Extending SaaS with Cloud Native (Part 2 - Network Connectivity)

In this blog I want to look into network connectivity between different cloud services and how to choose the optimal network architecture.

First of all, especially for cloud services network connectivity matters.
Most cloud services are spread and accessed across different data centers and geographical regions. And typically those services need to communicate in a bi-directional way several times with each other for many process steps. If a sub-optimal network architecture is chosen those interactions easily add up to several seconds which can be an issue if user interactions depend on the underlying system-to-system communication.

Also, depending on the data center location of Oracle cloud services the communication is either completely running over the Oracle Cloud Infrastructure (OCI) network backbone which is secured and operated by Oracle or it is using external network routes. Those external routes can either be dedicated private FastConnect connections, less reliable and less secure internet connections or VPN connections over internet. So, if security matters FastConnect or VPN connections are always preferred compared to using pure internet connectivity.

As a general rule it's always good to keep services as near as possible to each other and to the end users. So, if possible it would be the best to get all cloud services provisioned in the same data center and region very near by to the customer's premises where the end users accessing those services are located. But not all cloud services are available in every data center and not all data centers provide the same capabilities which might be required.

So, first step is to identify possible data centers for your cloud service needs.
Oracle provides an overview for platform and infrastructure services here: https://www.oracle.com/cloud/data-regions.html. Please reach out to your Oracle Sales team or the Oracle A-Team for more informations on available data centers for Oracle Application services.

Oracle's concepts for application resiliency, mainly the concept of availability domains (AD's), need to be taken into consideration as well. An availability domain is one or more data centers located within the same region (a localized geographic area, i.e. Ashburn, Phoenix, Frankfurt, Amsterdam or London) and AD's are isolated from each other and very unlikely to fail simultaneously. All availability domains in a region are connected to each other by a low latency, high bandwidth network. Deploying cloud services to multiple availability domains is the preferred method to ensure high availability.
Another Oracle concept are fault domains, that means a grouping of hardware and infrastructure within an availability domain, that do not share the same physical hardware.
The usage of different regions and those two concepts for high availability and disaster recovery has impact to available network architecture options as not all cloud services behave exactly the same and not all regions have the full set of 3 ADs per region.
More informations here:
https://docs.cloud.oracle.com/en-us/iaas/Content/General/Concepts/regions.htm
https://blogs.oracle.com/cloud-infrastructure/using-availibility-domains-and-fault-domains-to-improve-application-resiliency

A typical network latency time between hosts in the same availability domain (AD) is < 100μs, between ADs in the same region it is < 500μs. As soon as you connect cloud services between completely different data centers within a wider geographical region like Europe or North America the latency time is roughly about 3-9ms over the OCI network backbone. Of course Internet connectivity within the same geographical regions is significantly above that number (ie. between Frankfurt and Amsterdam roughly 10-20ms). If services are spread even between continents like North America and Europe the cloud infrastructure backbone can achieve typically 40-50ms and using internet connectivity for the same is much more than that (roughly 80-140ms). More accurate measurements can be made case-by-case. Based on the type of needed system interactions an estimation calculation for the needed network communication times is possible.

BTW, following link gives a good idea which OCI regions are interconnected via the network infrastructure backbone: https://docs.cloud.oracle.com/en-us/iaas/Content/Network/Concepts/fastconnectpublicpeeringaddressranges.htm

If you are unsure how to design your network architecture for the set of cloud services you're looking for, reach out to the A-Team and we can help you with identifiying the right option.

-- max@oracle-ateam --