Steps to establish a local peering (same region) between two VCNs of different tenancies in OCI

IT by javier mugueta

You have a hub VCN in tenancy named acme and a spoke VCN in tenancy named emca and you want to peer both VCNs, follow these steps:

MAKE sure both VCNs dont overlap

if vcnsoverlap() {return -1;}  // 🙂

Grab the OCIDs of both tenancies

In this example we identify as <acme_tenancy_OCID> and <emca_tenancy_OCID>

Grab the names of the compartments in which VCNs are created in both tenancies

In this example we are assuming compartment names are hub in acme and spoke in acme2

Grab the names of the groups of users you want allow to Establish the peering in both tenancies

In this example we are assuming both groups are named NetworkAdmins

Grab the OCID of the NetworkAdmins group in tenancy emca

  • Create Local Peering Gateway in both VCNs

    • Grab the OCID of LPG in tenancy acme

  • Create IAM Policy at root level in acme2 as follows

    • Define tenancy Acceptor as <acme_tenancy_OCID>

Allow group NetworkAdmins to manage local-peering-from in compartment spoke

Endorse group NetworkAdmins to manage local-peering-to in tenancy Acceptor

Endorse group NetworkAdmins to associate local-peering-gateways in compartment spoke with local-peering-gateways in tenancy Acceptor

    Example for administrators group (the happy path for lazy people like me):

    Define tenancy Acceptor as ocid1.tenancy.oc1..aaa...wua

Allow group administrators to manage local-peering-from in compartment desarrollo

Endorse group administrators to manage local-peering-to in tenancy Acceptor

Endorse group administrators to associate local-peering-gateways in compartment desarrollo with local-peering-gateways in tenancy Acceptor

  • Create IAM Policy at root level in acme as follows

    • Define tenancy Requestor as <emca_tenancy_OCID>

Define group RequestorGrp as <emca_NetworkAdmins_OCID>

Admit group RequestorGrp of tenancy Requestor to manage local-peering-to in compartment hub

Admit group RequestorGrp of tenancy Requestor to associate local-peering-gateways in tenancy Requestor with local-peering-gateways in compartment hub

    Example for administrators group (the happy path for lazy people like me):

    Define tenancy Requestor as ocid1.tenancy.oc1..aaaaa...vq
Define group RequestorGrp as ocid1.group.oc1..aaaaa...mq
Admit group RequestorGrp of tenancy Requestor to manage local-peering-to in compartment invictuspre
Admit group RequestorGrp of tenancy Requestor to associate local-peering-gateways in tenancy Requestor with local-peering-gateways in compartment invictuspre

    Establish connection from EMCA VCN LPG

    From the acme2 VCN LPG created click [Establish Peering Connection]

    Choose [ENTER LOCAL PEERING GATEWAY OCID] and put the OCID of the LPG in acme CVN

    After a seconds in spoke VCN of EMCA tenancy:

    And now in hub VCN of ACME TENANCY:

    CREATE ROTE ROULES

    Route VCNs as usual in both sides

    That’s all, hope it helps! 🙂

    Leave a Reply

    Fill in your details below or click an icon to log in:

    Gravatar
    WordPress.com Logo

    You are commenting using your WordPress.com account. Log Out /  Change )

    Facebook photo

    You are commenting using your Facebook account. Log Out /  Change )

    Cancel

    Connecting to %s

    This site uses Akismet to reduce spam. Learn how your comment data is processed.