{"id":939,"date":"2026-04-17T05:12:05","date_gmt":"2026-04-17T05:12:05","guid":{"rendered":"https:\/\/www.devopsschool.com\/tutorials\/oracle-cloud-oracle-interconnect-for-azure-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-multicloud\/"},"modified":"2026-04-17T05:12:05","modified_gmt":"2026-04-17T05:12:05","slug":"oracle-cloud-oracle-interconnect-for-azure-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-multicloud","status":"publish","type":"post","link":"https:\/\/www.devopsschool.com\/tutorials\/oracle-cloud-oracle-interconnect-for-azure-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-multicloud\/","title":{"rendered":"Oracle Cloud Oracle Interconnect for Azure Tutorial: Architecture, Pricing, Use Cases, and Hands-On Guide for Multicloud"},"content":{"rendered":"\n

Category<\/h2>\n\n\n\n

Multicloud<\/p>\n\n\n\n

1. Introduction<\/h2>\n\n\n\n

What this service is<\/h3>\n\n\n\n

Oracle Interconnect for Azure is a multicloud networking service that provides private, high-bandwidth, low-latency connectivity between Oracle Cloud Infrastructure (OCI) and Microsoft Azure in supported paired regions.<\/p>\n\n\n\n

One-paragraph simple explanation<\/h3>\n\n\n\n

If you run some workloads in Azure and others in Oracle Cloud, Oracle Interconnect for Azure lets those networks talk to each other over a private connection instead of the public internet\u2014typically for better performance, more predictable latency, and simpler security controls than an internet VPN.<\/p>\n\n\n\n

One-paragraph technical explanation<\/h3>\n\n\n\n

Oracle Interconnect for Azure is built on dedicated interconnect capacity between OCI and Azure in specific colocated metros\/regions, and uses private routing (BGP) to exchange routes between an OCI Dynamic Routing Gateway (DRG) and an Azure ExpressRoute-connected virtual network (VNet). Operationally, it is commonly implemented using OCI FastConnect and Azure ExpressRoute primitives, with provider-managed physical connectivity and customer-managed logical networking (VCNs\/VNets, route tables, BGP parameters, and security rules).<\/p>\n\n\n\n

What problem it solves<\/h3>\n\n\n\n

It solves the core multicloud problem of secure, high-performance, private network connectivity<\/strong> between Azure and Oracle Cloud so that applications can span both clouds without relying on public endpoints, brittle NAT patterns, or latency-sensitive internet tunnels.<\/p>\n\n\n\n

\n

Naming note (verify in official docs): Oracle\u2019s official documentation often refers to this offering as Oracle Interconnect for Microsoft Azure<\/strong>. This tutorial uses Oracle Interconnect for Azure<\/strong> as the primary name, as requested, and aligns terminology to current OCI networking concepts. Always confirm the latest naming and console locations in the official docs linked later.<\/p>\n<\/blockquote>\n\n\n\n

\n\n\n\n

2. What is Oracle Interconnect for Azure?<\/h2>\n\n\n\n

Official purpose<\/h3>\n\n\n\n

Oracle Interconnect for Azure is intended to provide private network connectivity<\/strong> between OCI and Azure, enabling customers to deploy distributed applications, data platforms, and shared services across both clouds with consistent routing and enterprise network controls.<\/p>\n\n\n\n

Core capabilities<\/h3>\n\n\n\n
    \n
  • Private L3 routing between OCI and Azure<\/strong> using BGP.<\/li>\n
  • High bandwidth and lower latency<\/strong> than internet-based VPN for supported region pairs.<\/li>\n
  • Redundancy<\/strong> through dual connections (design varies by region\/implementation; verify specifics per region).<\/li>\n
  • Integration with OCI networking<\/strong> (VCN, DRG, route tables, security lists\/NSGs, Network Firewall) and Azure networking (VNet, ExpressRoute, Virtual Network Gateway, NSGs, Azure Firewall).<\/li>\n<\/ul>\n\n\n\n

    Major components (conceptual)<\/h3>\n\n\n\n

    On Oracle Cloud (OCI):<\/strong>\n– VCN (Virtual Cloud Network)<\/strong>: Your OCI network address space.\n– Subnets<\/strong>: Where OCI workloads run.\n– DRG (Dynamic Routing Gateway)<\/strong>: The edge router that connects your VCN to external networks (including interconnect).\n– FastConnect (commonly involved)<\/strong>: OCI\u2019s private connectivity service used as a building block for private circuits.<\/p>\n\n\n\n

    On Microsoft Azure:<\/strong>\n– VNet (Virtual Network)<\/strong>: Your Azure network address space.\n– Virtual Network Gateway<\/strong> (ExpressRoute gateway): Enables ExpressRoute connectivity to VNets.\n– ExpressRoute circuit<\/strong>: Azure\u2019s private circuit object used to connect to a provider.\n– Private peering<\/strong>: The routing configuration that enables VNet connectivity.<\/p>\n\n\n\n

    Provider-managed interconnect layer:<\/strong>\n– Dedicated connectivity between OCI and Azure in supported metros\/regions, with cross-cloud operational handshakes (service keys \/ authorization tokens depending on workflow).<\/p>\n\n\n\n

    Service type<\/h3>\n\n\n\n
      \n
    • Networking \/ connectivity service<\/strong> (multicloud interconnect).<\/li>\n
    • Primarily regional and pair-specific<\/strong> (available only for certain OCI region \u2194 Azure region pairs). It is not a \u201cglobal any-to-any\u201d mesh by default.<\/li>\n<\/ul>\n\n\n\n

      Scope model<\/h3>\n\n\n\n
        \n
      • OCI tenancy-scoped<\/strong> resources (VCNs, DRGs, FastConnect virtual circuits).<\/li>\n
      • Azure subscription-scoped<\/strong> resources (ExpressRoute circuits, VNets, gateways).<\/li>\n
      • The interconnect is typically configured per region pair<\/strong>, then attached to specific VCNs\/VNets through routing.<\/li>\n<\/ul>\n\n\n\n

