Connect Google Virtual Private Clouds to Oracle Cloud Infrastructure using Equinix

Last reviewed 2023-08-27 UTC

This document discusses how to use Equinix Network Edge and Partner Interconnect to deploy private, multi-cloud connectivity between Google Cloud Virtual Private Cloud (VPC) networks and Oracle® virtual cloud networks (VCNs).

This document is intended for cloud network engineers and operation professionals who want to interconnect their Google Cloud environment to an Oracle Cloud environment. It assumes that you're familiar with Virtual Private Cloud. It also assumes that you have a basic understanding of the following concepts:

  • Networking architecture
  • Configuring Google Cloud and Oracle Cloud
  • Equinix Platform solutions
  • Cisco CSR1000V settings

In this document the Cisco CSR1000V router is used as an Equinix Network Edge vRouter.

Architecture

To connect your cloud networks between Google Cloud and Oracle Cloud through private connections, find a colocation facility where both cloud providers meet. This document uses the Equinix colocation facility located in Ashburn, Virginia.

For more information about colocation facilities with private connections to multiple cloud providers, see Equinix Fabric.

The following diagram shows the network architecture described in this document.

Data flowing from a Virtual Private Cloud, to a colocation facility, and finally to an Oracle
Cloud instance.

The previous diagram displays how data from a Virtual Private Cloud routes through a colocation facility on its way to an Oracle Cloud instance.

There are various network architecture designs and considerations for production and non-production usages. This document discusses how to create redundant connections using a Cloud Router and Partner Interconnect through a pair of redundant Equinix Network Edge virtual routers (vRouters) to Oracle Cloud VCNs.

For more information on other network designs and considerations, see Cloud Dedicated and Partner Interconnect Service Level Agreement (SLA) and Google Cloud redundancy and SLA.

Objectives

  • Create a pair of partner Interconnect attachments.
  • Provision an Equinix Network Edge vRouter.
  • Connect the Equinix Network Edge vRouter to Partner Interconnect.
  • Create an Oracle Cloud FastConnect connection.
  • Connect the Equinix Network Edge vRouter to the Oracle Cloud FastConnect.

Costs

Use the following links to learn about Oracle Cloud pricing details:

When you finish the tasks that are described in this document, you can avoid continued billing by deleting the resources that you created. For more information, see Clean up.

Before you begin

Ensure you meet the prerequisites for each product.

Google Cloud

In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

Go to project selector

Make sure that billing is enabled for your Google Cloud project.

Enable the Compute API.

Enable the API

In the Google Cloud console, activate Cloud Shell.

Activate Cloud Shell

Oracle Cloud

Make sure that you have the appropriate OCI Identity and Access Management permissions to use Oracle FastConnect and Oracle Virtual Cloud Network.

Equinix

If you aren't an Equinix customer, you can use an Equinix Network Edge free trial.

Create a pair of Google Partner VLAN attachments

For Equinix to create a VLAN attachment on your behalf on your Virtual Private Cloud, you need to create a pairing key. To create that key, complete the following steps:

  1. In the the Google Cloud console menu, under Networking, select Hybrid Connectivity, then Interconnect.
  2. Select Partner Interconnect, then click Continue.
  3. Select I already have a service provider.
  4. On the Add Partner VLAN attachment page, select Create a redundant pair of VLAN attachments (recommended).
  5. Select the proper Network and Region to locate your Virtual Private Cloud for VLAN attachments. In this deployment, use us-east4 (Virginia) to Oracle Cloud at Equinix location Ashburn.

    For more information about regions, see Regions and zones.

  6. For VLAN A, select Create new router, name your Cloud Router, then click Create.

    • Name your VLAN A attachment, and choose an MTU. The Cloud Router ASN of 16550 is assigned by Google Cloud.
  7. For VLAN B, select the Cloud Router you created for VLAN A, then name your VLAN B attachment. Choose the same MTU as VLAN A.

