Part Two – OCI Network Security

Posted on by

Here’s a detailed summary of the key topics covered in the document “OCI Networking Best Practices – Part Three – OCI Network Connectivity”:

1. Introduction

  • The blog series aims to provide best practices and recommendations for designing, building, securing, and managing OCI network infrastructure.
  • This third part focuses on OCI network connectivity, specifically discussing IPSec VPN and FastConnect.
  • As organizations grow their cloud deployments, ensuring that critical applications are available and connected in a redundant manner is essential to support both planned and unplanned outages.

2. Ensure Your Network Connectivity is Fully Redundant

  • Redundancy is crucial for maintaining the availability of critical applications hosted in OCI.
  • Customers need to ensure that their connectivity methods, such as IPSec VPN and FastConnect, are designed to handle outages effectively.
  • The document emphasizes the importance of planning for redundancy to avoid single points of failure in the network.

3. IPSec Single and Dual CPE

  • It is recommended to deploy two Customer Premise Equipment (CPE) devices with a second set of IPSec tunnels.
  • Ideally, these CPEs should be located in different datacenters or geographies to maximize diversity.
  • If both CPEs are in the same datacenter, they should be on separate power supplies, LAN switches, and connected to different Internet Service Providers (ISPs).
  • The secondary connection must be capable of handling the bandwidth in case the primary connection fails.

4. FastConnect Redundancy Best Practices

  • Review the FastConnect Redundancy Best Practices to understand the number of FastConnect locations available in your OCI region.
  • Identify your FastConnect scenario and assess the level of diversity it provides.
  • Ensure there are no single points of failure along the connectivity path, including in third-party or Oracle partner networks and on-premises setups.

5. Using Border Gateway Protocol (BGP)

  • Implement BGP for dynamically advertising routes, which helps in providing predictable automatic network failover.
  • Regularly perform failover tests to validate that the redundant connections are functioning correctly. This should be done:
    • When first provisioning the connections.
    • On a regular basis (e.g., every 6 months or annually) during scheduled outage windows.

6. Failover Testing

  • Conduct failover tests to ensure that the system behaves as expected during an outage.
  • It is critical to validate that the failback to the primary connection also works correctly after a failover.

7. Conclusion

  • The document underscores the importance of planning and testing for redundancy in OCI network connectivity.
  • By following these best practices, organizations can ensure that their critical applications remain available and resilient against outages.

This summary encapsulates the essential points and recommendations provided in the document, emphasizing the importance of redundancy and proper planning in OCI network connectivity.

Leave a Reply

Your email address will not be published. Required fields are marked *