Upload
riccardo-romani
View
131
Download
0
Embed Size (px)
Citation preview
Oracle Network Cloud Service Foundations & Offering
Giuseppe Russo Chief Technologist, Systems LoB Claudio Paolucci Principal Sales Consultant, Systems LoB
BrainTalks , Oracle Italy Systems Presales Linkedin Group PRESENTS:
2
Agenda
• Why Networking matter in Cloud Computing?
• The Internet Layer revised
• Multi Protocol Label Switching
• Protecting Data in Transit - What is VPN?
• FastConnect - Overview
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Why Networking matter in Cloud Computing?
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Why Networking matter in Cloud Computing?
• The National Institute of Standards and Technology (NIST) defines the essential characteristics of cloud computing:
– Broad network access: Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (for example, mobile phones, laptops, and personal digital assistants [PDAs]) and other traditional or cloud-based software services.
– Image Rapid elasticity
– Measured service
– On-demand self-service
– Resource pooling
Oracle Confidential – Internal 4
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
A typical cloud service context
• workstations within an enterprise LAN or set of LAN
• connected by a router through a network or the Internet to the CSP
• CSP maintains a massive collection of servers, which it manages with a variety of network management, redundancy, and security tools
Oracle Confidential – Internal 5
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Cloud network model developed by ITU-T
• CSP maintains one or more local or regional cloud infrastructures
• An intracloud network connects the elements of the infrastructure, including database servers, storage arrays, and other servers (FW, LB, IDS/IPS)
• Within the infrastructure, database servers are organized as a cluster of virtual machines, providing virtualized, isolated computing environments for different users
• a core transport network is used by customers to access and consume cloud services deployed within the CSP data center
Oracle Confidential – Internal 6
ITU-T. Focus Group on Cloud Computing Technical Report Part 3
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Complete Infrastructure for Enterprise Workloads
Oracle Cloud Infrastructure
Compute Elastic Compute
Network Software-Defined
Storage Elastic Storage
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 8
Oracle Network Cloud Fast Connect PE
Oracle Network Cloud Fast Connect SE
VPN
Dedicated Routers
Enterprise Data Center
Branch Office
MPLS/ECX
Enterprise Data Center
Branch Office
Confidential – Oracle Internal
Oracle Network Cloud Services
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Problem Statement
9
Public internet is shared, unpredictable and
unsecure.
Applications that need to transfer large volume
of data require higher WAN bandwidth.
Some applications are sensitive to network
latency.
Sensitive data traversing through public internet
is a huge security risk.
Enterprises would like to have access to
Dedicated compute zone as a part of their own
network
Security and
Privacy
CIO’s Concerns
Speed of IT Delivery and Time to Market
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Solution
10
Compute Storage
Backup
Database Java
Big Data
FastConnect
Deterministic route to Oracle
Public Cloud with predictable
performance over 1G or 10G link
VPN
Encrypted data transfer
between your Datacenter and
Oracle Public Cloud while
extending your private network
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Routing: The primary function of Internet
• a path or route through the network must be determined
• more than one route is possible
• the selection of a route based on some performance criterion:
– the minimum-hop route
– associated line’s costs
– Others
Oracle Confidential – Internal 11
accept packets from a source station and deliver them to a destination station
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Routing: Packet Forwarding
Oracle Confidential – Internal 12
determining the right path
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Routing: Packet Forwarding
• Each router makes routing decisions based on knowledge of the topology and traffic/delay conditions of the internet
• the router must avoid:
– portions of the network that have failed
– portions of the network that are congested
• To make such dynamic routing decisions, routers exchange routing information using routing protocols
Oracle Confidential – Internal 13
determining the right path
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
The Internet Layer revised
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Infi
niB
and
Network Layered Design
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Network Layer Design Issue
• Connection Oriented or Connectionless
• Reliable or Unreliable
Oracle Confidential – Internal 16
Connection Oriented
Connectionless
Reliable ATM
Unreliable IP
• Connection Oriented virtual circuit (telephone systems)
• Connectionless datagrams (like telegrams)
• The idea behind virtual circuits is to avoid having to choose a new route for every packet sent.
