Remote Peering:

InterConnect OCI resources

between regions and extend
to on-premises
Lab 2-1 Practices
Get Started

Overview

A Dynamic Routing Gateway (DRG) is an OCI virtual router. It provides a path for traffic
between on-premises networks and Virtual Cloud Networks via Site-to-site VPN, or vía
FastConnect. DRGs are also used for routing traffic between VCNs that are located within the
same region, remote regions, and/or in other OCI accounts (tenancies). Using different types
of attachments, custom network topologies can be constructed using components in different
regions and tenancies. Each DRG attachment has an associated route table which is used to
route packets entering the DRG to their next hop.

A DRG can have multiple network attachments of each of the following types:

• VCN attachments: you can attach multiple VCNs to a single DRG. Each VCN can be in
the same or different tenancies as the DRG.
• RPC attachments: you can peer a DRG to other DRGs (including DRGs in other regions)
using remote peering connections.
• IPSEC_TUNNEL attachments: you can use Site-to-site VPN to attach two or more
IPSec tunnels to your DRG to connect to on-premises networks. This is also allowed
across tenancies.
• VIRTUAL_CIRCUIT attachments: you can attach one or more FastConnect virtual
circuits to your DRG to connect to on-premises networks.

In the following practices, you will configure the dynamic routing gateway created in Lab One
to connect to another group of resources (typically in another region_. This document will use
the UK South (London) region for this purpose, and will be connecting the two DRGs via OCI’s
remote peering connection (RPC). However, RPC can be established between two DRGs
located in the same region. Once this is successfully configured, the original DRG from the
previous lab will be configured to route traffic from on-premises to the new DRG, extending
the existing on-premises to OCI site-to-site VPN reach.

Copyright © 2023, Oracle and/or its affiliates.

26 Remote Peering: InterConnect OCI resources between regions, and extend to on-premises.
In this lab, you’ll:

a. Create the required remote peering resources.

b. Configure a dynamic routing gateway for remote peering.

c. Route from on-premises to the remote region.

Copyright © 2023, Oracle and/or its affiliates.

Remote Peering: InterConnect OCI resources between regions, and extend to on-premises. 27
Create a new set of Resources

Create the resources needed establishing the remote peering connection:

VCN (Create with VCN Wizard. Enable ICMP echo Default Security List)
Name: LHR-AP-LAB02-1-VCN-01
CIDR Block: 172.17.0.0/16
Public Subnet
CIDR Block: 172.17.0.0/24
Private Subnet
CIDR Block: 172.17.1.0/24

DRG
Name: LHR-AP-LAB02-1-DRG-01

VM (Oracle Linux 8, VM.Standard.A1.Flex with 1 OCPU and 6 GB Memory on public

subnet)
Name: LHR-AP-LAB02-1-VM-01

Copyright © 2023, Oracle and/or its affiliates.

28 Remote Peering: InterConnect OCI resources between regions, and extend to on-premises.
Configure Dynamic Routing Gateway for Remote Peering

In this practice, you will attach the VCN to the DRG and create a route rule that will route traffic
to the OCI VCN from the previous lab via the DRG. Next, you will create a remote peering
connection, and capture the OCID of it so you can use it for RPC.

Task: Attach the VCN to the DRG

1. Log into your tenancy and compartment on the Cloud Console.

2. In the main menu, in Networking, click Virtual Cloud Networks.

3. Select the VCN you previously created for this lab: LHR-AP-LAB02-1-VCN-01.

4. Under Resources click Dynamic Routing Gateways Attachments.

a. Click Create DRG Attachment.

b. Under Choose a DRG … select the DRG you previously created for this lab: LHR–AP–
LAB02-1–DRG–01. Leave everything else as is.

c. Click Create DRG Attachment.

d. Under Resources, click Route Tables.

e. Click the Default Route Table for LHR-AP-LAB02-1-VCN-01 link.

Task: Add Route Rules

1. Click Add Route Rules.

• Target Type: Dynamic Routing Gateway
• Destination Type: CIDR Block
• Destination CIDR Block: 172.31.0.0/16 (This is the CIDR block for your OCI VCN
from the previous lab).
• Click Add Route Rules.

2. Under Resources click Security Lists.

3. Click Default Security List for LHR-AP-LAB02-1-VCN-01.

4. Click Add Ingress Rules.

• Source CIDR: 172.31.0.0/16

Copyright © 2023, Oracle and/or its affiliates.