        How it fits into the Oracle Cloud ecosystem<\/h3>\n\n\n\n

        Oracle Interconnect for Azure is one of OCI\u2019s key Multicloud<\/strong> building blocks alongside:\n– OCI FastConnect<\/strong> (private connectivity)\n– Site-to-Site VPN<\/strong> (encrypted tunnels over internet)\n– OCI Load Balancing<\/strong>, API Gateway<\/strong>, WAF<\/strong>, Network Firewall<\/strong>\n– DNS<\/strong> and Traffic Management<\/strong> patterns for multicloud name resolution\n– Reference architectures for running split-tier apps across clouds (for example: app tier in Azure, database tier in Oracle Cloud\u2014verify current official architectures)<\/p>\n\n\n\n

        \n\n\n\n

        3. Why use Oracle Interconnect for Azure?<\/h2>\n\n\n\n

        Business reasons<\/h3>\n\n\n\n
          \n
        • Adopt multicloud intentionally<\/strong>: keep existing Azure investments while using Oracle Cloud for workloads that benefit from OCI services, licensing, or performance characteristics.<\/li>\n
        • Reduce integration friction<\/strong> for teams that need consistent connectivity between cloud environments.<\/li>\n
        • Support M&A \/ organizational boundaries<\/strong> where different business units standardize on different clouds.<\/li>\n<\/ul>\n\n\n\n

          Technical reasons<\/h3>\n\n\n\n
            \n
          • Predictable connectivity<\/strong> compared to internet paths (lower jitter, better throughput).<\/li>\n
          • Private routing<\/strong> reduces the need for public endpoints and complex NAT chains.<\/li>\n
          • Supports hybrid architectures<\/strong> where services in one cloud call databases or APIs in the other.<\/li>\n<\/ul>\n\n\n\n

            Operational reasons<\/h3>\n\n\n\n
              \n
            • Standard enterprise routing model (BGP route exchange).<\/li>\n
            • Clear separation of concerns:<\/li>\n
            • Cloud providers manage physical connectivity.<\/li>\n
            • You manage logical routing, segmentation, and security rules.<\/li>\n
            • Often easier to integrate into centralized network operations (NOC\/SRE) than a web of ad-hoc tunnels.<\/li>\n<\/ul>\n\n\n\n

              Security\/compliance reasons<\/h3>\n\n\n\n
                \n
              • Keeps service-to-service traffic off the public internet.<\/li>\n
              • Enables better network segmentation and policy enforcement.<\/li>\n
              • Supports compliance narratives that require private connectivity patterns (always validate with your compliance team and provider documentation).<\/li>\n<\/ul>\n\n\n\n

                Scalability\/performance reasons<\/h3>\n\n\n\n
                  \n
                • Interconnect bandwidth options (varies by region and offering details; verify in official docs).<\/li>\n
                • Reduced latency for supported paired regions (because they are typically colocated or metro-adjacent).<\/li>\n<\/ul>\n\n\n\n

                  When teams should choose it<\/h3>\n\n\n\n

                  Choose Oracle Interconnect for Azure when:\n– You need private, high-throughput<\/strong> connectivity between Azure and OCI.\n– Your workloads are in supported paired regions<\/strong>.\n– You can justify ExpressRoute\/FastConnect-related costs<\/strong> versus VPN.\n– You want enterprise-grade routing<\/strong> and the ability to scale traffic reliably.<\/p>\n\n\n\n

                  When they should not choose it<\/h3>\n\n\n\n

                  Avoid (or reconsider) Oracle Interconnect for Azure when:\n– Your OCI region and Azure region are not supported as a pair<\/strong>.\n– Your traffic is low-volume and you can tolerate higher latency \u2192 Site-to-Site VPN<\/strong> may be cheaper.\n– You need encrypted transport by default and cannot add encryption at higher layers (interconnect provides private connectivity; encryption is usually handled at TLS\/IPsec layers\u2014verify your requirements).\n– You need quick, disposable dev\/test connectivity without procurement lead time.<\/p>\n\n\n\n

                  \n\n\n\n

                  4. Where is Oracle Interconnect for Azure used?<\/h2>\n\n\n\n

                  Industries<\/h3>\n\n\n\n
                    \n
                  • Financial services (latency-sensitive services, risk controls)<\/li>\n
                  • Retail\/e-commerce (distributed app stacks, analytics)<\/li>\n
                  • Healthcare (regulated workloads with private networking requirements)<\/li>\n
                  • Manufacturing\/IoT (data ingestion in one cloud, analytics in another)<\/li>\n
                  • SaaS providers (tenant workloads distributed across clouds)<\/li>\n<\/ul>\n\n\n\n

                    Team types<\/h3>\n\n\n\n
                      \n
                    • Platform engineering and cloud networking teams<\/li>\n
                    • DevOps\/SRE teams operating cross-cloud application platforms<\/li>\n
                    • Security engineering teams implementing segmentation and policy controls<\/li>\n
                    • Data engineering teams moving data between clouds<\/li>\n
                    • Enterprise architecture teams establishing multicloud guardrails<\/li>\n<\/ul>\n\n\n\n

                      Workloads<\/h3>\n\n\n\n
                        \n
                      • Split-tier enterprise apps (web\/API tier in Azure, database tier in Oracle Cloud)<\/li>\n
                      • Analytics platforms spanning clouds<\/li>\n
                      • Shared services (identity, logging, monitoring collectors)<\/li>\n
                      • Backup\/DR replication pipelines (when supported and architecturally appropriate)<\/li>\n
                      • Service mesh and microservices calling cross-cloud dependencies (careful with latency)<\/li>\n<\/ul>\n\n\n\n

