Implement a secure split-stack architecture and become platform agnostic. Leverage the cost and performance advantages of Oracle Cloud and Oracle Autonomous Database for your applications hosted by other cloud providers.
Originally published in the Oracle Help Center.
Oracle Cloud provides the best performance at the lowest cost for your database workloads and Megaport is a global network as a service provider that provides private interconnection to major cloud providers. You can use Megaport’s multicloud services to set up private cross-cloud connectivity between an autonomous database in Oracle Cloud Infrastructure and an application hosted by a third-party cloud provider.
Architecture
This architecture uses Megaport in a multicloud topology with an autonomous database deployed in an Oracle Cloud region serving an application running in an Amazon Web Services (AWS) region.
Network communication between the application in AWS and the database in Oracle Cloud is routed through private circuits built over Megaport’s Software Defined Network (SDN) Backbone Fabric using AWS Direct Connect and Oracle Cloud Infrastructure FastConnect. Routing between the two circuits is performed by a virtual router hosted by the Megaport Cloud Router.
This reference architecture shows 3 options for connecting virtual interfaces to AWS:
- Private VIF to a virtual private gateway (1 to 1)
- Private VIF to a direct connect gateway (1 to 10)
- Transit VIF to a transit gateway (1 to 5000)
Public virtual interfaces are also supported by Megaport; however, they’re not relevant for this architecture.
The following diagram illustrates this reference architecture.
The architecture has the following components:
Oracle Cloud components
- **Region
**An Oracle Cloud Infrastructure region is a localized geographic area that contains one or more data centers, called availability domains. Regions are independent of other regions, and vast distances can separate them (across countries or even continents). - **Virtual cloud network (VCN) and subnets
**A VCN is a customizable, software-defined network that you set up in an Oracle Cloud Infrastructure region. Like traditional data center networks, VCNs give you complete control over your network environment. A VCN can have multiple non-overlapping CIDR blocks that you can change after you create the VCN. You can segment a VCN into subnets, which can be scoped to a region or to an availability domain. Each subnet consists of a contiguous range of addresses that don’t overlap with the other subnets in the VCN. You can change the size of a subnet after creation. A subnet can be public or private. - **Dynamic routing gateway (DRG)
**The DRG is a virtual router that provides a path for private network traffic between a VCN and a network outside the region, such as a VCN in another Oracle Cloud Infrastructure region, an on-premises network, or a network in another cloud provider. - **FastConnect
**Oracle Cloud Infrastructure FastConnect provides an easy way to create a dedicated, private connection between your data center and Oracle Cloud Infrastructure. FastConnect provides higher-bandwidth options and a more reliable networking experience when compared with internet-based connections. - **Database
**Oracle Cloud Infrastructure offers multiple database services. All of them are qualified for this architecture. This example shows an autonomous database.
Oracle Cloud Infrastructure autonomous databases are fully managed, preconfigured database environments that you can use for transaction processing and data warehousing workloads. You do not need to configure or manage any hardware, or install any software. Oracle Cloud Infrastructure handles creating the database, as well as backing up, patching, upgrading, and tuning the database.
Amazon Web Services
- **Amazon EC2
**Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides compute capacity in the AWS cloud.
In this architecture, the application is hosted on an Amazon EC2 instance. - **Virtual private cloud (VPC)
**A virtual private cloud (VPC) is a virtual network that you create in an Amazon Web Services (AWS) region. - **Direct Connect
**Direct Connect is a private network circuit between a VPC and a network outside AWS. It offers stable throughput and low latency, bypassing the public Internet. It’s the AWS-equivalent of Oracle Cloud Infrastructure FastConnect. - **Private virtual interface (VIF)
**A private virtual interface (VIF) allows the association between a Direct Connect gateway and a virtual private gateway. - **Transit virtual interface (VIF)
**One or more Amazon virtual private cloud (VPC) Transit Gateways associated with Direct Connect gateways. You can use transit virtual interfaces with 1/2/5/10 Gbps AWS Direct Connect Hosted Connection. - **Virtual private gateway (VGW)
**A virtual private gateway (VGW) allows connectivity between a private transit virtual interface (VIF) and resources located in a virtual private cloud (VPC) on private IP addresses. - **Direct Connect Gateway (DGW)
**A Direct Connect Gateway builds upon virtual private gateway capabilities adding the ability to connect to up to 10 VPCs across regions. - **Transit Gateway (TGW)
**A Transit Gateway connects VPCs and on-premises networks through a central hub. This simplifies your network and puts an end to complex peering relationships. It acts as a cloud router – each new connection is only made once.
