Private Access to Autonomous Database using Transit Routing (across regions)

One of the frequently asked questions about Autonomous Database is “how can I access the database without having the traffic traversing the internet?”

In case you are keeping the Application on-prem, then the answer is using Transit Routing while connecting to Oracle Cloud Infrastructure (OCI) using VPN or FastConnect from the on-premises network. The architecture looks as simple as this:

No alt text provided for this image

However, when the customer wants to get some hands-on experience and test this scenario, VPN has to be configured first involving the network administrator and going through the companie’s security processes etc. etc. etc.

So I was thinking of how to get started JUST NOW? I came out with a cloud native solution by replacing the on-premises network by another OCI region. At the end, we have plenty of them 😉

The architecture is as follows:

No alt text provided for this image

And here we go with a step by step instruction to create this architecure:

  1. In case you don’t have an Oracle Cloud account yet, register for the Free Tier.

In the Region on the right (LHR), where the Autonomous Database resides:

2. Create your Oracle Autonomous Database. You should be patient enough to wait two minutes to get it 🙂

3. Create a Virtual Cloud Network (VCN) with the following CIDR block: 192.168.0.0/16. you don’t need to create any subnets inside it for this purpose. You don’t need to be patient here, it is created immediatelly!

4. Create a Service Gateway (SGW). Choose “All LHR Services In Oracle Services Network” as the Service.

5. Create a Dynamic Routing Gateway (DRG). As DRG is a stand alone object, attach it to the VCN created in step 3.

6. Create a Route Table with Destination CIDR 10.0.2.0/24 (will be used later) and the DRG created in step 5 as Route Target.

No alt text provided for this image

Attach this Route Table to the SGW created in step 4. On the SGW details side:

No alt text provided for this image

7. Create another Route Table with Destination Service “All LHR Services” and the SGW created in step 4 as Route Target. Attach this Route Table to the DRG created in step 5.

In the Region on the left (ZUR):

8. Create a VCN with the following CIDR block: 10.0.0.0/16

9. Create an Internet Gateway (IGW).

10. Create a Dynamic Routing Gateway (DRG). As DRG is a stand alone object, attach it to the VCN created in step 8.

11. Connect both Regios (both VCNs created in step 3 and 8) with each other via Remote VCN Peering.

12. Create a Route Table (name it RTprivate for example) with Destination CIDR 0.0.0.0/0 (all traffic) and the DRG created in step 10 as Route Target.

13. Create a Security List (name it SLprivate for example) with two rules:

Ingress – Source 10.0.1.0/24 – all protocolls – all ports

Egress – Destination 0.0.0.0/0 – TCP – port 1522

14. Create a Private Subnet with the following CIDR block: 10.0.2.0/24.

Use the Route Table and Securtiy List created in steps 12 and 13.

15. Create a Route Table (name it RTpublic for example) with Destination CIDR 0.0.0.0/0 (all traffic) and the IGW created in step 9 as Route Target.

16. Create a Securtiy List (name it SLpublic for example) with two rules:

Ingress – Source 0.0.0.0/0 – TCP – port 22

Egress – Destination 10.0.2.0/24 – all protocolls – all ports

17. Create a Public Subnet with the following CIDR block: 10.0.1.0/24

Use the Route Table and Securtiy List created in steps 15 and 16.

18. Create a Compute Instance in the Private Subnet.

19. Create a Compute Instance in the Public Subnet.

20. Download Oracle Instante Client to connect to the Database using SQL*Plus.

21. Download the Credential Wallet for your Oracle Autonomous Database.

22. Copy the Oracle Client and the Credential Wallet to the Public Compute Instance created in step 19, e.g. using WinSCP.

23. Connect to the Public Compute Instance created in step 19 via SSH port 22, e.g. using Putty.

Copy the Oracle Client and the Credential Wallet to the Private Compute Instance created in step 18, e.g. using the scp shell command.

Connect to the Private Instance via SSH port 22.

Connect to Autonomous Database via SQL*Plus.

24. Your are done 🙂

Would you like to get notified when the next post is published?