                        Architectures<\/h3>\n\n\n\n
                          \n
                        • Hub-and-spoke with centralized inspection (firewalls) on one or both clouds<\/li>\n
                        • Dual-hub (each cloud has its own hub; interconnect connects hubs)<\/li>\n
                        • \u201cApp in Azure, data in OCI\u201d with private connectivity<\/li>\n
                        • Shared CI\/CD and artifact distribution across clouds<\/li>\n<\/ul>\n\n\n\n

                          Real-world deployment contexts<\/h3>\n\n\n\n
                            \n
                          • Production: common for latency-sensitive, high-throughput workloads.<\/li>\n
                          • Dev\/test: used when dev\/test must mirror production routing and security controls; otherwise VPN is often simpler and cheaper.<\/li>\n<\/ul>\n\n\n\n
                            \n\n\n\n

                            5. Top Use Cases and Scenarios<\/h2>\n\n\n\n

                            Below are realistic scenarios where Oracle Interconnect for Azure is commonly a good fit.<\/p>\n\n\n\n

                            1) Private app-to-database connectivity (Azure apps \u2192 OCI databases)<\/h3>\n\n\n\n
                              \n
                            • Problem:<\/strong> Application tier in Azure needs low-latency, private access to databases in Oracle Cloud.<\/li>\n
                            • Why this service fits:<\/strong> Provides private routing and predictable performance across clouds.<\/li>\n
                            • Example:<\/strong> AKS-hosted APIs in Azure call an Oracle DB system in OCI over private IPs.<\/li>\n<\/ul>\n\n\n\n

                              2) Data analytics split across clouds<\/h3>\n\n\n\n
                                \n
                              • Problem:<\/strong> Data is generated\/ingested in Azure, but analytics tools or data warehouses run in OCI.<\/li>\n
                              • Why this service fits:<\/strong> High-throughput, consistent connectivity improves ETL\/ELT reliability.<\/li>\n
                              • Example:<\/strong> Azure Data Factory pipelines load data into OCI analytics services over private connectivity.<\/li>\n<\/ul>\n\n\n\n

                                3) Shared identity and directory services across clouds<\/h3>\n\n\n\n
                                  \n
                                • Problem:<\/strong> Centralized identity services must be reachable from both clouds without exposing endpoints publicly.<\/li>\n
                                • Why this service fits:<\/strong> Private connectivity reduces attack surface and simplifies network ACLing.<\/li>\n
                                • Example:<\/strong> Azure-hosted identity components connect to private services running in OCI.<\/li>\n<\/ul>\n\n\n\n

                                  4) Centralized security inspection (east-west traffic inspection)<\/h3>\n\n\n\n
                                    \n
                                  • Problem:<\/strong> Need a consistent inspection point for cross-cloud traffic.<\/li>\n
                                  • Why this service fits:<\/strong> Enables hub-and-spoke routing with firewall insertion.<\/li>\n
                                  • Example:<\/strong> All Azure\u2192OCI traffic is routed through an OCI Network Firewall (or Azure Firewall) before reaching workloads.<\/li>\n<\/ul>\n\n\n\n

                                    5) Migration with minimal downtime (phased cutover)<\/h3>\n\n\n\n
                                      \n
                                    • Problem:<\/strong> Gradual migration requires both environments live and connected.<\/li>\n
                                    • Why this service fits:<\/strong> Stable connectivity supports replication and dual-write patterns.<\/li>\n
                                    • Example:<\/strong> Move app tier to Azure first while databases remain in OCI until final cutover.<\/li>\n<\/ul>\n\n\n\n

                                      6) Cross-cloud Kubernetes service dependencies<\/h3>\n\n\n\n
                                        \n
                                      • Problem:<\/strong> Microservices in AKS need to call services in OCI (or vice versa).<\/li>\n
                                      • Why this service fits:<\/strong> Private, routed connectivity enables service calls without public ingress.<\/li>\n
                                      • Example:<\/strong> AKS services call an OCI-hosted internal API gateway privately.<\/li>\n<\/ul>\n\n\n\n

                                        7) Centralized logging\/monitoring collectors<\/h3>\n\n\n\n
                                          \n
                                        • Problem:<\/strong> Log collectors in one cloud must receive telemetry from the other cloud privately.<\/li>\n
                                        • Why this service fits:<\/strong> Predictable transport reduces dropped logs and improves MTTR.<\/li>\n
                                        • Example:<\/strong> OCI-hosted SIEM collectors ingest Azure workload logs over private paths.<\/li>\n<\/ul>\n\n\n\n

                                          8) Batch processing and compute burst<\/h3>\n\n\n\n
                                            \n
                                          • Problem:<\/strong> Workloads mostly run in Azure but require periodic compute or specialized services in OCI.<\/li>\n
                                          • Why this service fits:<\/strong> Private connectivity makes cross-cloud calls and data staging more reliable.<\/li>\n
                                          • Example:<\/strong> Azure triggers OCI batch compute jobs, sending input data privately.<\/li>\n<\/ul>\n\n\n\n

                                            9) Private API consumption across clouds<\/h3>\n\n\n\n
                                              \n
                                            • Problem:<\/strong> Internal APIs should not be publicly exposed, but must be consumed cross-cloud.<\/li>\n
                                            • Why this service fits:<\/strong> Enables \u201cinternal-only\u201d APIs across clouds using private IP routing.<\/li>\n
                                            • Example:<\/strong> Azure Functions call OCI internal APIs over interconnect.<\/li>\n<\/ul>\n\n\n\n