Remote Peering: InterConnect OCI resources between regions, and extend to on-premises. 29
 • IP Protocol: ICMP
• Type: 8
• Leave everything else leave as-is.
• Click Add Ingress Rules.

5. From the main menu, select Networking, and click Dynamic Routing Gateway.

6. Click the link for the DRG you previously created for this lab: LHR-AP-LAB02-1-DRG-01.

Task: Create Remote Peering Connection

1. Under Resources, click Remote Peering Connections Attachments.

2. Click Create Remote Peering Connection.

a. Name: LHR-AP-LAB02-1-RPC-01

b. Click Create Remote Peering Connection.

3. Once it is created to completion, in the middle section of the screen under Remote
Peering Connection, click LHR–AP–LAB02-1–RPC–01.

4. Under Remote Peering Connection Information, find the OCID and copy it to paste in a
minute (Make sure it is not the DRG OCID). It should look similar to this one:
ocid1.remotepeeringconnection.oc1.uk-london-
1.aaaaaaaaqvqaofljpt7em4ae45dw3………………….wbqpxguuz2yjja

5. Under Dynamic Routing Gateways, select the DRG you created in the previous lab: PHX-
AP-LAB01-1-DRG-01.

6. Under Resources, click Remote Peering Connections Attachments.

a. Click Create Remote Peering Connection.

b. Name: PHX–AP–LAB02-1–RPC–01

c. Click Create Remote Peering Connection.

7. Once it is created to completion, In the middle section of the screen under Remote
Peering Connection click PHX–AP–LAB02-1–RPC–01.

8. Click Establish Connection.

Copyright © 2023, Oracle and/or its affiliates.

30 Remote Peering: InterConnect OCI resources between regions, and extend to on-premises.
9. Under Region, from the drop-down list of regions, select the right one. In this document it
is uk-london-1.

10. In the Remote Peering Connection OCID field, paste the OCID you copied from the RPC
in the new DRG.

11. Under Remote Peering Connection Information, wait for the Peering status field to
change to Peered status.

12. In the main menu, in Networking, click Virtual Cloud Networks.

13. Select the VCN you created for the previous lab: PHX-AP-LAB01-1-VCN-01.

14. Under Resources click Route Tables.

15. Click Default Route Table for PHX-AP-LAB01-1-VCN-01.

16. Click Add Route Rules.

• Target Type: Dynamic Routing Gateway

• Destination Type: CIDR Block
• Destination CIDR Block: 172.17.0.0/16 (This is the CIDR block for your new VCN
for this lab).
• Click Add Route Rules.

17. In the breadcrumbs in the top left of the browser, click PHX-AP-LAB01-1-VCN-01.

18. Under Resources click Security Lists.

19. Click Default Security List for PHX-AP-LAB01-1-VCN-01.

20. Click Add Ingress Rules.

• Source CIDR: 172.17.0.0/16

• IP Protocol: ICMP
• Type: 8
• Leave everything else leave as-is.
• Click Add Ingress Rules.

You have configured remote peering connection between the two DRGs. Your compute
instances on either one of the VCNs should be able to ping the private IP address of the other
end. Test the connectivity. Retrieve the private IP address of your OCI compute instance from

Copyright © 2023, Oracle and/or its affiliates.

Remote Peering: InterConnect OCI resources between regions, and extend to on-premises. 31
the previous lab. SSH into the new VM (the one you created in this lab) and ping it. Try the
opposite direction too. You can now route between your two OCI VCNs. This concludes this
section. Next, let’s configure routing from on-premises to the remote VCN!

Copyright © 2023, Oracle and/or its affiliates.

32 Remote Peering: InterConnect OCI resources between regions, and extend to on-premises.
Route from On-premises to the Remote Region

In this practice, you will combine this lab and the first lab. You’ll route from your “on-premises”
resources via the site-to-site VPN (created in the previous lab) to the remote region via the
remote peering connection (from this lab). To accomplish this, you will configure the Original
DRG (from Lab 1) to route traffic from the VPN to the RPC, and vice versa.

When you configured the on-premises network route and security rules, you used the CIDR
Block 172.16.0.0/12. The reason for this was to include both OCI VCNs, which are 172.31.0.0/16
and 172. 17.0.0/16. Therefore this part was already preconfigured.

Before working on the DRG from lab 1, you’ll configure the route rules and security list in the
new VCN.

