Configuring OCI - Azure Interconnect

A few days ago I wrote an article introducing the basic concepts of OCI Azure Interconnect, including the benefits that this partnership between Oracle Cloud and Azure bring to customers. In today’s article I will detail all the steps required to configure OCI – Azure Interconnect based on current OCI and Azure portal options, which have evolved since the partnership was announced in 2019, thus making most existing tutorials outdated.

?

Pre-requisites

You will need an Oracle Cloud account in order to create the required resources, of you do not have one you can create a Free Tier and take advantage of the initial credit that will allow you to create some of the required resources. A separate Compartment is recommended to group all the resources created in this guide. You will also need an Azure account, you can create an Azure Free Account if you do not have it. Creating a separate Resource Group is also recommended.

?

Considerations

In this guide we will be using the US-Ashburn OCI region and the East US Azure region. I had created an OCI compartment called OCI_2_Azure and an Azure Resource Group called Azure_2_OCI to organize the resources that will be created in the article on each cloud provider.

?

Preparing the Environments

Step #01 – Creating and Configuring a VCN in Oracle Cloud

The first steps in the configuration of OCI – Azure Interconnect will be performed on Oracle Cloud. Navigate to the Networking à Virtual Cloud Networks page and press the “Start VCN Wizard” button to create a new VCN. Select the “Create VCN with Internet Connectivity” option and press the “Start VCN Wizard” button to start the wizard.

In the Basic Information section, enter a VCN name (OCI_2_Azure_VCN) and select the desired compartment:

In the Configure VCN section of the wizard, enter a CIDR range for this VCN (10.0.0.0/16) and leave the other options with the default values provided:

In the Public and Private subnet sections, leave the default values and press Next to advance to the “Review and Create” page of the wizard. You will notice that the wizard creates the VCN, the subnets (each of them with a default security list and a default route table), and three gateways (NAT, Internet and Service Gateways, none of them will be used in this article but can be left). Press the “Create” button to create the VCN and all related resources, once the process ends you will see a page like this:

Step #02 – Creating a Dynamic Routing Gateway in Oracle Cloud

Navigate to the Networking à Virtual Cloud Networks à Customer Connectivity à Dynamic Routing Gateways page and press the “Create dynamic routing gateway” button. You will need to provide a Name for the DRG (OCI_2_Azure_DRG) and select a compartment, then press the “Create dynamic routing gateway” button to create the DRG:

Step #03 – Attaching the VCN to the Dynamic Routing Gateway in Oracle Cloud

Once the DRG is provisioned, you need to attach the VCN created in Step #01 to the DRG, by pressing the “Create virtual cloud network attachment” button:

You need to provide a name for the attachment (OCI_2_Azure_DRG_VCN) and select the VCN created on Step #01. Leave all other options with the default values and press “Create VCN attachment”:

Step #04 – Creating a VM on Oracle Cloud

To evaluate the connectivity between the two clouds, we are going to access a VM on Oracle cloud from Azure, and a VM on Azure from Oracle Cloud. This section describes how to create a basic VM on Oracle Cloud that can be used to assess OCI - Azure Interconnect.

Navigate to the Compute à Instances page and press the “Create instance” button. Provide a name for the instance (OCI_2_Azure_VM), select a compartment and leave Placement and Security options with the default values:

In the Image and Shape section, leave the default values. Confirm that the VM will be created on the public subnet of the network created on Step #01 of this article. If it is not the case, press the Edit option to choose it:

Then create and download public and private keys required to be able to access the VM later:

Leave Boot Volume and Block Volumes options with the default values and press the “Create” button.

Once the VM is provisioned, take note of the public IP (will be used to access the VM from your local computer to test the connection from OCI to Azure) and the private IP (will be used from the Azure VM to test the connection from Azure to OCI):

Step #05 – Creating a Virtual Network Gateway and a VNet in Azure

While these tasks can be done separately, it is simpler to create the Gateway and the VNet in the same operation as you will see now. To create the Virtual Network Gateway, click on the “Create a resource” icon on the portal home page, navigate to the Networking category and select “Virtual Network Gateway”:

You need to provide a Name for the VNG (Azure_2_OCI_VNG) and select an Azure region (we will be using East US). Select ExpressRoute as the Gateway type and Standard as the SKU. Click on the “Create virtual Network option” to create the VNet (Azure_2_OCI_VCN) in the Azure_2_OCI resource group.

In the Create virtual network wizard, provide the Name and select the resource group. Modify the Address Range to use the CIDR value of 10.15.0.0/16 (make sure it does not overlap with any other VNet in Azure nor with the OCI VCN). Add two subnets, one for the Gateway and one for the Virtual Machine that will be used to test the connection, each of them with the CIDR 10.15.1.0/24 and 10.15.0.0/24.

Press OK to return to the VNG creation wizard, and confirm that the Gateway subnet address range matches the subnet created in the VNet for the Gateway (10.15.1.0/24). Provide a name for the Public IP address (GatewayPublicIP) and press “Review + Create” to review the VNG anf VNet configuration and then create it:

Step #06 – Creating a VM in Azure

Now we will create a Virtual Machine that will be used to test connectivity. Click on the “Create a resource” icon on the portal home page and select “Virtual Machine” from the Popular Azure Services section.

In the wizard, select the Azure_2_OCI resource group and provide a name for the VM (UbuntuVM). Select the East US region and leave the Availability and Zone options with the default values:

Since we do not need to perform complex tasks on the VM, we will select Ubuntu Pro (pick the latest version available) as the image and Arm64 as the VM architecture (they are less expensive than x64) and then in the Size option select the cheapest one by using the “See all sizes” option:

You do not need to provide or change any other option in this first screen, just ensure that SSH access is enabled (it is by default):

Press “Next:? Disks >” and keep the default values in the Disks section.

