FastConnect Requirements

This topic covers the requirements for implementing FastConnect.

For general information about FastConnect, see the articles listed for FastConnect.

Before Getting Started: Learn and Plan

Here are basic things you need to do before getting started with FastConnect:

  • FastConnect concepts: Be familiar with the basic concepts covered in FastConnect Concepts.
  • Limits increase: If you are colocated with Oracle, you must ask Oracle to increase your account limits for cross-connects. By default, these limits are initially set to 0, and a request to create a cross-connect will fail. For instructions, see Requesting a Service Limit Increase. In your request, indicate the region where you need the resources. It can take a couple of business days for the limit increase to take effect.
  • Hardware and routing requirements: Review the hardware and routing requirements.
  • Tenancy setup and compartment design: If you haven't yet, set up your tenancy. Think about who needs access to Oracle Cloud Infrastructure and how. For more information, see Setting Up Your Tenancy. Specifically for FastConnect, see Required IAM Policy to understand the policy required to work with FastConnect components.
  • Cloud network design: Design your virtual cloud network (VCN), including how you want to allocate your VCN's subnets, define security list rules, define route tables, set up load balancers, and so on. For more information, see Networking.
  • Redundancy: Think through your overall redundancy model to ensure your network can handle planned maintenance by Oracle or your organization, and unexpected failures of the various components. For best practices, see FastConnect Redundancy Best Practices.
  • Public IP prefixes: If you plan to set up a public virtual circuit, get the list of the public IP prefixes that you want to use with the connection. Oracle must validate your organization's ownership of each of the prefixes before advertising each one over the connection.
  • Cloud network setup: Set up your VCN, subnets, DRG, security lists, IAM policies, and so on, according to your design.

General Requirements

Before getting started with FastConnect, ensure that you meet the following requirements:

  • Oracle Cloud Infrastructure account, with at least one user with appropriate Oracle Cloud Infrastructure Identity and Access Management (IAM) permissions (for example, a user in the Administrators group).
  • Network equipment that supports Layer 3 routing using BGP.
  • For colocation with Oracle: Ability to connect using single mode fiber in your selected FastConnect location. Also see Hardware and Routing Requirements.
  • For connection to an Oracle partner: At least one physical network connection with the partner. Also see Hardware and Routing Requirements.
  • For connection to a third-party provider: At least one physical connection with the provider. Also see Hardware and Routing Requirements.
  • For private peering only: At least one existing DRG set up for your VCN.
  • For public peering only: The list of public IP address prefixes that you want to use with the connection. Oracle will validate your ownership of each prefix.
Important

If you intend to colocate with Oracle, you must ask Oracle to increase your account limits for cross-connects. These default limits are initially set to 0, and a without a specific request for a limit increase you won't be able to create a valid cross-connect. For instructions on placing this request, see Requesting a Service Limit Increase. In your request, indicate the region where you need the resources. It can take a couple of business days for the limit increase to take effect.

Hardware and Routing Requirements

If you're using an Oracle partner

Here are general routing requirements for FastConnect. These are particularly relevant if your BGP session is between your edge and Oracle.

  • IP addressing supported: IPv4. IPv6 addressing is currently supported only in the US Government Cloud. For more information, see IPv6 Addresses.
  • P2P IP addresses:

    • For public virtual circuits, Oracle specifies the IP addresses.
    • For private virtual circuits where your BGP session is between your edge and Oracle, you specify these addresses (/30 or /31, and one pair per virtual circuit). If you set up multiple private virtual circuits that go to the same DRG, you must use a different address on your edge router for each virtual circuit.
  • Maximum IP MTU: 9000
  • Routing protocol: BGPv4
  • BGP prefix limit: For public virtual circuits: 200 prefixes. For private virtual circuits: 2000 prefixes.
  • BGP ASN: 2-byte or 4-byte ASNs are supported, except for those listed in Special-Purpose Autonomous System (AS) Numbers. Public virtual circuits require a public ASN. Oracle's BGP ASN for the commercial cloud is 31898. For the US Government Cloud, see Oracle's BGP ASN. BGP ASN 65534 is not available for you to use with FastConnect and VPN. All other private ASNs in the 64512 - 65533 (inclusive) range defined in RFC-6996 can be used normally.
  • BGP MD5 authentication: Optional to use with your virtual circuit. Oracle supports up to 128-bit MD5 authentication
  • BGP keep-alive interval: 60s
  • BGP hold-time interval: 180s
Tip

By default, Oracle uses the default BGP timers of 60 seconds for keep-alive and 180 seconds for hold-time. If you need fast BGP convergence, you can use any value in these supported ranges: 6-60 seconds for keep-alive, and 18-180 seconds for hold-time.
If you're colocating in an FastConnect location or using a third-party provider

For the cross-connect group and cross-connects:

