OCI Dynamic Routing Gateway Attachments Part 3 – Remote Peering Connections

Continuing use cases for new Dynamic Routing Gateway v2. This time I’ll look on Remote Peering Connections (RPC) and how that works together with DRG’s.

Earlier posts on DRGv2 are here: Part1 & Part2

In short hardly anything changes, you obviously need VCN on some other Region which you want to connect to another VCN in another Region. Since two Regions where DRGv2 is currently (May, 2021) available are Montreal and San Jose this test will be between those two.

Just to rehash this was our starting point.

So far we’ve only looked on VCN attachments on the DRG and their respective route tables. Adding RPC in the mix follows the same pattern, you just need attachment with a route table in the DRG!

How it works

Remote Peering Connection is similar as it has been, it gets created from DRG to DRG. RPC attachment in the DRG will now guide your traffic which is coming from Remote connection, if my traffic is leaving from Shared Services above to remote VCN via RPC it needs:

• Entry in the subnet route table towards DRG
• Entry in the VCN attachment route table towards local RPC
• Entry in the remote DRG RPC attachment towards remote VCN

Adding remote VCN to above design it could look like below. (Note RT2 although named same, is different between VCNs)

Both RPC attachments are displayed in black, I can again control via the attachment what can be accessed. So for RPC coming from VCN Remote, I only allow connections towards Shared Services VCN and on-premises in the RPC attachment. Yes! You can also connect through RPC to on-premises, normal data charges obviously apply between RPC connections (cross-region traffic).

Again you can create import distributions which are specific for route table so once routes are dynamically imported, you only get those routes which you want to allow through the attachment.

I’d say at first I was somewhat lost with import distributions, attachments and routes but after playing with them a while it starts to clear! If you’re looking on starting to use these, I’d urge you to try out different cases.

Even with building and testing above example, at first I didn’t have connection but then noticed I was missing route entry from my remote VCN’s subnet towards DRG. Multiple places to check and I didn’t remember to fall back to Network Visualizer!

I’ll post a video on building above infrastructure here soon as well.