• In datagrams networks successive packets may follow different routes.
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Network Layer Design Issue
Oracle Confidential – Internal 17
Issue Datagram Net VC net
Circuit Setup Not needed Required
Addressing Each packet contains the full source and
destination address Each packet contains a short VC number
State Information Net does not hold state information Each VC requires net table space
Routing Each packet is routed independently Route chsen when VC is set-up; all packets follow this route
Effect of Router Failure None; except for packets lost during the crash All VCs that passed throught the failed router are terminated
Congestion Control Difficult Easy if enough buffers can be allocated in advance for each VC
• For transaction processing systems use of VCs makes little sense.
• In line sconnectiong DCs VCs that are set-up manually and last for months or years may be useful.
datagrams virtual circuits
connectionless UDP
IP
UDP IP
ATM
connection oriented TCP IP
ATM AAL1 ATM
L3
L4
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
IP Protocol | IP Address
Special IP addresses
Net Type # Net # Host
A 126 16M
B 16382 64K
C 2M 254
• IP header has a 20-byte fixed part and a variable length part
• Is transmitted in big-endian order (like SPARC). In x86 CPU translation is required.
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
IP Protocol | IP Subnet & CIDR • Classless Inter-Domain Routing (CIDR) is a method for allocating IP addresses and routing Internet Protocol packets.
• The IETF introduced CIDR in 1993 to replace the previous addressing architecture of classful network design in the Internet.
• CIDR main goal was to slow the rapid exhaustion of IPv4 addresses.
• 192.168.100.14/24 represents the IPv4 address 192.168.100.14 and its associated routing prefix 192.168.100.0, or equivalently, its subnet mask 255.255.255.0, which has 24 leading 1-bits. Old notation is 192.168.100.0/255.255.255.0
Consider 192.168.100.0/22 → 11000000.10101000.01100100.00000000
First address 11000000.10101000.01100100.00000000 → 192.168.100.0
Last address 11000000.10101000.01100111.11111111 → 192.168.103.255
• a.b.c.d/30 glue network (point-to-point link) and a.b.c.d/31 point-to-point link (RFC3021).
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
IP Protocol | IPv6 • IPv6 was developed by the Internet Engineering Task Force (IETF) to deal with the long-anticipated problem of IPv4
address exhaustion.
• IPv6 is intended to replace IPv4. a.b.c.d 84 bit 232 addresses = 4.3 109 (e.g. www.facebook.com IPv4 31.13.90.36)
a.b.c.d.e.f.g.h 168 bit 2128 addresses = 3.4 1038 (e.g. www.facebook.com IPv6 2a03:2880:f01a:1e:face:b00c:0:25de)
19109 IP/cm3
• As of 2014, IPv4 still carried more than 99% of worldwide Internet traffic.
• The Internet exchange in Amsterdam is the only large exchange that publicly shows IPv6 traffic statistics, which as of November 2016 is tracking at about 1.6%, growing at about 0.3% per year.
• As of 22 April 2015, deployment of IPv6 on web servers also varied widely, with over half of web pages available via IPv6 in many regions.
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
TCP/IP | Stacking Headers
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Routing Algorithm
• Non adaptive algorithm
– Routing decision not based on measurement or estimates of traffic or topology (aka static routing).
• Adaptive algorithm
– Change routing decision to reflect changes in traffic and topology.
22
• virtual circuits routing decision made when VC is being set-up
• datagrams routing decision made for every arriving data packet
Optimality Principle
If router J is on the optimal path from I to K, then the optimal path from J to K falls along
the same route.
I J
K r1 r2
A
A
sink tree – no loop
The goal of all routing algorithm is to discover and use the sink tree for all routers.