  8. Click Create.

  9. Copy the pairing keys for later use at the Equinix Fabric portal.

A pair of VLAN attachments are created with a pairing key for each. The ending digit of the pairing key, either /1 or /2, indicates the edge availability domain zone (zone 1 or zone 2) that the VLAN attachment belongs to. The process in the next section uses the pairing key of edge availability domain zone 1 to create the first VLAN attachment from Google Cloud over Partner Interconnect.

For more information, see pairing keys.

Provision the Equinix Network Edge vRouter

The Equinix Network Edge vRouter acts as an intermediary device between Google Cloud and Oracle Cloud infrastructure (OCI). Both Cloud Router and OCI Dynamic Routing Gateway (DRG) establish a BGP session to this Equinix Network Edge vRouter.

Use the following steps to provision the Equinix Network Edge vRouter.

  1. Access the Equinix Fabric portal and log in.
  2. In the Network Edge tab, click Create Virtual Device.
  3. On the Add New Edge Device page, select a vendor package for your virtual device.
  4. Select the Cisco CSR 1000V virtual router.
  5. Click Select and Continue.
  6. Choose the single device without redundancy deployment mode.
    • Select the high availability option with redundant devices.
    • Select the cluster option when setting up a production environment.
  7. Click Begin Creating Edge Device(s).

Add details about your Equinix account

Select your location and set device details.

  1. In the Equinix Fabric portal, select Location > Metro > Ashburn. Then select your Equinix account for that location.
  2. Click Next: Device Details.
  3. For Device Details, choose the following:
    • Device Configuration: Select Equinix-Configured.
    • Licensing: Select Subscription.
    • Device Resources: Select 2 Cores, 4 GB Memory.
    • Software Package: Select Security.
    • Software Version: Select the latest version.
    • License Throughput: Select the lowest option.
    • Device Details: Enter equinix-gcp-multicloud as the device name and eqixgcpmulti as the hostname prefix.
    • Device Status Notifications: Enter your email address.
    • Term Length: Select One Month (the default).
    • Leave the default options for the rest of the remaining fields.

Set up additional Equinix services

  1. Click Next: Additional Services.
  2. For Additional Services, choose an option from WAN Interface Access Control List, and leave the default options for the rest of the remaining fields.
  3. Click Next: Review.
  4. In the Review and Submit page, review device information.
  5. In Terms and Conditions, click Review and Accept Order Terms. If you accept the terms, click Accept.

    Accepting the terms enables the Create Edge Device button.

  6. Click Create Edge Device.

  7. After your device is created, you can go to the Network Edge tab and Virtual Device Inventory to check the status, as shown in the following screenshot:

    The Equinix Fabric portal showing various data points.

Connect the Equinix Network Edge vRouter to the Partner Interconnect

In the following steps, you supply the pairing keys you created in the previous section. These keys let Equinix complete the VLAN attachment creation.

You also connect the newly provisioned Equinix Network Edge vRouter to Partner Interconnect:

  1. In the Equinix Fabric portal, click the Connections tab, and then click Create Connection.
  2. In Frequent Connections, select the Google Cloud Platform service profile.
  3. Click Create Connection in Partner Interconnect Zone 1.

  4. Make the following choices on the Select Locations page:

    • Origin: Select Virtual Device.
    • Location: Select Ashburn.
    • Select the virtual device you just created.
    • Destination: Select Ashburn.
  5. Click Next.

  6. Make the following choices on the Connection Details page:

    • Virtual Connection Name: Enter equinix-gcp.
    • Google Pairing Key - Ends with /1: Enter the Google Cloud VLAN attachment pairing key that you copied earlier.
    • Select a Connection Speed.
  7. Click Next.

  8. On the Review page, verify the connection details, the notification email address, and then click Submit your Order. Once the order is submitted, provisioning starts.

    Provisioning the connection to Google Cloud takes a couple minutes.

