLI
Using the API
Network Visualizer
Viewing a Network Topology Map
Using the Console
Using the CLI
Using the API
Viewing a VCN Topology Map
Using the Console
Using the CLI
Using the API
Viewing a Subnet Topology Map
Using the Console
Using the CLI
Using the API
Virtual Test Access Points
Validated Oracle Partner Solutions
VTAP Tasks
Creating a VTAP
Using the Console
Using the CLI
Using the API
Listing VTAPs
Using the Console
Using the CLI
Using the API
Updating a VTAP
Using the Console
Using the CLI
Using the API
Starting or stopping a VTAP
Using the Console
Moving a VTAP to a different compartment
Using the Console
Using the CLI
Using the API
Deleting a VTAP
Using the Console
Using the CLI
Using the API
VCN Flow Logs
Flow Log Contents
Flow Logs Tasks
Enabling Flow Logs
Using the Console
Using the CLI
Using the API
Viewing Flow Logs
Using the Console
Using the CLI
Using the API
Editing a Flow Log
Using the Console
Using the CLI
Using the API
Deleting a Flow Log
Using the Console
Using the API
Using the CLI
Bulk Deleting Flow Logs
Using the Console
Capture Filters
Creating a capture filter
Using the Console
Using the CLI
Using the API
Updating a capture filter
Using the Console
Using the CLI
Using the API
Deleting a capture filter
Using the Console
Using the CLI
Using the API
Moving a capture filter to a different compartment
Using the Console
Using the CLI
Using the API
Troubleshooting
Hanging Connection
Summary of Problem and Solutions
Why Avoid Fragmentation?
Overview of MTU
Overview of PMTUD
Finding Where PMTUD Is Broken
Good: PMTUD Works
Bad: If you're testing your side of the connection and the ping succeeds
Bad: If you're testing the VCN side of the connection and you don't see the ICMP message
Avoiding the Need for PMTUD
VCN Troubleshooting
Subnet Deletion
The Subnet Isn't Empty
Load balancer example
File Storage example
Database example
A Network Security Group Isn't Empty
There Are Resources in Compartments You Don't Have Access To
Repurposing an LPG fails
Other useful links
Redundancy Issues
About the DRG and Redundant Connections
How to Identify and Fix a Redundancy Issue
Redundancy Issue: Case 1
Summary of the Issue
If You Are Using an Oracle Partner
If You Are Using a Third-Party Provider or Colocated with Oracle
Redundancy Issue: Case 2
Summary of the Issue
How to Fix the Issue
Redundancy Issue: Case 3
Summary of the Issue
How to Fix the Issue
Redundancy Issue: Case 4
Summary of the Issue
Option A: Use a Second Virtual Circuit
Option B: Use Site-to-Site VPN with Both Tunnels Up/Active
Redundancy Issue: Case 5
Summary of the Issue
How to Fix the Issue
Site-to-Site VPN Troubleshooting
General Site-to-Site VPN Issues
Troubleshooting Site-to-Site VPN with a Policy-Based Configuration
BGP Session Troubleshooting for Site-to-Site VPN
Troubleshooting Redundant IPSec connections
Troubleshooting FastConnect
Microsoft Azure Connection Issues
Problems terminating the Azure connection
General Issues
FastConnect is DOWN
Cross-connect and physical connection (layer 1)
Data-link (layer 2)
Network and transport (layers 3 and 4)
FastConnect virtual circuit is UP, but BGP session is DOWN
FastConnect virtual circuit is UP, but no traffic is passing through
FastConnect virtual circuit is UP, but traffic is passing in only one direction
Redundant Connections
IPSec and FastConnect are both set up, but traffic is only passing through IPSec
Known Issues for Networking
Active FTP not supported on Windows Instances
CPE Configuration Helper trouble specifying the CPE vendor
Private access issues from your on-premises network to Oracle Analytics Cloud through a service gateway
Issues with access to your public instances from Oracle services through a service gateway
Access issues for instances to Oracle yum services through service gateway