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Shortest Path Routing | Static
23
• Labeling for distance, queing time and latency
• Dijkstra (1959)
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Distance Vector Routing | Dynamic
24
• Bellman-Ford or Ford-Fulkerson
• Used in ARPANET and Internet with name RIP (Routing Information Protocol)
• In the vector we can have hop, queue lenght, delay (measured with ECHO packets)
PING (Packet INternet Groper) ICMP (Internet Control Message Protocol) ECHO request / ECHO reply
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Hierarchical Routing
25
• As net grow in size, router routing tables grow proportionally
• Router are divided in regions
• Router know details about region
• Router know nothing about other regions
• regions → clusters → zones → groups
1A
1B
1C
2A 2B
2D 2C
5B 5C
5D
5E
5A
4A
4C 4B
3B 3A
Dest. Line Hops
1A - -
1B 1B 1
1C 1C 1
2A 1B 2
2B 1B 3
2C 1B 3
2D 1B 4
3A 1C 3
3B 1C 2
4A 1C 3
4B 1C 4
4C 1C 4
5A 1C 4
5B 1C 5
5C 1B 5
5D 1C 6
5E 1C 5
Full table for 1A
Dest. Line Hops
1A - -
1B 1B 1
1C 1C 1
2 1B 2
3 1C 2
4 1C 3
5 1C 4
Hierarchical table for 1A
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
The Network Layer in Internet | AS
26
• Autonomous System (AS) is a network or a group of networks under a single administrative domain.
• ASs have a unique routing policy for their networks.
• Everything inside the AS is internal.
• Thus AS helps to draw a line between the external routing and the internal routing.
• ASN is a unique 32-bit number allocated by IANA (Internet Assigned Numbers Authority) in block to the RIRs (5 Regional Internet Registry)
• ASN for private use are 64512-65534
• Routing inside the AS would be done by the internal routing protocols and…
• …external routing protocol would be responsible for routing between these ASs.
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | 27
• Interior Gateway Routing Protocols (used inside the ASs) e.g. OSPF, RIP, EIGRP, etc.
• Exterior Gateway Routing Protocols (used between ASs) BGP (Border Gateway Protocol)
Enhanced Interior Gateway Routing Protocol (by CISCO)
The Network Layer in Internet | ASs
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | 28
• The Internet Backbone is simply the collection of the physical infrastructure (layer 1 to 3) that connects one large network (i.e. an autonomous system) with another large network.
• The majority of these networks are ISPs and NSPs (Network Service Providers), and a few might be other giant companies.
• The internet backbone is decentralized, distributed and managed by no single organization or entity.
• There are different ways to connect networks: transit, peering, IXPs (Internet Exchange Points) .
The Network Layer in Internet | Backbones
Big ISP
Small ISP
Upstream Provider
sell “transit service”
ISP A ISP B
Private Peering
ISP A ISP B
Peering via IXP (e.g. TIX, MIX)
ISP A
IXP
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
The Network Layer in Internet | Global Traffic Flow
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Interior Gateway Routing Protocol | OSPF • Originally used distance vector or RIP
• In 1978 was replaced by link state
• In 1988 IETF began work on a successor
• It became a standard a standard in 1990: OSFP (Open Shortest Path First) – RFC1247
• OSFP:
• is open
• support a variety of metrics (distance, delay, etc.)
• dynamic
• ToS support (e.g. IP ToS for real time traffic)
• load balancing
• support hierarchical systems
• security
OSPF OSPF BGP
Area1 Area2 Area3
Backbone
Area Border Router
Backbone Router
Internal Router
ASi
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Exterior Gateway Routing Protocol | BGP
• For example:
• No transit through certain ASs
• Never put Iraq on a route starting at Pentagon
• Traffic starting at Oracle should not transit Microsoft
• etc.
• Policies are manually configured into each BGP router.
• From BGP point-of-view nets are grouped in:
• stub networks (1 connection to BGP graph)
• multiconnected networks (used for transit traffic, if accepted)
• transit network (backbones, handles 3-party packets)
AS 1 AS 2 AS 3
• EGRP have to worry about politics.
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Exterior Gateway Routing Protocol | BGP • BGP is a vector distance protocol with cost = accepted path
• router discard E and I
• choose between B and G based on scoring
• any route violating a policy has a score of infinity
• scoring function is not part of the BGP protocol
• BGP is described in RFC1654 (and RFC1268)
• Among routing protocols, BGP is unique in using TCP as its transport protocol.