Activate the connection

After the connection is provisioned by Equinix, you can go back to the Google Cloud console to activate your VLAN attachment:

  1. In the console, on the Networking menu, select Hybrid Connectivity > Interconnect.
  2. Select the VLAN attachment that you selected previously, its status should be Activation needed.
  3. On the VLAN attachment details page: Click Activate, then click Accept.
  4. Click BGP session.
  5. On the Edit BGP session page, enter 61000 for Peer ASN.
  6. Write down the Cloud Router BGP IP address (169.254.113.49, for example) and the BGP Peer IP address (169.254.113.50 for example).

Configure the BGP connection

In the previous steps, you configured the Cloud Router BGP. In this step, you create a BGP configuration on the Equinix Network Edge vRouter side to establish a BGP session between Google Cloud Router and Equinix Network Edge vRouter:

  1. In the Equinix Fabric portal, click Network Edge tab, then click View Virtual Device Inventory.
  2. Select equinix-gcp-multicloud as your device.
  3. In the Connections tab, select your Google Partner Interconnect connection.
  4. Complete the following BGP session details with the data taken from Google Cloud console:

    • Local ASN: Enter 65100. That is the same value as Peer ASN.
    • Local IP Address: Use the BGP Peer IP address (for example, 169.254.113.50/29) that you wrote down previously. Add /29 if not already present.
    • For Remote ASN, select Google Cloud ASN 16550, assigned by Google Cloud.
    • For Remote IP address, use the Cloud Router BGP IP address (for example, 169.254.113.49) that you wrote down previously.
    • For BGP Authentication Key, leave the field blank.
    • Click Accept.

    Create a BGP configuration on the Equinix Network Edge vRouter.

After a few minutes, the Equinix Primary BGP Information details dialog shows the status of the BGP session as Established. To verify that the BGP session for your Partner Interconnect is up, go to Google Cloud console.

Create an Oracle Cloud FastConnect connection

This section shows how to create an Oracle Cloud FastConnect connection with Equinix vRouter on the OCI side. These steps are subject to change without notice.

  1. In the Oracle Cloud FastConnect console, select Ashburn as your region.
  2. Create the Dynamic Routing Gateway (DRG):
    • Go to Networking.
    • Select Dynamic Routing Gateway and enter your options into the form.
  3. Click Create Dynamic Routing Gateway.

    Wait until the DRG provisions before proceeding.

  4. Attach the DRG to your VCN:

    • Select your previously created DRG.
    • Select Create Virtual Cloud Network Attachment.
    • Select your VCN within your desired compartment.
  5. Click Create Virtual Cloud Network Attachment.

  6. Create a connection:

    • Select FastConnect Partner.
    • Select Equinix Fabric.
  7. Click Next. The Create Connection page appears.

  8. Provide the following data in the Create Connection page:

    • Name your connection.
    • Select Private Virtual Circuit and the DRG that you created.
    • Select a Bandwidth of 1 Gbps.
    • Configure BGP Information
      • Enter 65100 (the private ASN used by the Equinix vRouter) for Customer BGP ASN.
      • Enter 10.2.0.2/30 for Customer BGP IPv4 Address.
      • Enter 10.2.0.1/30 for Oracle BGP IPv4 Address.
  9. Click Create. An Oracle Cloud ID (OCID) is created.

  10. Copy the OCID for later use at the Equinix Fabric portal.

    The virtual circuit is now in the Pending Provider state.

For more information, see Oracle Cloud Infrastructure FastConnect.

Connect the Equinix Network Edge vRouter to the Oracle Cloud FastConnect

In this step, you'll create a virtual circuit from the Equinix Network Edge vRouter to the Oracle Cloud FastConnect connection which was created in the previous section.

  1. Log in to the Equinix Fabric portal.
  2. Click the Connections tab, then click Create Connection.
  3. Select Oracle Cloud Infrastructure OCI – FastConnect Layer 2 service profile from the Frequent Connections menu.
  4. Click Create Connection.

