Set up a Private Interconnect Between OCI and Microsoft Azure

April 10, 2023 | 11 minute read
Atefeh (Ati) Yousefi-Attaei
Senior Cloud Engineer | North America Cloud Engineering
Text Size 100%:

 

In this Blog, I will show you how to create a private low-latency connection between your cloud resources in OCI and Azure, while having an Azure vWAN solution. 

 

Agenda

  1. Create an ExpressRoute Circuit (Azure)
  2. Create a virtual WAN(Azure)
  3. Create a virtual hub and gateway(Azure)
  4. Connect created ER circuit to the hub gateway(Azure)
  5. Connect the VNet to the hub gateway(Azure)
  6. Create a Dynamic Routing Gateway(Oracle)
  7.  Attach the VCN to the DRG(Oracle)
  8. Create a FastConnect(Oracle)
  9. Test the connectivity(Oracle & Azure)
  10. Conclusion

 

Prerequisites

For this blog, you need to know about the OCI and Azure networking concepts, available networking constructs( VCN & VNet), and compute VMs on both clouds.

 

Create an ExpressRoute Circuit

To start, log in to the Azure portal. Select Create a resource from the menusearch ExpressRoute, and click create .

On the Create ExpressRoute page, fill out the required values.

Enter the name as Test-ER. Select your resource group and the East US region. Select Provider as Oracle Cloud FastConnect and Washington DC peering location.

Click Review+Create .

pic8

 

pic9

pic10

Once Validation passed create your ER circuit.

The ExpressRoute circuit is created now. Note down the service key, which you’ll use in the next step.

Note: This example uses 50Mbps bandwidth.

 

Create a Virtual WAN

From the Azure portal, type Virtual WAN in the search resources bar and hit Enter. On the Virtual WANs page, click  Create.

pic1

 

On the Basic tab, fill out the required details.Select the Subscription, Resource group (or create new), Region, Name (TestVWAN1), and choose the Type as a Standard.

Note: According to the Microsoft public documentation Standard virtual WANs support site-to-site VPN, VNet, ExpressRoute, and point-to-site endpoints connectivity, with optional connectivity across hubs in the same virtual WAN. Click on the link below if you need more information regarding this topic.

Microsoft Azure

Click on Next: Review + Create Wait to see the Validation passed message and create your vWAN.

pic2

 

Create a Virtual hub and gateway

Go to the Virtual WAN page that you just created TestVWAN. On the vWAN page, left pane under Connectivity, Click on Hubs and create a New Hub.

Fill out the required info there. Check the screenshots below.

pic3pic6

pic7

 

Click on Create to create the hub with an ExpressRoute gateway.

Note: A hub creation can take about 30 minutes to complete. After 30 minutes, Refresh to view the hub on the Hubs page.

 

Connect created ER circuit to the hub gateway

From the Virtual WAN page, click on TestVWAN1. On the left pane under the Connectivity, click on a hub and select the created hub from the Hub menu 'Hub1".

From the left pane under the Connectivity, select ExpressRoute.

pic11

Select the available ExpressRoute Test-ER and click on Connect circuit.

 

Connect the VNet to the hub gateway

Now you need to create the peering connection between your hub and a VNet. Go to the Virtual WAN page and click Virtual Network connection. On the virtual network connection page, click +Add connection. fill in the required fields: Name your connection (Vnet-to-Hub), select the hub you created earlier (Hub1), verify and check the subscription and Resource group, select the existing virtual network that you want to connect to this hub.

And click “Create

pic12

pic13

 

Create a Dynamic Routing Gateway

After configuring the Azure required resources, you need to log in to the OCI. Open the hamburger menu, go to Networking, and under Customer Connectivity, click on Dynamic Routing Gateways. Click Create Dynamic Routing Gateway.

Fill out the required fields and click Create a Dynamic Routing Gateway.

pic14

Attach the VCN to the DRG

After you create a DRG, you need to attach it to your available VCN. Go to the details page of the DRG, click Virtual Cloud Networks Attachments under Resources, and click Create Virtual Cloud Network Attachment. Select the proper VCN and click Create Virtual Cloud Network Attachment.

Check the screenshot below.

Note: I already had Test-VCN attached to my DRG; that’s why it’s greyed out.

pic15pic16

 

Create a FastConnect

To create a FastConnect circuit from a hamburger menu, go to Networking. Under the Customer Connectivity section, click on FastConnect and Create FastConnectSelect FastConnect Connection type and partner: Microsoft Azure: ExpressRoute and click Next on the Create Connection page. Fill out the required fields. Enter the Name as OCI-Azure, select circuit type as private, select the available DRG. Enter the provider service key from the earlier created ExpressRoute circuit. Enter two non-overlapping BGP IP addresses with the subnet mask from /28 to /31 for the BGP peering.

For more info regarding the BGP subnet size, please click the link OCI-FastConnect .

Click on Review+Create.

pic17pic18pic19

 

When the FastConnect provisioning is complete, the lifecycle state for the FastConnect circuit shows green and Provisioned.

Now you need to check the Azure side, the provider status for the ExpressRoute circuit changes to Provisioned, as shown in the following screenshots.

OCI FastConnect details page, Virtual circuit informaion. 

pic20

OCI FastConnect details page, BGP informaion.

pic21

Azure ExpressRoute Circuit details page, check Provider and Provider Status. 

pic22

 

Azure Hub1 details page, ExpressRoute section shows Gateway provisioning status: succeeded with one Connected circuit. 

hub1

Azure Hub1, ExpressRoute details page, shows Hub connection status: This hub.

hub2

Azure Virtual WAN details page, shows Hub status, Succeeded.

pic32

 

Test the Connectivity

As you saw in the screenshots above, after the interconnect connection is established between the OCI and Azure, the hub connection “HUB1” status will indicate 'this hub' under the HUB1|ExpressRoute page, confirming the connection is established to the hub ExpressRoute gateway.

Note: You need to wait approximately 5 minutes before you test connectivity from a client behind your ExpressRoute circuit, for example, a VM inside Azure to a VM machine inside the OCI.

Note: For testing the connectivity between the two VMs, you need to configure the NSG (Azure), Security List (OCI), and routing tables properly to allow the traffic between your Vnet and VCN resources.

Check the screenshots below.

From the Azure Virtual machine details page, note the VM Public IP address.

pic23

 

From the Azure Virtual machine details page, under Networking, check the Network security group rules, which I already applied it .

pic24

 

From the OCI portal Compute, Instances details page, note the VM Public IP address.

pic25

 

From the OCI Virtual cloud networks page, check the associated route table to your VCN and make sure you have Route Rules configured to your Azure subnet.

pic26

From the OCI Virtual cloud networks page, check the associated security list to your VM subnet and make sure you have proper Ingress and Egress rules configure there.

pic27

 

Let’s test the connection between the two VMs.

OCI VM Public IP: 150.136.6.192, VM Private IP: 10.20.0.60

Azure VM Public IP: 20.185.18.208, VM Private IP: 10.12.0.4

pic28

pic29

pic30

pic31

 

Conclusion

In this blog, I showed you how to interconnect from OCI to Azure . As you noticed, you don't need an intermediate service provider to set up the high bandwidth with the lowest multi-cloud latency between OCI and Azure.

 

I hope you enjoyed it!

Atefeh (Ati) Yousefi-Attaei

Senior Cloud Engineer | North America Cloud Engineering


Previous Post

Why Infrastructure as Code Matters

Shea Nolan | 4 min read

Next Post

Exporting VCN Flow Logs into OCI Logging Analytics

Shawn Moore | 5 min read
Resources for
Why Oracle
Learn
What's New
Contact Us