z ‐ Connecting 2 VCNs using Local Peering Gateway in Same Region - SanjeevOCI/Ocidocs GitHub Wiki
To connect an application server in VCN-1 to a database in VCN-2, both in the same region, you need to configure Local Peering Gateway (LPG), Route Tables, and Security Lists. Below are the step-by-step instructions:
Step 1: Create Local Peering Gateways (LPGs)
-
In VCN-1:
- Go to the OCI Console.
- Navigate to Networking > Local Peering Gateways.
- Click Create Local Peering Gateway.
- Provide a name (e.g.,
LPG-VCN1) and associate it with VCN-1.
-
In VCN-2:
- Repeat the same steps to create another LPG (e.g.,
LPG-VCN2) and associate it with VCN-2.
- Repeat the same steps to create another LPG (e.g.,
Step 2: Establish Peering Between LPGs
- Go to the LPG-VCN1 in the OCI Console.
- Click Establish Peering.
- Select LPG-VCN2 as the peer gateway.
- Confirm the peering connection.
Step 3: Update Route Tables
-
In VCN-1:
- Go to Networking > Route Tables.
- Select the route table associated with the subnet where the app server resides.
- Add a new route rule:
- Destination CIDR: CIDR block of VCN-2 (e.g.,
10.1.0.0/16). - Target Type: Local Peering Gateway.
- Target:
LPG-VCN1.
- Destination CIDR: CIDR block of VCN-2 (e.g.,
-
In VCN-2:
- Go to Networking > Route Tables.
- Select the route table associated with the subnet where the database resides.
- Add a new route rule:
- Destination CIDR: CIDR block of VCN-1 (e.g.,
10.0.0.0/16). - Target Type: Local Peering Gateway.
- Target:
LPG-VCN2.
- Destination CIDR: CIDR block of VCN-1 (e.g.,
Step 4: Update Security Lists
-
In VCN-1 (App Server Subnet):
- Go to Networking > Security Lists.
- Select the security list associated with the app server's subnet.
- Add an Ingress Rule:
- Source CIDR: CIDR block of VCN-2 (e.g.,
10.1.0.0/16). - Protocol: TCP.
- Port Range: The port used by the database (e.g.,
1521for Oracle DB).
- Source CIDR: CIDR block of VCN-2 (e.g.,
- Add an Egress Rule:
- Destination CIDR: CIDR block of VCN-2 (e.g.,
10.1.0.0/16). - Protocol: TCP.
- Port Range: The port used by the database.
- Destination CIDR: CIDR block of VCN-2 (e.g.,
-
In VCN-2 (Database Subnet):
- Go to Networking > Security Lists.
- Select the security list associated with the database's subnet.
- Add an Ingress Rule:
- Source CIDR: CIDR block of VCN-1 (e.g.,
10.0.0.0/16). - Protocol: TCP.
- Port Range: The port used by the database (e.g.,
1521).
- Source CIDR: CIDR block of VCN-1 (e.g.,
- Add an Egress Rule:
- Destination CIDR: CIDR block of VCN-1 (e.g.,
10.0.0.0/16). - Protocol: TCP.
- Port Range: The port used by the database.
- Destination CIDR: CIDR block of VCN-1 (e.g.,
Step 5: Test the Connection
- SSH into the app server in VCN-1.
- Use a database client (e.g.,
sqlplusortelnet) to connect to the database in VCN-2 using its private IP and port.telnet <db-private-ip> 1521 - If the connection is successful, the setup is complete.
Summary of Configuration
- LPGs: Created and peered between VCN-1 and VCN-2.
- Route Tables: Updated to route traffic between VCNs via LPGs.
- Security Lists: Configured to allow traffic between the app server and database.
This setup ensures secure and private communication between the app server and the database across VCNs.