                                              10) Business continuity \/ DR between clouds (select components)<\/h3>\n\n\n\n
                                                \n
                                              • Problem:<\/strong> Need cross-cloud DR connectivity for specific tiers (not necessarily full active-active).<\/li>\n
                                              • Why this service fits:<\/strong> Private connectivity simplifies replication pipelines and failover testing.<\/li>\n
                                              • Example:<\/strong> Replicate data from OCI to Azure storage for DR (ensure architecture and provider support; verify details).<\/li>\n<\/ul>\n\n\n\n
                                                \n\n\n\n

                                                6. Core Features<\/h2>\n\n\n\n
                                                \n

                                                Feature availability and exact workflows can vary by region pair and by evolving provider integration. Confirm details in official docs before implementing in production.<\/p>\n<\/blockquote>\n\n\n\n

                                                Private connectivity between OCI and Azure<\/h3>\n\n\n\n
                                                  \n
                                                • What it does:<\/strong> Provides private IP connectivity for cross-cloud traffic.<\/li>\n
                                                • Why it matters:<\/strong> Reduces exposure to internet threats and avoids public IP management.<\/li>\n
                                                • Practical benefit:<\/strong> You can keep services \u201cinternal-only\u201d and still communicate cross-cloud.<\/li>\n
                                                • Caveat:<\/strong> \u201cPrivate\u201d does not automatically mean \u201cencrypted.\u201d Use TLS at the application layer; consider IPsec overlays if required.<\/li>\n<\/ul>\n\n\n\n

                                                  High bandwidth and lower latency (compared to internet VPN)<\/h3>\n\n\n\n
                                                    \n
                                                  • What it does:<\/strong> Supports higher throughput and typically more consistent latency.<\/li>\n
                                                  • Why it matters:<\/strong> Improves performance for database calls, replication, and service-to-service traffic.<\/li>\n
                                                  • Practical benefit:<\/strong> Better user experience and fewer timeout-related incidents.<\/li>\n
                                                  • Caveat:<\/strong> Actual performance depends on region pairing, bandwidth selection, and your architecture.<\/li>\n<\/ul>\n\n\n\n

                                                    BGP-based dynamic routing<\/h3>\n\n\n\n
                                                      \n
                                                    • What it does:<\/strong> Exchanges routes dynamically between OCI and Azure.<\/li>\n
                                                    • Why it matters:<\/strong> Simplifies route management and failover compared to static routes.<\/li>\n
                                                    • Practical benefit:<\/strong> Easier scaling as networks grow.<\/li>\n
                                                    • Caveat:<\/strong> Requires careful route design to avoid overlaps and asymmetric routing.<\/li>\n<\/ul>\n\n\n\n

                                                      Redundancy \/ resiliency design<\/h3>\n\n\n\n
                                                        \n
                                                      • What it does:<\/strong> Typically provides redundant connectivity paths (implementation details vary).<\/li>\n
                                                      • Why it matters:<\/strong> Prevents single-link failures from taking down cross-cloud connectivity.<\/li>\n
                                                      • Practical benefit:<\/strong> Better uptime for multicloud architectures.<\/li>\n
                                                      • Caveat:<\/strong> You must also design redundancy in gateways, route tables, and security policy.<\/li>\n<\/ul>\n\n\n\n

                                                        Integration with OCI DRG and VCN routing<\/h3>\n\n\n\n
                                                          \n
                                                        • What it does:<\/strong> Allows VCN subnets to reach Azure VNets via DRG.<\/li>\n
                                                        • Why it matters:<\/strong> DRG is the routing hub for OCI connectivity patterns.<\/li>\n
                                                        • Practical benefit:<\/strong> Enables hub-and-spoke designs and shared services VCNs.<\/li>\n
                                                        • Caveat:<\/strong> DRG route tables and attachments must be configured correctly; misconfiguration is a common outage cause.<\/li>\n<\/ul>\n\n\n\n

                                                          Integration with Azure ExpressRoute and VNet gateways<\/h3>\n\n\n\n
                                                            \n
                                                          • What it does:<\/strong> Lets Azure VNets route to OCI via ExpressRoute connectivity.<\/li>\n
                                                          • Why it matters:<\/strong> ExpressRoute is the enterprise standard private connectivity primitive in Azure.<\/li>\n
                                                          • Practical benefit:<\/strong> Works with Azure network security controls, private DNS patterns, and enterprise VNets.<\/li>\n
                                                          • Caveat:<\/strong> ExpressRoute gateways have SKU, throughput, and zone redundancy considerations\u2014verify in Azure docs.<\/li>\n<\/ul>\n\n\n\n

                                                            Route segmentation and policy control (with your network constructs)<\/h3>\n\n\n\n
                                                              \n
                                                            • What it does:<\/strong> Enables you to control which CIDRs are advertised\/accepted, and which subnets can reach cross-cloud destinations.<\/li>\n
                                                            • Why it matters:<\/strong> Prevents accidental overexposure across clouds.<\/li>\n
                                                            • Practical benefit:<\/strong> Principle of least privilege at the network layer.<\/li>\n
                                                            • Caveat:<\/strong> Overly broad route propagation can create \u201caccidental flat networks.\u201d<\/li>\n<\/ul>\n\n\n\n

                                                              Observability hooks via cloud-native monitoring<\/h3>\n\n\n\n
                                                                \n
                                                              • What it does:<\/strong> You can observe circuit health and throughput via OCI and Azure metrics\/logs.<\/li>\n
                                                              • Why it matters:<\/strong> Cross-cloud outages are hard; metrics shorten time to root cause.<\/li>\n
                                                              • Practical benefit:<\/strong> Alert on circuit down, BGP down, bandwidth saturation.<\/li>\n
                                                              • Caveat:<\/strong> You must build dashboards and alerts; they are not \u201cautomatic.\u201d<\/li>\n<\/ul>\n\n\n\n
                                                                \n\n\n\n