  • Bandwidth (two choices):
    • 1 Gbps:
      • 1000Base-LX, 10 km range, 1310 nm optics
      • You must configure your edge device so that auto-negotiation is OFF
    • 10 Gbps:
      • 10 GbE, LR (10 km range), 1310 nm optics
  • General:
    • Single Mode Fiber
    • Duplex LC connectors
    • Minimum Rx level > 12 dBm
  • Redundancy:
    • Device redundancy highly recommended
    • In some regions, location redundancy is available and recommended
  • Capacity:
    • Minimum: 1 x 1 GbE or 1 x 10 GbE
    • Maximum: 8 x 1 GbE or 8 x 10 GbE
  • LAG protocol: LACP with short timers (3 @ 1s). If your router doesn't support LAG, you can set up a single non-LAG cross-connect.
  • VLAN tagging: 802.1q (single tag)
  • VLAN range: 100-4094 (you assign the VLANs)
  • Maximum interface MTU: 9196 (include 4-byte FCS trailer)

For routing:

  • IP addressing supported: IPv4. IPv6 addressing is currently supported only in the US Government Cloud. For more information, see IPv6 Addresses.
  • P2P IP addresses:

    • For public virtual circuits, Oracle specifies the IP addresses.
    • For private virtual circuits, you specify the addresses (a /30 or /31). You need one pair of IP addresses per private virtual circuit. If you set up multiple private virtual circuits that go to the same DRG, you must use a different address on your edge router for each virtual circuit.
  • Maximum IP MTU: 9000
  • Routing protocol: BGPv4
  • BGP prefix limit: For public virtual circuits: 200 prefixes. For private virtual circuits: 2000 prefixes.
  • BGP ASN: 2-byte or 4-byte ASNs are supported, except for those listed in Special-Purpose Autonomous System (AS) Numbers. Public virtual circuits require a public ASN. Oracle's BGP ASN is 31898. For the Government Cloud, see Oracle's BGP ASN.

    BGP ASN 65534 is not available for you to use with FastConnect and VPN. All other private ASNs in the 64512 - 65533 (inclusive) range defined in RFC-6996 can be used normally.

  • BGP MD5 authentication: Optional to use with your virtual circuit. Oracle supports up to 128-bit MD5 authentication
  • BGP keep-alive interval: 60s
  • BGP hold-time interval: 180s
Tip

By default, Oracle uses the default BGP timers of 60 seconds for keep-alive and 180 seconds for hold-time. If you need fast BGP convergence, you can use any value in these supported ranges: 6-60 seconds for keep-alive, and 18-180 seconds for hold-time.

Required IAM Policy

If you're using an Oracle partner

To work with Networking resources such as dynamic routing gateways (DRGs), VCNs, and virtual circuits, you need to have a user login to the Console, and your user needs sufficient authority (by way of an IAM policy) to perform all the instructions below. If your user is in the Administrators group, you have the required authority.

If your user is not, then a policy like this would generally cover all the Networking resources:

Allow group NetworkAdmins to manage virtual-network-family in tenancy

To only create and manage a virtual circuit, you would need a policy like this:

Allow group VirtualCircuitAdmins to manage drgs in tenancy

Allow group VirtualCircuitAdmins to manage virtual-circuits in tenancy

The first statement (to manage DRGs) is necessary only for private virtual circuits.

For more information, see Getting Started with Policies and Common Policies.

If you're colocating in a FastConnect location or using a third-party provider
To work with Networking resources such as dynamic routing gateways (DRGs), VCNs, virtual circuits, and cross-connects, you need to have a user login to the Console, and your user needs sufficient authority (by way of an IAM policy) to perform all the instructions that follow. If your user is in the Administrators group, you have the required authority.

If your user is not, then a policy like this would generally cover all the Networking resources:

Allow group NetworkAdmins to manage virtual-network-family in tenancy

To only create and manage cross-connects, cross-connect groups, and virtual circuits, you would need a policy like this:

Allow group FastConnectAdmins to manage drgs in tenancy

Allow group FastConnectAdmins to manage cross-connects in tenancy

Allow group FastConnectAdmins to manage cross-connect-groups in tenancy

Allow group FastConnectAdmins to manage virtual-circuits in tenancy

The first statement (to manage DRGs) is necessary only for private virtual circuits.

For more information, see Getting Started with Policies and Common Policies.

Identifiers for Your FastConnect Resources

Your resources have several identifiers:

  • Name for the overall connection: When you create a new FastConnect connection, you can give it a descriptive name of your choice. If you don't specify one, Oracle automatically assigns a name to the connection.
  • Reference name for each cross-connect: Each cross-connect has an optional reference name. If you set up a cross-connect, Oracle recommends that you fill in the reference name with the identifier for the cross-connect's physical fiber cable. That makes it easier for Oracle to help if future troubleshooting is required for the connection. After cabling is done and you have the identifier from the data center, you can add it to the cross-connect's information in the Oracle Console.
  • OCID for each resource: Each cross-connect group, cross-connect, and virtual circuit has its own unique Oracle-assigned identifier called an OCID.