Many times I was requested to build a networking architecture for enabling the DBs on one OCI Region to backup to Object Storage on another OCI region. In this new blog post, we will discuss the steps we need to perform in order to create the Cross-Region DB Object Storage Backup using the new DRGv2 capability.
For the Cross-Region DB Backup we will OCI Ashburn and OCI Phoenix as regions. That being said, DBs from Phoenix region will replicate to Object Storage from Ashburn and vice-versa. In our examples we will use simple VMs and test the IP connectivity from one region to another region Object Storage.
For testing purposes, we will use two VMs, one in Ashburn at 10.0.0.3 and another in Phoenix at 172.29.2.3. The public IP ranges assigned to Object Storage are listed in the above networking topology. The Object Storage Service API can be found at this link: https://docs.oracle.com/en-us/iaas/api/#/en/objectstorage/20160918/.
The requirements are:
- VM at 10.0.0.3 to access Phoenix Object Storage (blue path named 1);
- VM at 172.29.2.3 to access Ashburn Object Storage (purple path named 2);
The requirements are listed as IP paths in the below picture:
For the RPC attachment and VCN attachments in both regions create a new Route Table with new Route Import policies to granular filter the routes we want on a particular attachment.
2.1 Create the RPC between the two regions and attach the route tables created for RPC attachment:
2.2 Create the Transit Routing to Object Storage on both OCI Regions
Let's attach a VCN Route Table to both DRGs and insert a route rule to route the traffic to Object Storage using the Service Gateway as a next-hop:
2.3 Make sure both SGWs from Ashburn and Phoenix have a Route Table attached to route the traffic back to the 172.29.2.3 on the SGW from Ashburn and to 10.0.0.3 on the SGW from Phoenix via the respective DRGs as next-hops:
2.4. Import in the Route Tables for RPC attachments the VCNs IP prefixes; this will make also the Object Storage public prefixes to be imported in RPC Route Table attachments based on the transit routing activated at step 2.2
After this step is completed, each region will announce to the remote region the VCN prefixes and Object Storage IP prefixes.
2.5 In the Route Tables attached to the VCN attachments in each region, import the IP Prefixes received on the RPC attachments:
2.6 Insert route rules in the RT attached to each subnet to direct the traffic to Object Storage via the DRG as next-hop (make sure the Security Lists or Network Security Groups attached are permitting the traffic):
3.1 Testing the Blue Path 1 from 10.0.0.3:
3.2 Testing the Purple Path 2 from 172.29.2.3:
We have confirmed the IP connectivity is established and the DBs can perform the Cross-Region backup.