                                                                7. Architecture and How It Works<\/h2>\n\n\n\n

                                                                High-level service architecture<\/h3>\n\n\n\n

                                                                At a high level:\n1. You create OCI and Azure network domains (VCN\/VNet).\n2. You establish an interconnect connection using Oracle Interconnect for Azure (implemented through OCI FastConnect + Azure ExpressRoute patterns).\n3. You attach the interconnect to:\n – OCI DRG<\/strong> (connected to one or more VCNs)\n – Azure ExpressRoute gateway<\/strong> (connected to one or more VNets)\n4. BGP advertises routes in both directions.\n5. Workloads communicate using private IP addresses with security policies enforced by NSGs\/NSGs + firewalls.<\/p>\n\n\n\n

                                                                Request\/data\/control flow<\/h3>\n\n\n\n
                                                                  \n
                                                                • Control plane:<\/strong><\/li>\n
                                                                • Provision interconnect resources (OCI console\/CLI + Azure portal\/ARM).<\/li>\n
                                                                • Exchange authorization\/service keys as required.<\/li>\n
                                                                • Configure BGP parameters, route filters\/policies, attachments.<\/li>\n
                                                                • Data plane:<\/strong><\/li>\n
                                                                • Packets flow VCN subnet \u2192 OCI route table \u2192 DRG \u2192 interconnect \u2192 ExpressRoute \u2192 Azure gateway \u2192 VNet subnet.<\/li>\n
                                                                • Reverse direction similarly.<\/li>\n<\/ul>\n\n\n\n

                                                                  Integrations with related services<\/h3>\n\n\n\n

                                                                  OCI-side:<\/strong>\n– VCN<\/strong>, Subnets<\/strong>, NSGs\/Security Lists<\/strong>\n– DRG<\/strong> route tables and route distribution\n– FastConnect<\/strong> (virtual circuits, where applicable)\n– OCI Network Firewall<\/strong> (optional inspection)\n– OCI Bastion<\/strong> (admin access without public IPs)\n– OCI DNS<\/strong> \/ private DNS resolvers (optional; verify capabilities)<\/p>\n\n\n\n

                                                                  Azure-side:<\/strong>\n– ExpressRoute<\/strong> circuit and peering\n– Virtual Network Gateway<\/strong> for ExpressRoute\n– NSGs<\/strong>, Azure Firewall<\/strong> (optional inspection)\n– Azure Private DNS<\/strong> (optional)\n– Azure Bastion<\/strong> (admin access without public IPs)<\/p>\n\n\n\n

                                                                  Dependency services (typical)<\/h3>\n\n\n\n
                                                                    \n
                                                                  • OCI IAM for permissions<\/li>\n
                                                                  • Azure Entra ID (Azure AD) and Azure RBAC for permissions<\/li>\n
                                                                  • Regional availability of the interconnect pairing<\/li>\n
                                                                  • VCN\/VNet gateway infrastructure (DRG and ExpressRoute gateway)<\/li>\n<\/ul>\n\n\n\n

                                                                    Security\/authentication model<\/h3>\n\n\n\n
                                                                      \n
                                                                    • OCI IAM<\/strong> policies control who can create\/modify networking resources (VCN\/DRG\/FastConnect\/interconnect objects).<\/li>\n
                                                                    • Azure RBAC<\/strong> controls ExpressRoute and VNet gateway changes.<\/li>\n
                                                                    • BGP session authentication (MD5) may be available depending on implementation (verify in official docs).<\/li>\n<\/ul>\n\n\n\n

                                                                      Networking model<\/h3>\n\n\n\n
                                                                        \n
                                                                      • Route-based, private IP connectivity.<\/li>\n
                                                                      • Requires:<\/li>\n
                                                                      • Non-overlapping CIDR ranges<\/strong> between OCI and Azure (strongly recommended; overlapping can break routing).<\/li>\n
                                                                      • Correct route table entries (OCI VCN route tables toward DRG; Azure route propagation via gateway).<\/li>\n
                                                                      • Correct security rules (allow traffic between CIDRs, required ports).<\/li>\n<\/ul>\n\n\n\n

                                                                        Monitoring\/logging\/governance considerations<\/h3>\n\n\n\n
                                                                          \n
                                                                        • Track:<\/li>\n
                                                                        • Circuit state (provisioning, active)<\/li>\n
                                                                        • BGP status (up\/down)<\/li>\n
                                                                        • Throughput (bps), packets, drops<\/li>\n
                                                                        • Route changes (audited changes)<\/li>\n
                                                                        • Governance:<\/li>\n
                                                                        • Tag resources (OCI defined\/freeform tags; Azure tags)<\/li>\n
                                                                        • Apply naming conventions<\/li>\n
                                                                        • Use change management for route updates<\/li>\n<\/ul>\n\n\n\n
                                                                          \n\n\n\n