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
MPLS | Introduction
• Multiprotocol Label Switching was invented to join technical features of IP and ATM
• Different protocol was proposed based on common principles:
• Use a standard routing protocol (e.g. OSPF) to find the route
• Label the path
• Attach the label to the packets (layer 2.5 protocol)
• Packet switching made on label basis (label switching)
• ATM is based on label switching and in the ‘90 ATM performance was higher than IP
• MPLS was released in January 2001; at that time IP performance was greater than ATM one
• MPLS survived for different reasons:
• QoS – IP is connectionless while circuits quarantee QoS
• Traffic Engineering – Whit MPLS is possible to create different paths and distribute traffic on available resources
• Advanced Services – VPN is the more important
• Fault tolerance – Path reconfiguration in case of router fault
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
MPLS | Architecture MPLS Domain
LSP (Label Switched Path) in a MPLS network
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Protecting Data in Transit | What is VPN?
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | 36
What is VPN?
• A virtual private network (VPN) in the context of IAAS/PAAS extends a private
network across the internet into the Cloud
• VPN provides the necessary security and control, enterprises need to move their
workloads into the cloud
• VPN connects two endpoints over a public network to form a logical connection.
• VPN technologies can be classified broadly on these logical connection models as
Layer 2 VPNs or Layer 3 VPNs
• VPN add a “delivery header” in front of the payload to get it to the destination site
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Types of VPN
• Remote Access
– Provides a remote user access to the enterprise network
– Example: CiscoAnyConnect
• Site to Site – A site-to-site VPN uses a VPN gateway appliance to connect one network to another
– Several Software or Hardware based solutions available • Corente
• Cisco
• Juniper and others
37
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Types of VPN: L2 VPN
• Layer 2 VPNs
– point-to-point and establish connectivity between sites over a virtual circuit.
– A virtual circuit is a logical end-to end connection between two endpoints in a network, and can span multiple elements and multiple physical segments of a network.
– The virtual circuit is configured end-to-end and is usually called a permanent virtual circuit (PVC)
– A dynamic point-to-point virtual circuit is also possible and is known as a switched virtual circuit (SVC)
– One of the advantages of a Layer 2 VPN is the independence of the Layer 3 traffic payload that can be carried over it
38
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Types of VPN: L3 VPN
• the delivery header is at Layer 3 of the OSI model
• Layer 3 VPNs can be:
– point-to-point to connect two sites such as GRE and IPSec
– may establish any-to-any connectivity to many sites using MPLS VPNs.
39
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Oracle Network Cloud Services Offering
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 41
Oracle Network Cloud Fast Connect PE
Oracle Network Cloud Fast Connect SE
VPN
Dedicated Routers
Enterprise Data Center
Branch Office
MPLS/ECX
Enterprise Data Center
Branch Office
Confidential – Oracle Internal
Oracle Network Cloud Services
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
FastConnect | Overview
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
• Dedicated: Access your Oracle Public cloud services in
a secure, consistent and cost effective manner.
• Reliable: Delivered as a fully redundant service with
two physical connections from your network edge.
• Standards Based: Leverages industry standard BGP
routing to manage the exchange of routes between
Oracle Public Cloud and your networks.
• Rapid Service Provisioning: Service can be turned up
rapidly (in minutes) if you are already in the same
Datacenter.
FastConnect : Overview
43
FastConnect Partner Edition
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
FastConnect | Use Cases
• Bidirectional transfer of large volumes of data
(batch jobs)
• Application that require consistent latency and
network performance
• Sensitive data transfers that cannot traverse the
public internet
44
MPLS VPN service
Public facing services
from Oracle Public Cloud.
DMZ(Public Access)
Customer Collocated at same
Datacenter as Oracle
Private
cloudDMZ
(Public Access)
Customer Premise
(Remote Datacenter)
Private
cloudDMZ
(Public Access)
Customer DMZ within Equinix
datacenter
DMZ(Public Access)
Customer DMZ (Not at Equinix
datacenter)
DMZ(Public Access)
Customer Private Network
(MPLS VPN service)
Private
cloud
Equinix
Cloud
Exchange
MPLS-Service-Provider
Gateway
Private line
Private Line
Private network extension
from Oracle Public Cloud.
