z ‐ Different scenarios for VCN‐to‐VCN communication - SanjeevOCI/Ocidocs GitHub Wiki
Use Case:
To connect two VCNs within the same region and same tenancy.
Service Used:
-
Local Peering Gateway (LPG)
Key Points:
-
Low-latency, private communication.
-
Each VCN must have an LPG and a route rule to direct traffic to the other VCN.
-
Security list or NSG rules must allow traffic.
Use Case:
To connect VCNs in different regions but same tenancy.
Service Used:
-
Remote Peering Connection (RPC) with Dynamic Routing Gateway (DRG)
Key Points:
-
Enables cross-region private traffic.
-
Requires DRGs in both VCNs and a remote peering connection between them.
Use Case:
To connect VCNs in different tenancies (e.g., B2B, partner access).
Service Used:
-
Local or Remote Peering, depending on location.
-
Identity policies (IAM) must be configured for cross-tenancy access.
Key Points:
-
More secure and controlled sharing.
-
Requires collaboration between tenancy administrators.
Use Case:
To manage multiple VCNs centrally, often in complex environments with many applications or business units.
Service Used:
-
DRG as a transit hub
-
VCN attachments to the DRG
-
DRG Route Tables and DRG Attachments
Key Points:
-
Centralizes connectivity and routing.
-
Simplifies management.
-
Supports inspection, logging, or security appliances between VCNs.
Use Case:
Less common, but sometimes used for special security controls or segmentation.
Service Used:
-
IPSec VPN or FastConnect
-
Could use on-prem as an intermediary
Key Points:
-
More complex setup.
-
Usually not recommended for intra-region VCN connections.
🔹 Summary Table
| Scenario | Same Region? | Same Tenancy? | Service Used |
|---|---|---|---|
| Local Peering | Yes | Yes | Local Peering Gateway (LPG) |
| Remote Peering | No | Yes | DRG + Remote Peering |
| Cross-Tenancy Peering | Yes/No | No | LPG or DRG + IAM Policies |
| Hub-and-Spoke (Transit Routing) | Yes/No | Yes/No | DRG + Attachments |
| VPN/FastConnect Between VCNs | Optional | Optional | IPSec VPN / FastConnect |