                                                                          Simple architecture diagram (Mermaid)<\/h3>\n\n\n\n
                                                                          flowchart LR\n  subgraph Azure[\"Microsoft Azure (Region A)\"]\n    VNet[\"VNet (10.20.0.0\/16)\"]\n    GW[\"ExpressRoute Gateway\"]\n    VM_AZ[\"VM \/ App\"]\n    VM_AZ --- VNet\n    VNet --- GW\n  end\n\n  subgraph Interconnect[\"Oracle Interconnect for Azure (Private Connectivity)\"]\n    LINK[\"Provider-managed private links\"]\n  end\n\n  subgraph OCI[\"Oracle Cloud (OCI Region A)\"]\n    VCN[\"VCN (10.10.0.0\/16)\"]\n    DRG[\"Dynamic Routing Gateway (DRG)\"]\n    VM_OCI[\"VM \/ DB \/ Service\"]\n    VM_OCI --- VCN\n    VCN --- DRG\n  end\n\n  GW --- LINK --- DRG\n<\/code><\/pre>\n\n\n\n
                                                                          \n\n\n\n
                                                                          Production-style architecture diagram (Mermaid)<\/h3>\n\n\n\n
                                                                          flowchart TB\n  subgraph Azure[\"Azure (Paired Region)\"]\n    subgraph AZ_Hub[\"Hub VNet\"]\n      AZ_FW[\"Azure Firewall (optional)\"]\n      AZ_ER_GW[\"ExpressRoute Gateway (zone-redundant if available)\"]\n      AZ_DNS[\"Private DNS (optional)\"]\n    end\n\n    subgraph AZ_Spoke1[\"Spoke VNet: App\"]\n      AZ_APP[\"App Subnet (AKS\/VMSS\/VMs)\"]\n      AZ_NSG[\"NSGs\"]\n    end\n\n    AZ_APP --- AZ_NSG\n    AZ_Spoke1 -->|VNet Peering| AZ_Hub\n    AZ_Hub --> AZ_ER_GW\n    AZ_Hub --> AZ_FW\n  end\n\n  subgraph Interconnect[\"Oracle Interconnect for Azure\"]\n    LINK1[\"Primary link\"]\n    LINK2[\"Secondary link\"]\n  end\n\n  subgraph OCI[\"OCI (Paired Region)\"]\n    subgraph OCI_Hub[\"Hub VCN\"]\n      DRG[\"DRG (route tables + distributions)\"]\n      OCI_FW[\"OCI Network Firewall (optional)\"]\n      OCI_DNS[\"Private DNS resolver (optional)\"]\n    end\n\n    subgraph OCI_Spoke1[\"Spoke VCN: Data\"]\n      OCI_DB[\"DB \/ Data Subnet\"]\n      OCI_NSG[\"NSGs\"]\n    end\n\n    OCI_DB --- OCI_NSG\n    OCI_Spoke1 -->|LPG\/DRG attachments (pattern-dependent)| OCI_Hub\n    DRG --> OCI_FW\n  end\n\n  AZ_ER_GW --- LINK1 --- DRG\n  AZ_ER_GW --- LINK2 --- DRG\n<\/code><\/pre>\n\n\n\n
                                                                          \n\n\n\n
                                                                          8. Prerequisites<\/h2>\n\n\n\n
                                                                          Accounts\/tenancies\/subscriptions<\/h3>\n\n\n\n
                                                                            \n
                                                                          • An OCI tenancy<\/strong> with permissions to create\/modify:<\/li>\n
                                                                          • VCNs, subnets, route tables, security lists\/NSGs<\/li>\n
                                                                          • DRGs and attachments<\/li>\n
                                                                          • FastConnect \/ interconnect-related resources (where applicable)<\/li>\n
                                                                          • An Azure subscription<\/strong> with permissions to create\/modify:<\/li>\n
                                                                          • ExpressRoute circuits and peerings<\/li>\n
                                                                          • Virtual Network Gateway (ExpressRoute)<\/li>\n
                                                                          • VNets, subnets, NSGs<\/li>\n
                                                                          • Billing enabled in both clouds.<\/li>\n<\/ul>\n\n\n\n
                                                                            Permissions \/ IAM roles<\/h3>\n\n\n\n
                                                                            OCI IAM (examples; adapt to your compartment model):<\/strong>\n– Permissions to manage networking in the target compartment(s).\n– Permissions to manage DRG and FastConnect\/interconnect resources.<\/p>\n\n\n\n
                                                                            Azure RBAC:<\/strong>\n– Network Contributor (or more restricted custom role) on:\n  – Resource group containing VNets\/gateways\n  – ExpressRoute resources<\/p>\n\n\n\n
                                                                            \n
                                                                            Verify exact OCI policy statements and Azure roles with your org\u2019s security team and the latest OCI\/Azure documentation.<\/p>\n<\/blockquote>\n\n\n\n
                                                                            Tools<\/h3>\n\n\n\n
                                                                              \n
                                                                            • OCI Console and Azure Portal access<\/li>\n
                                                                            • Optional but strongly recommended:<\/li>\n
                                                                            • OCI CLI: https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/API\/SDKDocs\/cliinstall.htm<\/li>\n
                                                                            • Azure CLI: https:\/\/learn.microsoft.com\/cli\/azure\/install-azure-cli<\/li>\n
                                                                            • SSH client for Linux VM access<\/li>\n<\/ul>\n\n\n\n
                                                                              Region availability<\/h3>\n\n\n\n
                                                                                \n
                                                                              • Oracle Interconnect for Azure is available only in specific paired OCI and Azure regions<\/strong> (often same metro).<\/li>\n
                                                                              • Confirm supported region pairs in official docs before designing your network.<\/li>\n<\/ul>\n\n\n\n
                                                                                Quotas\/limits (examples to check)<\/h3>\n\n\n\n
                                                                                  \n
                                                                                • Azure: ExpressRoute gateway limits, ExpressRoute circuits per subscription, gateway throughput\/SKU constraints<\/li>\n
                                                                                • OCI: DRG attachment limits, FastConnect virtual circuit limits, route rule limits<\/li>\n
                                                                                • Some limits are soft and can be increased via support request.<\/li>\n<\/ul>\n\n\n\n
                                                                                  Prerequisite services<\/h3>\n\n\n\n
                                                                                    \n
                                                                                  • OCI: VCN + DRG<\/li>\n
                                                                                  • Azure: VNet + ExpressRoute gateway (requires a GatewaySubnet<\/strong>)<\/li>\n
                                                                                  • A plan for IP address management (non-overlapping CIDRs)<\/li>\n<\/ul>\n\n\n\n
                                                                                    \n\n\n\n