Private Ethernet WAN link
Local crossconnect within
datacenter
Private Extension Public services
Metro/ City
Fast Connect Routers Internet Routers
Oracle Data Center
Public
ServicesPublic
services
Dedicated
ComputeDedicated
Compute
Oracle Data Center
IPSec
Tunnel
IPSec
TunnelIPSec
TunnelIPSec
Tunnel
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
• Standard Edition
• Connectivity at any Datacenter with Oracle Cloud
Service collocated
• Partner Edition - Equinix Cloud Exchange
• Easy connectivity at Equinix facilities
• Partner Edition - BT Cloud Connect (EMEA)
• Directly connect your BT MPLS IP VPN to Oracle
Public Cloud Services
• Partner Edition - Verizon SCI (NA)
• Leverage your existing Verizon infrastructure (MPLS
IP VPN) to connect to Oracle Public Cloud Services
FastConnect : Options
45
Oracle Network Cloud Services
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
MPLS VPN service
Public facing services
from Oracle Public Cloud.
DMZ(Public Access)
Customer Collocated at same
Datacenter as Oracle
Private
cloudDMZ
(Public Access)
Customer Premise
(Remote Datacenter)
Private
cloudDMZ
(Public Access)
Customer DMZ within Equinix
datacenter
DMZ(Public Access)
Customer DMZ (Not at Equinix
datacenter)
DMZ(Public Access)
Customer Private Network
(MPLS VPN service)
Private
cloud
Equinix
Cloud
Exchange
MPLS-Service-Provider
Gateway
Private line
Private Line
Private network extension
from Oracle Public Cloud.
Private Ethernet WAN link
Local crossconnect within
datacenter
Private Extension Public services
Metro/ City
Fast Connect Routers Internet Routers
Oracle Data Center
Public
ServicesPublic
services
Dedicated
ComputeDedicated
Compute
Oracle Data Center
IPSec
Tunnel
IPSec
TunnelIPSec
TunnelIPSec
Tunnel
46
FastConnect : Options
• Customers will be able to access their Oracle PaaS and Compute services through one of the following options
• Equinix Cloud Exchange - for all Platform or Compute services that are publicly accessible
• MPLS/VPN service provider Gateways – for publicly accessible Platform and Compute services as well as Dedicated Compute
• Direct connectivity from customer premise or from the customer cage – for publicly accessible Platform and Compute services as well as Dedicated Compute
Oracle Confidential – Restricted
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
FastConnect : Scenarios
There can be two scenarios
• Local
– Customer is considered as Local if they are collocated in the same Datacenter in the city
where they desire Oracle Cloud Services
• Remote
– Customer is considered as Remote if they are NOT collocated in the Datacenter in the city
where they desire Oracle Cloud Services.
47 Oracle Confidential – Restricted
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Private Extension Public services
Public Internet
Metro/ City
Fast Connect Routers
Public facing services from Oracle
Public Cloud.
Customer
DMZ(Public access)
Customer Collocated at same Datacenter as Oracle
Customer
Private network
Internet Routers
Customer orders crossconnects from
the Datacenter provider to Oracle
cage. LOA/CFA will be provided by
Oracle to the customer
Provisioned by Datacenter provider
Customer establishes BGP Peering
with Oracle after physical connectivity
to Oracle routers is setup
Datacenter where Fast Connect will be available
Customer orders Oracle Fast-Connect
Standard Edition from Oracle
Provisioned by Oracle
Dedicated
ComputeDedicated
Compute
Oracle Data Center
1
2
3
Oracle Data Center
Public
ServicesPublic
services
IPSec
Tunnel
• Both 1Gbps and 10Gbps options are available.
• LOA/CFA (Letter of Authority / Customer facility Assignment) will be provided by Oracle.
• Customers will work with their datacenter provider to order the cross connects. Customers can request for armored cables from the datacenter provider to enhance the physical security within the facility.
• Upon completion of the cross connect with the Oracle Routers, customers will establish logical connectivity and setup BGP with Oracle. Two independent BGP sessions will need to be established for the public and private address space respectively.
