Introduction

Most of the Oracle documentation for Multicloud network connectivity focuses on a few of the more common use cases to connect two Cloud Service Providers (CSP) together:

• IPSec VPN
• FastConnect using an Oracle Partner
• FastConnect using Multicloud Interconnect (Azure Interconnect or GCP Interconnect) products

I have recently worked with a couple customers that have connected their Oracle Cloud Infrastructure (OCI) environments to another CSP in a somewhat unique way that I wanted to highlight in this blog as an option.  The diagram below illustrates some of the details around this connection method and involves having a colocation provider make a cross connect between the two CSPs.
 

The OCI documentation for Direct FastConnect model focuses on two typical use cases, direct with a third-party provider and direct via colocation with Oracle.  The connection method outlined in this blog would be considered as using the third-party provider model with your colocation provider being the third-party entity.

Prerequisites and Requirements

In order for a customer to connect this way, there are some prerequesites and requirements to understand before proceeding.

• The two CSPs points of presence (POP) locations must be in the same region, metropolitan area, and managed/operated by the same colocation provider.  Make sure and look up your locations in the relevant CSP documentation for location details.  OCI FastConnect POP locations in North America are documented in this link.  Some examples are below:

  

• It is the customer’s responsibility to submit the cross connect order with the colocation provider, therefore the customer must have an existing relationship with the colocation provider or willing to establish a new one. 
• The other CSP must be able to meet the OCI requirements for Direct FastConnect outlined in the this link to OCI documentation.

Considerations

• Validate the solution with your colocation provider
  Connecting this way is not necessarily a standard or common offering from all colocation providers.  It is very common for a colocation provider to make a cross connect from a customer’s cage to a 3rd party or a meet-me room, but it is much less common for them to make a cross connect between two 3rd party cloud providers.  It is highly recommended that you have a conversation with your colocation provider and verify they can accommodate in advance.  With proper Letter of Authorizations (LOA) from both CSPs, they should be able to make this connection.  Also keep in mind that colocation providers can also make connections between their different buildings inside the same metropolitan area or region.
• Redundancy and Failover
  CSPs, including OCI, tend to focus their documentation for direct connectivity on the common use case of connecting from on-premise via a customer premise equipment (CPE) that is managed by the customer or the customer’s provider.  As a result, when it comes to redundancy over two connections, the implementation is controlled by manipulating the Border Gateway Protocol (BGP) attributes on the CPE to get the desired behavior.  In our connectivity method, there is no CPE, each side of the connection is a CSP that may not support manipulation of BGP attributes and is expecting the other side to do it.  Customers should be aware of this before proceeding with redundant connections and make sure they have a plan for implementing redundancy.  Some possible scenarios are below:
  • Enabling Equal Cost Multipath (ECMP) on both ends of both connections may be an option.  Make sure and validate both sides support ECMP (OCI does).
  • Use longest prefix match instead of BGP to determine primary path over backup path.  This would involve advertising more specific routes over the primary path and less specific routes over the backup path.  Again, make sure and validate both sides can support this.  It’s possible in OCI by using separate Dynamic Routing Gateway (DRG) route tables with static routes.
  • It’s also an option to do nothing and let the two sides determine primary and backup path on their own.  This could result in asymmetric routing over the two links, however this may not cause any issues since there are no firewalls in the path.
• Other Advanced Features
  There may be other advanced or optional features that you’ll need to validate will work with both CSPs if you require them.  For example, MACsec, Bidirectional Forward Detection (BFD), Maximum Transmission Unit (MTU), Path MTU Discovery, BGP Message-Digest Algorithm 5 (MD5) Authentication, Link aggregation protocols such as Link Aggregation Control Protocol (LACP), and Internet Protocol version 6 (IPv6).​​​​​

High Level Steps

1. Create Direct FastConnect in OCI Console

   • Follow the steps outlined in the OCI documentation and download the LOA.

2. Create Direct Connection in the other CSP

   • ​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​Follow the steps outlined in the other CSP and download their LOA.

     • GCP Dedicated Interconnect Provisioning

     • Azure ExpressRoute Direct Provisioning

     • AWS Direct Connect Dedicated Provisioning

3. Place Cross Connect Order with Colocation Provider

   • ​​​​​​​Place the cross connect order with the colocation provider and make sure they have both LOAs.

4. Validate Connection and Finish the Configuration

   • ​​​​​​​​​​​​​​Once the connection has been made by the colocation provider, follow both providers documentation to validate the connection (e.g. light level) and finish configuration on the relevant gateways (e.g. Virtual Circuit, BGP, DRG, etc.).