                                                                                    9. Pricing \/ Cost<\/h2>\n\n\n\n
                                                                                    Oracle Interconnect for Azure is a multicloud connectivity pattern where costs typically come from both<\/strong> providers and from data transfer.<\/p>\n\n\n\n
                                                                                    Pricing dimensions (high-level)<\/h3>\n\n\n\n
                                                                                    On Oracle Cloud (OCI), costs may include:<\/strong>\n– FastConnect port \/ virtual circuit charges<\/strong> (depending on how the interconnect is billed and implemented in your region pair)\n– Data egress<\/strong> from OCI (network outbound)\n– Any optional network services you add:\n  – Network Firewall\n  – Load Balancer\n  – NAT Gateway (if used)\n  – Compute instances for routing\/inspection (if you self-manage appliances)<\/p>\n\n\n\n
                                                                                    On Microsoft Azure, costs may include:<\/strong>\n– ExpressRoute circuit charges<\/strong> (bandwidth tier, metered\/unmetered plan\u2014Azure pricing model varies)\n– ExpressRoute gateway<\/strong> costs (SKU-based)\n– Data transfer<\/strong> depending on ExpressRoute plan and direction\n– Optional: Azure Firewall, NAT Gateway, etc.<\/p>\n\n\n\n
                                                                                    Free tier<\/h3>\n\n\n\n
                                                                                      \n
                                                                                    • Oracle Interconnect for Azure itself is not typically \u201cfree tier friendly,\u201d because ExpressRoute\/FastConnect-style connectivity usually incurs charges.<\/li>\n
                                                                                    • Some dependent resources (small compute VMs) may have free-tier options, but the interconnect component generally does not.<\/li>\n<\/ul>\n\n\n\n
                                                                                      Cost drivers<\/h3>\n\n\n\n
                                                                                        \n
                                                                                      • Provisioned bandwidth<\/strong> for the private circuit(s)<\/li>\n
                                                                                      • Hours in service<\/strong> (monthly recurring charges are common)<\/li>\n
                                                                                      • Data egress<\/strong> (especially OCI \u2192 Azure or Azure \u2192 OCI depending on provider billing)<\/li>\n
                                                                                      • Gateway SKUs<\/strong> and redundancy options (Azure ExpressRoute gateway)<\/li>\n
                                                                                      • Network security appliances<\/strong> (managed firewall services or BYO appliances)<\/li>\n<\/ul>\n\n\n\n
                                                                                        Hidden\/indirect costs<\/h3>\n\n\n\n
                                                                                          \n
                                                                                        • Cross-cloud DNS design (private resolvers, forwarding VMs)<\/li>\n
                                                                                        • Logging\/monitoring retention costs (Azure Monitor, OCI Logging)<\/li>\n
                                                                                        • Additional routing\/inspection infrastructure (hub VNets\/VCNs)<\/li>\n
                                                                                        • Operations time (change management, troubleshooting BGP)<\/li>\n<\/ul>\n\n\n\n
                                                                                          Network\/data transfer implications<\/h3>\n\n\n\n
                                                                                            \n
                                                                                          • Treat this as a private path<\/strong>, not a \u201cfree path.\u201d<\/li>\n
                                                                                          • Even when traffic is private, egress charges can still apply<\/strong>.<\/li>\n
                                                                                          • Always model:<\/li>\n
                                                                                          • expected steady-state throughput (Mbps\/Gbps)<\/li>\n
                                                                                          • monthly data volume (TB)<\/li>\n
                                                                                          • peak patterns (batch windows)<\/li>\n<\/ul>\n\n\n\n
                                                                                            How to optimize cost<\/h3>\n\n\n\n
                                                                                              \n
                                                                                            • Prefer regional locality<\/strong>: keep chatty dependencies in the same cloud when possible.<\/li>\n
                                                                                            • Minimize cross-cloud calls in latency-sensitive microservices.<\/li>\n
                                                                                            • Use caching and async messaging patterns.<\/li>\n
                                                                                            • Right-size bandwidth and review utilization monthly.<\/li>\n
                                                                                            • Use route segmentation to ensure only required subnets send traffic across interconnect.<\/li>\n
                                                                                            • Consider VPN for low-volume environments (dev\/test), and reserve interconnect for prod.<\/li>\n<\/ul>\n\n\n\n
                                                                                              Example low-cost starter estimate (no fabricated numbers)<\/h3>\n\n\n\n
                                                                                              A \u201cstarter\u201d lab still commonly requires:\n– 1 small OCI VM + 1 small Azure VM (compute hourly)\n– ExpressRoute gateway (Azure SKU cost)\n– ExpressRoute circuit (bandwidth + plan)\n– OCI FastConnect\/interconnect charges (if applicable)\n– Data transfer (small if you only do ping\/curl tests)<\/p>\n\n\n\n
                                                                                              Because exact pricing varies by region, SKU, and agreement, use official calculators<\/strong>:\n– OCI Pricing: https:\/\/www.oracle.com\/cloud\/pricing\/\n– OCI Networking pricing (FastConnect and data transfer): https:\/\/www.oracle.com\/cloud\/networking\/pricing\/ (verify current page structure)\n– Azure ExpressRoute pricing: https:\/\/azure.microsoft.com\/pricing\/details\/expressroute\/\n– Azure Pricing Calculator: https:\/\/azure.microsoft.com\/pricing\/calculator\/\n– OCI Cost Estimator: https:\/\/www.oracle.com\/cloud\/costestimator.html (verify availability\/URL)<\/p>\n\n\n\n
                                                                                              Example production cost considerations<\/h3>\n\n\n\n