Oracle Confidential – Restricted
Fast Connect – Standard Edition
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Private Extension Public services
Public Internet
Metro/ City
Fast Connect Routers
Public facing services from Oracle
Public Cloud.
Customer
DMZ(Public access)
Customer Premise (or Remote Datacenters)
Customer
Private cloud
Internet Routers
Network Service Provider orders
crossconnects through the Datacenter
provider for connection to Oracle routers
Provisioned by Datacenter provider
Customer establishes BGP Peering with
Oracle after physical connectivity to Oracle
routers is setup through the Network
Service Provider
Network service
provider
Customer orders Metro Ethernet or
Ethernet-WAN circuits through a Network
service provider from their premises to the
Oracle facility where Fast Connect is
required.
Provisioned by Network Service Provider
Datacenter where Fast Connect will be available
Customer orders Oracle Fast-Connect
Standard Edition from Oracle
Provisioned by Oracle
Dedicated
ComputeDedicated
Compute
Oracle Data Center
1
2
3
4
Oracle Data Center
Public
ServicesPublic
services
IPSec
Tunnel
• Oracle Fast Connect Standard Edition (Remote) will allow customers to establish private connectivity from their datacenter, collocation environment, IT hubs or offices using dedicated private links provided by network service providers.
• Customers will need to select and work with a network service provider and confirm their ability to provision private line service from the customer location to the Oracle Datacenter. Additionally customers will need to confirm that their network equipment will meet the needs for Fast Connect Standard Edition.
• Provides Layer3 connectivity for services that are accessible over the public internet as well as allow customers to access and manage their Dedicated Compute services as an extension of their private network. All configurations are managed between Oracle and the Customer.
49 Oracle Confidential – Restricted
Fast Connect – Standard Edition (Remote)
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
• Both 1Gbps and 10Gbps options are available.
• Customers will work with their selected network service provider to setup a private line from their facility to the Oracle Datacenter. The service provider will typically work with the datacenter provider to extend this private line to the Oracle assigned facility.
• Customers can request for armored cables within the datacenter to enhance the physical security within the facility.
• Upon completion of private line turn-up by the network service provider, customers will establish logical connectivity and setup BGP with Oracle. Two independent BGP sessions will need to be established for the public and private address space respectively.
• Customers are responsible for all configurations on their end as well as traffic management over FastConnect Standard Edition for the network addresses pertaining to their Oracle Cloud Services.
50 Oracle Confidential – Restricted
Private Extension Public services
Public Internet
Metro/ City
Fast Connect Routers
Public facing services from Oracle
Public Cloud.
Customer
DMZ(Public access)
Customer Premise (or Remote Datacenters)
Customer
Private cloud
Internet Routers
Network Service Provider orders
crossconnects through the Datacenter
provider for connection to Oracle routers
Provisioned by Datacenter provider
Customer establishes BGP Peering with
Oracle after physical connectivity to Oracle
routers is setup through the Network
Service Provider
Network service
provider
Customer orders Metro Ethernet or
Ethernet-WAN circuits through a Network
service provider from their premises to the
Oracle facility where Fast Connect is
required.
Provisioned by Network Service Provider
Datacenter where Fast Connect will be available
Customer orders Oracle Fast-Connect
Standard Edition from Oracle
Provisioned by Oracle
Dedicated
ComputeDedicated
Compute
Oracle Data Center
1
2
3
4
Oracle Data Center
Public
ServicesPublic
services
IPSec
Tunnel
Fast Connect – Standard Edition (Remote)
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
FastConnect – Standard Edition: Prerequisites
As a customer of FastConnect-Standard Edition, you need to meet the following pre-requisites:
– You need a valid Oracle Order for FastConnect – Partner Edition with the appropriate port speed defined (currently 1 Gbps or 10 Gbps)
– You will require network equipment capable of supporting Layer3 routing
– You are responsible to provision the physical connectivity to the Oracle routers through a network service provider or carrier of your choice.
– The network service provider must be capable of connecting to the Oracle routers over single mode fiber.
