In my previous post, I gave an overview of the default network configuration for Oracle Cloud VMware solution and also a brief overview of the Networking Quick Actions. In this post, we start looking into the quick actions by starting with establishing connectivity with your on-prem networks.
Connectivity between your OCI tenancy and on-prem is established using the OCI Dynamic Routing Gateway (DRG) and can use FastConnect or VPN Connect (IPSEC VPN). In my case I am using VPN Connect for the connectivity.
The quick start workflow assumes that you already have a connection established between your OCI Environment and On-prem environment:
- The DRG is configured and associated with the VCN
- The VPN or FastConnect is established with the desired location(s)
Verify Physical Connectivity with On-Premises
- First we review that the DRG is configured and attached to the VCN
- Next we review the VPN Connection(s)
- Verifying the status of the VPN Tunnels
Execute the Quick Action Workflow
At this stage, we are ready to go ahead and run the Quick Start Workflow to “Configure connectivity to your on-premises network”. The workflow(s) are available from your SDDC Status page.
Step-1 – Provide Network Information
Once you select the option to configure on-prem connectivity, the workflow will require you to provide the networks at each end of the connectivity:
- Workload CIDR – IP Address Range for the NSX Overlay Networks. I am using 192.168.192.0/20 for my environment.
- On-premises CIDR – IP Address Range for the On-prem Networks. In my case, this will be 10.0.0.0/14.
Step-2 – Review and Apply Configuration
In the next step, the workflow will provide you with all the components and configuration that will be part of setting up the required connectivity. This is point where we will make sure all the correct information is being used.
- DRG – The workflow picks up the DRG attached to the VCN being used for the OCVS Cluster.
- Route Table Entries – It shows the respective route-tables and entries that will be created as part of the workflow. An entry will be created for the Overlay Network in the DRG route table and another one for the on-prem network in the Uplink VLAN route table.
- Network Security Groups – The NSG for the Uplink will be updated with an entry to allow communication between the on-prem network and the SDDC.
At this stage, you can click on apply configuration and the workflow will give you confirmation once all the required steps have been completed.
The workflow will configure route-table entries for the networks at either end of the connection. The route tables and the respective entries are listed below:
|Route Table||Associate with||Destination||Route-target|
|1||Route Table for OCI-FRA-DRG||DRG||192.168.192.0/20||172.16.0.131|
|2||Route Table for VLAN-OCI-FRA-SDDC-NSX Edge Uplink 1||Uplink VLAN||10.0.0.0/14||DRG|
In addition to the above, entries will be configured in the Network Security Group for the Uplink VLAN to:
- Allow ingress traffic from 10.0.0.0/14 (on-prem network)
- Allow egress traffic to any destination
A picture is worth a thousand words, so here goes my attempt at putting the setup in an illustration.
In order to test the connectivity, I ran a ping to a webserver on OCVS and also accessed the server using HTTP, to make sure all my routes and security rules are working.
- Jump Host
- ICMP Test
- Testing Webpage hosted on VM in OCVS
In the next part of this series, I will be looking at the workflow for establishing connectivity to the Oracle Services Network.