    Changes begin when the connection request is submitted.

  5. On the Select Locations page:

    • Origin: Select Virtual Device.
    • Location: Select Ashburn, then find your virtual device.
    • Destination: Select Ashburn.
  6. Click Next.

  7. On the Connection Details page:

    • Virtual Connection Name: Enter equinix-oci.
    • Virtual Circuit OCID: Enter the OCID created from Oracle Cloud.
  8. Click Submit your Order.

Once your connection is provisioned, continue to the next step to configure the BGP session. To refer to the BGP information, go to your Oracle Cloud console, and view the Connection Detail page in the BGP Information tab.

Configure the BGP connection on the Equinix Fabric portal

To refer to the BGP information mentioned in this section, go to your Oracle Cloud console, and view the Connection Detail page in the BGP Information tab.

To configure the BGP connection on the Equinix Fabric portal, use the following instructions:

  1. In the Equinix Fabric portal, click Network Edge, then click View Virtual Device Inventory.
  2. Select your device (equinix-gcp-multicloud).
  3. In the Connections tab, select your Oracle Cloud FastConnect connection.
  4. Complete the following BGP session with the data taken from the Oracle Cloud console:
    • For Local ASN, use 65100.
    • For Local IP Address, use 10.2.0.2/30.
    • For Remote ASN, use 31898. Refer to Oracle BGP ASN on BGP Information from the Oracle Cloud console. This Oracle BGP ASN is assigned by Oracle Cloud.
    • For Remote IP address, use 10.2.0.1. Remove the trailing /30.
    • For the BGP Authentication Key, leave it blank.
  5. Click Accept.

After a few minutes, the Equinix Primary BGP Information details dialog shows the status of the BGP session as Established. You can go to the Oracle Cloud Console to verify that the BGP session for your Oracle Cloud FastConnect is up.

Verify the BGP session status from Equinix Fabric Portal

In the Equinix Fabric Portal, select the following options on the Network Edge tab:

  • Select Virtual Device Inventory.
  • Select your device. Access the Connections page, select each connection, and then look for the following BGP configuration information:
    • Provisioning Status: Provisioned
    • BGP State: Established

Verify the connectivity between Google Cloud and Oracle Cloud

To verify the connectivity between Google Cloud and Oracle Cloud, provision a virtual machine (VM) in both Google Cloud and Oracle Cloud:

  1. In Google Cloud console, start an SSH session from a Google Cloud VM.
  2. Ping a remote VM in Oracle Cloud.

For more information, see the firewall rules on the VPC.

Also, see the ingress and egress rules sections of security lists, network security groups, and network ACLs on the OCI VCN.

To make a second connection, repeat the steps for all but the Create a pair of Google Partner VLAN attachments objective that you completed.

Clean up

To avoid unnecessary charges to your Google Cloud, Equinix, or Oracle Cloud resources after completing your work, delete the following resources.

Delete the Equinix vRouter

  1. In the Equinix Fabric portal, in the Network Edge tab, click View Virtual Devices, then select your virtual router.
  2. In Connections tab of your virtual router, select the Google Cloud connection, and then click Delete Connection. Delete the second connection if any.
  3. Select the Oracle Cloud FastConnect connection and click Delete Connection. Delete the second connection if any.
  4. After all the connections have been deprovisioned, click the Details tab and on the bottom of the page, click Delete Device.

Delete the Google Cloud resources

To delete the Google Cloud resources that you created:

  1. Delete VLAN attachment.
  2. Delete Cloud Router.
  3. Delete Virtual Private Cloud.
  4. If you created a project, delete the project.

Delete the Oracle Cloud resources

To delete the Oracle Cloud resources that you created:

  1. Delete FastConnect.
  2. Delete the Dynamic Routing Gateway Attachment.
  3. Delete the Dynamic Routing Gateway.
  4. Delete the Virtual Cloud Network.
  5. If you created a compartment, delete the compartment.

What's next