– You can only advertise public IPv4 prefixes over this connection and the prefixes must be registered to you in an IRR/RIR (Internet Routing Registry/Regional Internet Registry).
Oracle Confidential – Internal/Restricted/Highly Restricted 51
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
FastConnect – Standard Edition: Prerequisites
• As a customer of FastConnect-Standard Edition, you need to meet the following pre-
requisites:
– You will require a public ASN that is registered to you for establishing the peering
session. If you do not have a registered public ASN, you can use private ASNs or
Oracle will provide fixed ASN to be used for the configuration.
– You will need to provide two /30 or /31 public IP subnets for the routing
interfaces. These IP subnets should be owned by you and registered in an IRR/RIR.
If you do not have registered IP subnets for this purpose, Oracle will provision two
/31 IP subnets for the connection.
Oracle Confidential – Internal/Restricted/Highly Restricted 52
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
• Customers that are not already connected to Equinix Cloud Exchange will need to establish that connectivity by ordering a port and cross connect from Equinix
• Customers meeting the above requirements will order Oracle FastConnect Partner Edition from Oracle. Both 1Gbps and 10Gbps options are available
• Customers will then need to enable their Oracle FastConnect service through the Equinix Cloud Exchange portal (or work with Equinix to automate the process using their APIs)
• The enablement process with Equinix will set up BGP peering between the customer’s network and Equinix, allowing routes to be exchanged between Oracle and the customers.
• Customers will need to manage their routing policy to prefer the Equinix Cloud Exchange for traffic to the network addresses pertaining to their Oracle service
53
Fast Connect – Partner Edition : Equinix Cloud Exchange (Local)
Oracle Confidential – Restricted
Equinix
Cloud Exchange
(ECX)Public Internet
Customer
DMZ(Public access)
Metro
Fast Connect Routers
Customer Cage at Equinix in the Metro
Customer orders ECX Port (with Cross
connect) from Equinix to connect to
ECX
Provisioned by Equinix
EQUNIX facility
Public facing services from Oracle
Public Cloud.
Customer configures BGP on their
routers with the information obtained
from ECX portal and policies for
Oracle Fast Connect
Completed by Customer
Internet Routers
Customer orders Oracle Fast-Connect
Partner Edition from Oracle to connect
via ECX
Provisioned by Oracle
Public services
1
2
4
Oracle Data Center
Public
ServicesPublic
services
Customer requests Layer3 connectivity
to Oracle Fast Connect on ECX portal
Provisioned by Equinix
3
IPSec
Tunnel
Dedicated
ComputeDedicated
Compute
Oracle Data Center
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
• Customers will need to establish connectivity to Equinix Cloud Exchange by ordering the ECX Port (and cross connect) from Equinix and order an Ethernet Private Line from their network edge to Equinix Cloud Exchange.
• Customers meeting the above requirements will order Oracle FastConnect Partner Edition from Oracle. Both 1Gbps and 10Gbps options are available.
• Customers will then need to enable their Oracle FastConnect service through the Equinix Cloud Exchange portal (or work with Equinix to automate the process using their APIs).
• The enablement process with Equinix will set up BGP peering between the customer’s network and Equinix, allowing routes to be exchanged between Oracle and the customers.
• Customers will need to manage their routing policy to prefer the Equinix Cloud Exchange for traffic to the network addresses pertaining to their Oracle service
Oracle Confidential – Internal/Restricted/Highly Restricted 54
Fast Connect – Partner Edition : Equinix Cloud Exchange (Remote)
Oracle Confidential – Restricted
Equinix
Cloud Exchange
(ECX)
Public Internet
Customer
DMZ(Public access)
Metro/ City
Fast Connect Routers
Customer Datacenter not collocated within Equinix
Customer orders Metro Ethernet or Ethernet-
WAN circuits from a Network service provider
to connect to ECX.
Also valid if a customer is located in a different
metro or city than Equinix/Oracle
Provisioned by Network Service Provider in
collaboration with EquinixEQUNIX facility
Network provider
Public facing services from Oracle
Public Cloud.