Task: Add Route Rules

1. In the main menu, in Networking, click Virtual Cloud Networks.

2. Select your VCN, LHR-AP-LAB02-1-VCN-01.

3. Under VCN Information, click Default Route Table for LHR-AP-LAB02-1-VCN-01.

4. Click Add Route Rules.

• Target Type: Dynamic Routing Gateway
• Destination Type: CIDR Block
• Destination CIDR Block: 192.168.20.0/24
• Click Add Route Rules.

5. In the breadcrumbs in the top left, click LHR-AP-LAB02-1-VCN-01.

6. Under Resources, click Security Lists.

7. Click Default Security List for LHR-AP-LAB02-1-VCN-01.

8. Click Add Ingress Rules.

• Source CIDR: 192.168.20.0/24
• IP Protocol: ICMP
• Type: 8
• Click Add Ingress Rules.

Copyright © 2023, Oracle and/or its affiliates.

Remote Peering: InterConnect OCI resources between regions, and extend to on-premises. 33
This part is done. From the VCNs standpoint, it appears that you could ping the private IP
address of the “on-premises” compute instance from the new VM (LHR-AP-LAB02-1-VM-
01) . As part of this exercise, log into your new VM and try pinging you on-premises VM. It will
fail. Leave it running.

Now you will configure the DRG from the previous lab.

Task: Configure DRG

1. In the main menu, in Networking, click Dynamic Routing Gateway.

2. Select the VCN: PHX–AP–LAB01-1–DRG–01.

3. Under Resources click Import Route Distributions.

4. Click Create Import Route Distribution.

a. Name: PHX-AP-LAB02-1-RD-VPN-01

b. Priority: 1

c. Match Type: Attachment Type

d. Attachment Type: IPSec Tunnel

e. Click Create Import Route Distribution.

5. Click Create Import Route Distribution again.

a. Name: PHX–AP–LAB02-1–RD-RPC–01

b. Priority: 2

c. Match Type: Attachment Type

d. Attachment Type: Remote Peering Connection

e. Click Create Import Route Distribution.

6. Under Resources, click DRG Route Tables.

7. Click Create DRG Route Table.

a. Name: PHX–AP–LAB02-1–RT-VPN–01

Copyright © 2023, Oracle and/or its affiliates.

34 Remote Peering: InterConnect OCI resources between regions, and extend to on-premises.
 b. Click Show Advanced Options.

c. Check the Enable Import Route Distribution checkbox.

d. In the Import Route Distribution field, select PHX-AP-LAB02-1-RD-RPC-01.

e. Click Create DRG Route Table.

8. Click Create DRG Route Table.

a. Name: PHX–AP–LAB02-1–RT-RPC–01

b. Click Show Advanced Options.

c. Check the Enable Import Route Distribution checkbox.

d. In the Import Route Distribution field, select PHX-AP-LAB02-1-RD-VPN-01.

e. Click Create DRG Route Table.

9. Under Resources click Remote Peering Connections Attachments.

10. To the right of the RPC Attachment listed, right-click Actions Menu (three vertical dots).

11. Select View Details.

12. Click Edit.

13. In the Choose a DRG Route Table drop-down list, select PHX-AP-LAB02-1-RT-RPC-01.

14. Click Save Changes.

15. In the breadcrumbs area, click PHX–AP–LAB01-1–DRG–01.

16. Under Resources, click IPSec Tunnel Attachments.

17. To the right of the IPSec tunnel Attachment listed, right-click the Actions Menu.

18. Select View Details.

19. Click Edit.

20. In the Choose a DRG Route Table select PHX-AP-LAB02-1-RT-VPN-01.

21. Click Save Changes.

Copyright © 2023, Oracle and/or its affiliates.

Remote Peering: InterConnect OCI resources between regions, and extend to on-premises. 35
22. In the breadcrumbs area, click PHX–AP–LAB01-1–DRG–01.

23. Under Resources, click IPSec Tunnel Attachments.

24. To the right of the IPSec tunnel Attachment listed, right-click the Actions Menu.

25. Select View Details.

26. Click Edit.

27. In the Choose a DRG Route Table select PHX-AP-LAB02-1-RT-VPN-01.

28. Click Save Changes.

This completes the DRG configuration. Now go back to the pinging session you left running. It
is working!

This concludes this lab.

You can find more information on managing DRGs, route distributions and route tables here:
https://docs.oracle.com/en-us/iaas/Content/Network/Tasks/managingDRGs.htm

Copyright © 2023, Oracle and/or its affiliates.

36 Remote Peering: InterConnect OCI resources between regions, and extend to on-premises.