Megaport components
- **Software-Defined Network (SDN)
**Megaport’s on-demand global Software-Defined Network (SDN) enables fast, flexible, and secure connectivity to the world’s top cloud providers, including Oracle Cloud, Amazon Web Services (AWS), Microsoft Azure, and Google Cloud, across 700+ locations in North America, Asia-Pacific, and Europe. - **Megaport Cloud Router (MCR)
**Megaport Cloud Router (MCR) is a virtual routing service that gives businesses private connectivity at Layer 3. From any of Megaport’s Routing Zones, customers can connect to the critical cloud and managed services you need – without hardware. MCR allows you to route data to and between various cloud providers and platforms without hairpinning your traffic back to a data center or your on-premises environment. - **Megaport Virtual Cross Connect (VXC)
**With an MCR configured, you can create Virtual Cross Connects (VXCs) to connect to services on the Megaport network without the need for any physical infrastructure. A VXC is essentially a private point-to-point Ethernet connection between an A-End (your MCR) and a B-End (for example Oracle Cloud Infrastructure FastConnect or AWS Direct Connect).
Recommendations
Use the following recommendations as a starting point. Your requirements might differ from the architecture described here.
- **Network CIDR blocks
**Select CIDR blocks that don’t overlap with any other network (in Oracle Cloud Infrastructure, your on-premises data center, or another cloud provider) to which you intend to set up private connections. - **Choice of interconnection location
**This architecture requires one or more geographic locations for its components: the Oracle Cloud Infrastructure(OCI) region and associated Oracle Cloud Infrastructure FastConnect edge node, the Amazon Web Services (AWS) region and associated AWS Direct Connect edge node, and the Megaport Cloud Router (MCR) location. If your application doesn’t have stringent dependencies on the network latency between the front-end and the database, you can choose virtually any OCI region, any AWS region, and any MCR location, and use the global reach of the Megaport Network to interconnect the cross-region topology. However, to keep the network latency between the application and the database low, Oracle recommends that you select a city that has an OCI region, an AWS region, and a Megaport Cloud Router location. The MCR is available in 33 metros across 13 countries. - **High availability
**The architecture shows a single end-to-end multicloud interconnection. For high availability in production environments, Oracle recommends that you deploy redundant network resources for each component of the interconnection.
Considerations
When implementing connectivity for a cross-cloud topology, consider the following factors:
- **Performance
**The Megaport Cloud Router (MCR) can scale from 1 Gb/sec to 10 Gb/sec. Therefore, the MCR can scale to support the highest data rates supported by the cloud service providers. The rate limit is an aggregate capacity that determines the speed for all connections through the MCR. MCR bandwidth is shared between the Cloud Service Provider (CSP) connections added to it. - **Security
**The cross-cloud interconnection shown in this architecture is based on a private connection, which is more secure than the public internet. Note that though this connection is private, the traffic is not encrypted. You may encrypt the traffic across this architecture if you wish. - **Availability
**The MCR is available in 33 metropolitan areas across 13 countries including Canada, US, France, UK, Germany, Netherlands, Ireland, Sweden, Japan, Singapore, Hong Kong, Australia and New Zealand. - **Cost
**The cost of the cross-cloud interconnection shown in this architecture depends on the costs of the following resources:- Megaport
- Megaport Cloud Router
- Virtual Cross Connects from MCR to CSPs
- Amazon Web Services
- AWS Direct Connect Port fee
- Egress data transfer fee
- Oracle
- Oracle Cloud Infrastructure FastConnect
- There are no egress fees from Oracle Cloud Infrastructure
Deploy
You can immediately deploy a split-stack architecture across cloud providers from either the Megaport Portal or API.
The deployment is self-service through Megaport. Deploying this reference architecture requires access to the Megaport Portal, Oracle Cloud Portal, and Amazon Web Services (AWS) Portal. Megaport takes care of the Oracle Cloud Infrastructure and AWS interconnection points.
Explore More
Learn more about implementing connectivity for multicloud topologies with Oracle Cloud and other providers using the Megaport Cloud Router.
Review these additional resources:
