z ‐ Connecting 2 VCNs in Same Region & Different Region - SanjeevOCI/Ocidocs GitHub Wiki
Connecting 2 VCNs in OCI
1. Same Region (Using Local Peering Gateway - LPG)
-
Create Local Peering Gateways (LPGs):
- In VCN-1, create an LPG (e.g.,
LPG-VCN1). - In VCN-2, create another LPG (e.g.,
LPG-VCN2).
- In VCN-1, create an LPG (e.g.,
-
Establish Peering:
- Go to
LPG-VCN1and establish peering withLPG-VCN2.
- Go to
-
Update Route Tables:
- In VCN-1, add a route in the route table of the app subnet:
- Destination CIDR: CIDR of VCN-2.
- Target:
LPG-VCN1.
- In VCN-2, add a route in the route table of the DB subnet:
- Destination CIDR: CIDR of VCN-1.
- Target:
LPG-VCN2.
- In VCN-1, add a route in the route table of the app subnet:
-
Update Security Lists:
- In both VCNs, update security lists to allow ingress/egress traffic for the required ports and CIDRs.
2. Different Regions (Using Remote Peering Connection - RPC)
-
Create Dynamic Routing Gateways (DRGs):
- In VCN-1, create a DRG and attach it to the VCN.
- In VCN-2, create another DRG and attach it to the VCN.
-
Create Remote Peering Connections (RPCs):
- In DRG-1 (for VCN-1), create an RPC (e.g.,
RPC-VCN1). - In DRG-2 (for VCN-2), create another RPC (e.g.,
RPC-VCN2).
- In DRG-1 (for VCN-1), create an RPC (e.g.,
-
Establish Peering:
- Go to
RPC-VCN1and establish peering withRPC-VCN2.
- Go to
-
Update Route Tables:
- In VCN-1, add a route in the route table of the app subnet:
- Destination CIDR: CIDR of VCN-2.
- Target:
DRG-1.
- In VCN-2, add a route in the route table of the DB subnet:
- Destination CIDR: CIDR of VCN-1.
- Target:
DRG-2.
- In VCN-1, add a route in the route table of the app subnet:
-
Update Security Lists:
- In both VCNs, update security lists to allow ingress/egress traffic for the required ports and CIDRs.
These steps ensure secure communication between VCNs in the same or different regions.