Customer configures BGP on their routers
with the information obtained from ECX
portal and policies for Oracle Fast Connect
Completed by Customer
Internet Routers
Customer orders ECX port from Equinix
Provisioned by Equinix
Customer orders Oracle Fast-Connect
Partner Edition from Oracle to connect via
ECX
Provisioned by Oracle
Public services
1
2
3
5
Oracle Data Center
Public
ServicesPublic
services
Customer requests Layer3 connectivity
to Oracle Fast Connect on ECX portal
Provisioned by Equinix
4
IPSec
Tunnel
Dedicated
ComputeDedicated
Compute
Oracle Data Center
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
FastConnect Partner Edition - Equinix Cloud Exchange: Prerequisites
• As a customer of FastConnect-Partner Edition via Equinix Cloud Exchange, you need to meet the following pre-requisites:
– You will require network equipment capable of supporting Layer3 routing using BGP collocated at the Equinix IBX in the city where you desire service.
– You will need to establish connectivity with ECX –L3 at the city where you desire service.
– You need a valid Oracle Order for FastConnect – Partner Edition with the appropriate port speed defined (currently 1 Gbps or 10 Gbps)
– You will require a valid Public IP address and a valid Autonomous System Number (ASN) to establish configuration with Equinix Cloud Exchange. Please work with your ISP or one of the registries to obtain public IP address and an ASN.
Oracle Confidential – Internal/Restricted/Highly Restricted 55
Note: Please work with your Oracle Sales Team to determine the location where your OPC services are provisioned
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
Fast Connect – Partner Edition : BT Cloud Connect
• Can be leveraged by customers that use BT Cloud Connect MPLS IP VPNs to create a private enterprise network. BT Cloud Connect will extend the Private VPN through Oracle FastConnect to enable dedicated access into Oracle Public Cloud from the customers’ enterprise network
• Build on your existing network architecture taking advantage of pre provisioned infrastructure to deliver the service and realize the benefits faster.
Oracle Confidential – Internal/Restricted/Highly Restricted 56 Oracle Confidential – Restricted
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
• Customers will order Oracle Network Cloud Service - FastConnect Partner Edition - BT Cloud Connect at the location where your Oracle Cloud IaaS and PaaS services are provisioned.
• Customers will Specify the location where you desire connectivity through Oracle Network Cloud Service - FastConnect Partner Edition - BT Cloud Connect. This is the location where your Oracle Cloud IaaS and PaaS services, that you would like to access through the service, are provisioned.
• Customers will contact their BT Global Services account manager to order BT Cloud Connect for Oracle FastConnect.
• BT contacts Oracle to validate the details that you have provided and to ensure that your service is provisioned correctly. BT configures its routers to route your traffic through BT Cloud Connect for Oracle FastConnect, and then provides configuration information to Oracle. Oracle configures the Oracle edge routers based on the information received from BT.
Fast Connect – Partner Edition : BT Cloud Connect
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
FastConnect – Partner Edition via BT Cloud Connect: Prerequisites • As a customer of FastConnect-Partner Edition via BT Cloud Connect, you need to meet the
following pre-requisites:
– You must be an existing customer of BT IP Connect Global – MPLS IP VPN and have an active MPLS VPN in service. If you are not an existing customer of BT IP Connect Global - MPLS IP VPN, contact your BT Global Services account team to order the service.
– You will need network equipment as required by the BT IP Connect Global service requirements.
– You are responsible to provision any infrastructure or equipment as required by BT for connectivity through BT Cloud Connect for Oracle FastConnect.
Oracle Confidential – Internal/Restricted/Highly Restricted 58
Note: Please work with your Oracle Sales Team to determine the location where your OPC services are provisioned
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
• Leverage your existing Verizon Private IP network
• Pre provisioned infrastructure hence deliver the service and realize the benefits faster.
• Add as many sites as you want at no additional cost
• Initially available in North America only
• EMEA – Q2 FY17
Fast Connect – Partner Edition : Verizon SCI (Secure Cloud Interconnect)
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. |
The Ultimate in Cloud Flexibility
On-Premises. Cloud at Customer. Public Cloud.
Any Way You Like It.