27 ‐ Interconnect OCI Scenarios 1–5 with Azure Scenarios 1–5 - SanjeevOCI/Study GitHub Wiki

Scenario 6 – Interconnect OCI Scenarios 1–5 with Azure Scenarios 1–5

Objective

Establish hybrid/multi-cloud connectivity between OCI and Azure so that equivalent scenarios in both clouds can communicate securely.
Example: An OCI Hub–Spoke setup (Scenario 3–5) can communicate with an Azure Hub–Spoke setup for DR, data sync, shared services, or workload migration.

High-Level Design

  • OCI Side: Scenarios 1–5 deployed in OCI (VCN + subnets + gateways)
  • Azure Side: Scenarios 1–5 deployed in Azure (VNet + subnets + gateways)
  • Interconnect: Site-to-Site VPN or FastConnect (OCI) ↔ ExpressRoute (Azure) for private IP-to-IP connectivity

OCI Lab Steps

1. Prepare OCI Network

  • Create DRG in OCI (Hub VCN if using Hub–Spoke)
  • Attach required VCNs (Hub and/or Spokes) to the DRG
  • Create route rules in DRG Route Tables:
    • Azure VNet CIDRs → VPN/FastConnect attachment
    • Azure subnets for specific scenarios
  • Create route rules in VCN Route Tables:
    • Azure CIDRs → DRG

2. Configure Site-to-Site VPN or FastConnect

  • Create IPSec Connection (for VPN) or FastConnect with correct Azure edge peering
  • Use Azure VPN Gateway’s public IP for VPN setup
  • Define Azure CIDRs in OCI’s IPSec configuration

Azure Lab Steps

1. Prepare Azure Network

  • Create Azure VPN Gateway or ExpressRoute Gateway
  • Connect to OCI’s DRG public IP (VPN) or FastConnect partner
  • Define OCI VCN CIDRs in Azure Local Network Gateway (LNG)
  • Create route entries in Azure VNet Route Tables (UDRs):
    • OCI CIDRs → VPN Gateway

2. Configure Peering

  • Ensure Hub–Spoke VNets in Azure allow traffic from VPN Gateway
  • In Hub–Spoke:
    • Hub UDR: OCI CIDRs → VPN Gateway
    • Spoke UDR: Forward OCI-bound traffic to Hub if needed

Security Considerations

  • Allow only necessary ports between OCI and Azure workloads
  • Use NSGs in Azure and NSGs/Security Lists in OCI to restrict cross-cloud traffic
  • Use private DNS for name resolution across clouds (Azure Private DNS + OCI Private DNS)

Verification Steps

  1. Ping/SSH/RDP from OCI private subnet to Azure private subnet
  2. Test scenario-specific flows:
    • OCI Web → Azure App
    • Azure App → OCI DB
  3. Check route propagation in DRG and Azure VPN Gateway
  4. Monitor with:
    • OCI VCN Flow Logs
    • Azure NSG Flow Logs

Example Use Cases

  • DR: Replicate DB from OCI to Azure
  • Shared Services: Use Azure AD for auth in OCI workloads
  • Migration: Gradually shift app tiers from OCI to Azure

Checklist

  • OCI DRG attached to all required VCNs
  • OCI Route Tables updated for Azure CIDRs
  • Azure VPN Gateway configured with OCI DRG IP
  • Azure UDRs updated for OCI CIDRs
  • NSG/Security Lists updated
  • Connectivity tests passed