Press “Next:? Networking >” to configure the network options, selecting the VNet created before (Azure_2_OCI_VCN) and the VM subnet. Ensure that port 22 (ssh) is enabled (ignore the warning that all IP addresses will have access to the VM, this VM is just for evaluating the connection to / from OCI):

Leave all other options with the default values, and press “Next:? Management >”. Remove the “Enable auto shutdown option” and leave all other default values:

Press the “Review + Create” button and then “Create” to provision the Virtual Machine. On the page for your new VM, take note of both the public and private IP addresses:

Setting Up the Connection Between OCI and Azure?

Step #07 – Creating ExpressRoute in Azure

To create the ExpressRoute connection in Azure, click on the “Create a resource” icon on the portal home page, navigate to the Networking category and select “ExpressRoute”. On the following page, select the right resource group and the desired level of resiliency:

In the Circuit Details section, select the region and enter a name (Azure_2_OCI_ExpressRoute). Select Provider in the Port Type option, then select Washington DC as the Peering Location and then Oracle Cloud FastConnect as provider. For testing purposes, select the smallest bandwidth to reduce costs (50Mbps) and leave the default values for the other options:

Select the “Review and Create” button and then Create to provision the ExpressRoute connection. Go to the properties page and take note of the Service Key value, it will be needed in OCI FastConnect configuration:

Step #08 – Creating FastConnect in Oracle Cloud

To create a FastConnect connection, navigate to Networking à Virtual Cloud Networks à Customer Connectivity à FastConnect page and press the “Create FastConnect” button:

In the Connection Type page, select FastConnect Partner and leave the default option for redundancy level and then press Next to continue with the wizard:

In the Virtual Circuit section, provide a name for the circuit (OCI_2_Azure_FastConnect), select the compartment and select Microsoft Azure ExpressRoute as the partner. Leave the circuit as a Private one:

Then select the OCI_2_Azure_DRG dynamic routing gateway and select a desired bandwidth (for demo purposes I selected the 1 Gbps that is the lowest and cheapest one). Complete the Partner service key with the value obtained while creating ExpressRoute:

In the BGP IP address section, provide the following four IP address ranges:

Then press the “Create” button to create the FastConnect service. Once it is provisioned, the status will be like this one:

Once the service is provisioned, go back to Azure and check the circuit status (should be Enabled) and the provider status (should be Provisioned):

Step #09 – Creating a Connection in Azure

Navigate to the Azure_2_OCI_VNG virtual network gateway properties page and select the Connections section in the Settings menu and click on the Add button. Select the Azure_2_OCI resource group and ExpressRoute as Connection type:

Go to the Settings tab and keep the Standard Resiliency level. In the Virtual network gateway section of the settings select the? Azure_2_OCI_VNG virtual network gateway, provide a name for the connection (Azure_2_OCI_Connection) and select the Azure_2_OCI_ExpressRoute circuit:

Step #10 – Associate the VM Network Security Group with the VNet in Azure

Navigate to the UbuntuVM properties page, select the Network Settings section, click on the UbuntuVM-nsg network security group and then in the Subnets, and press the Associate button. Associate the VM subnet of the Azure_2_OCI_VCN network with network security group:

Then in the Setting section of the network security group, select the Inbound Security Rules option and add the following rule:

Once this rule is created, the configuration is complete on the Azure side.

?

Step #11 – Configure the Ingress Rule and Route Table in Oracle Cloud

Navigate to the Networking à Virtual Cloud Networks page and click on the OCI_2_Azure_VCN network. In the Resources section, click the Security Lists option and then on the Default Security List. Go to the Ingress Rule section and press “Add Ingress Rule”, and complete the source CIDR with the 10.15.0.0/24 range defined for the Azure VNet, and add a description if desired:

Press the “Add Ingress Rules” button to confirm the creation of the rule.

Now go back to the OCI_2_Azure_VCN network page and in the Resources section, click the Route Tables option and then on the Default Route table. Press “Add Route Rules” and select Dynamic Routing Gateway as target type. Complete the destination CIDR block with the Azure VNet CIDS and select the OCI_2_Azure_DRG dynamic routing table as target:

Press the “Add Route Rules” button to confirm the creation of the route. This completes the setup on Oracle Cloud side.

?

Testing the Interconnect

?Now that the setup is complete, we will test the connection from OCI to Azure and from Azure to OCI.

Evaluating the Connection from Oracle Cloud to Azure

Log in to the OCI VM using the public IP obtained on step #04 together with the keys you downloaded. If you do not know how to connect to the VM, check the OCI documentation.

Once you are logged in, you can ping the VM on Azure using the private IP obtained when completing the step #06 (Azure VM creation):

Evaluating the Connection from Azure to Oracle Cloud

Log in to the Azure VM using the public IP obtained on step #06 together with the keys you downloaded. If you do not know how to connect to the VM, check the Azure documentation.

Once you are logged in, you can ping the VM on Oracle Cloud using the private IP obtained on step #04 (OCI VM creation):

As you can easily see, latency averages 2ms in both OCI to Azure and Azure to OCI traffic, allowing a seamless user experience when combining resources from both cloud providers.

?

Conclusion

Creating an Interconnect between OCI and Azure is an extensive but relatively simple task that allows access to resources in both cloud providers with reduced costs and minimal latency, while providing a higher level of security by avoiding the public internet.

About the Author

Lisandro is an Oracle ACE Pro member and works as Data Engineer Sr Consultant at OZ. Follow both accounts to get new articles on Oracle Cloud and Azure!

#OracleCloud #Azure #MultiCloud #OZBlogs