                                                                                              In production, the biggest cost contributors are usually:\n– ExpressRoute circuit(s) and gateway(s)\n– OCI FastConnect\/interconnect-related costs\n– Egress data transfer (especially if large analytics data flows cross-cloud)\n– Redundancy (dual circuits\/links, zone-redundant gateways)\n– Firewall\/inspection services and log retention<\/p>\n\n\n\n
                                                                                              \n\n\n\n
                                                                                              10. Step-by-Step Hands-On Tutorial<\/h2>\n\n\n\n
                                                                                              This lab builds a minimal but realistic cross-cloud private routing setup so an OCI VM can reach an Azure VM over Oracle Interconnect for Azure.<\/p>\n\n\n\n
                                                                                              \n
                                                                                              Important constraints:\n– Provisioning Oracle Interconnect for Azure \/ ExpressRoute connectivity can require supported paired regions<\/strong>, specific SKUs, and sometimes operational lead time.\n– Console workflows can change. Use this tutorial as a validated conceptual and configuration guide<\/strong>, and follow the latest official docs for exact UI fields and ordering.<\/p>\n<\/blockquote>\n\n\n\n
                                                                                              Objective<\/h3>\n\n\n\n
                                                                                              Create private, routed connectivity between:\n– OCI VCN (10.10.0.0\/16)<\/strong> with a test VM\n– Azure VNet (10.20.0.0\/16)<\/strong> with a test VM\nusing Oracle Interconnect for Azure<\/strong>, then validate ICMP and TCP connectivity.<\/p>\n\n\n\n
                                                                                              Lab Overview<\/h3>\n\n\n\n
                                                                                              You will:\n1. Create OCI network: VCN, subnet, DRG, test VM.\n2. Create Azure network: VNet, subnets (including GatewaySubnet), test VM, ExpressRoute gateway.\n3. Provision Oracle Interconnect for Azure connectivity (interconnect + routing\/BGP parameters).\n4. Configure routing\/security on both sides.\n5. Validate connectivity (ping, SSH, simple HTTP).\n6. Clean up resources to stop billing.<\/p>\n\n\n\n
                                                                                              \n\n\n\n
                                                                                              Step 1: Plan IP addressing and regions<\/h3>\n\n\n\n
                                                                                                \n
                                                                                              1. Choose a supported paired region<\/strong>:\n   – OCI region: OCI_REGION_A<\/code>\n   – Azure region: AZURE_REGION_A<\/code><\/li>\n
                                                                                              2. Ensure CIDR ranges do not overlap<\/strong>:\n   – OCI VCN: 10.10.0.0\/16<\/code>\n   – Azure VNet: 10.20.0.0\/16<\/code><\/li>\n<\/ol>\n\n\n\n
                                                                                                Expected outcome<\/strong>\n– You have selected a region pair and non-overlapping CIDRs.<\/p>\n\n\n\n
                                                                                                Verification<\/strong>\n– Confirm the region pair is supported in official docs (links in section 17).<\/p>\n\n\n\n
                                                                                                \n\n\n\n
                                                                                                Step 2: Create OCI VCN, subnet, and DRG<\/h3>\n\n\n\n
                                                                                                You can do this via OCI Console or OCI CLI. Below is a CLI-driven approach for repeatability.<\/p>\n\n\n\n
                                                                                                \n
                                                                                                You must already have OCI CLI configured (oci setup config<\/code>) and a compartment OCID.<\/p>\n<\/blockquote>\n\n\n\n
                                                                                                2.1 Create VCN<\/h4>\n\n\n\n
                                                                                                export COMPARTMENT_OCID=\"ocid1.compartment.oc1..exampleuniqueID\"\nexport OCI_REGION=\"us-ashburn-1\"   # example; use your paired region\nexport VCN_CIDR=\"10.10.0.0\/16\"\n\noci network vcn create \\\n  --compartment-id \"$COMPARTMENT_OCID\" \\\n  --cidr-block \"$VCN_CIDR\" \\\n  --display-name \"lab-oci-vcn-azure-interconnect\" \\\n  --dns-label \"labocivcn\"\n<\/code><\/pre>\n\n\n\n
                                                                                                Capture the id<\/code> as VCN_OCID<\/code>.<\/p>\n\n\n\n
                                                                                                2.2 Create a subnet<\/h4>\n\n\n\n
                                                                                                Use a \/24 for the lab subnet.<\/p>\n\n\n\n
                                                                                                export VCN_OCID=\"ocid1.vcn.oc1..exampleuniqueID\"\nexport SUBNET_CIDR=\"10.10.10.0\/24\"\n\noci network subnet create \\\n  --compartment-id \"$COMPARTMENT_OCID\" \\\n  --vcn-id \"$VCN_OCID\" \\\n  --cidr-block \"$SUBNET_CIDR\" \\\n  --display-name \"lab-oci-subnet\" \\\n  --dns-label \"subnet10\" \\\n  --prohibit-public-ip-on-vnic true\n<\/code><\/pre>\n\n\n\n
                                                                                                2.3 Create a DRG<\/h4>\n\n\n\n
                                                                                                oci network drg create \\\n  --compartment-id \"$COMPARTMENT_OCID\" \\\n  --display-name \"lab-drg-azure-interconnect\"\n<\/code><\/pre>\n\n\n\n
                                                                                                Capture DRG_OCID<\/code>.<\/p>\n\n\n\n
                                                                                                2.4 Attach DRG to the VCN<\/h4>\n\n\n\n
                                                                                                export DRG_OCID=\"ocid1.drg.oc1..exampleuniqueID\"\n\noci network drg-attachment create \\\n  --drg-id \"$DRG_OCID\" \\\n  --vcn-id \"$VCN_OCID\" \\\n  --display-name \"lab-drg-attach-vcn\"\n<\/code><\/pre>\n\n\n\n
                                                                                                Expected outcome<\/strong>\n– OCI has a VCN, a private subnet, a DRG, and a DRG attachment to the VCN.<\/p>\n\n\n\n
                                                                                                Verification<\/strong>\n– In OCI Console, check Networking \u2192 Virtual Cloud Networks<\/strong> and Dynamic Routing Gateways<\/strong>.\n– Ensure the DRG attachment state is Attached<\/strong>.<\/p>\n\n\n\n
                                                                                                \n\n\n\n
                                                                                                Step 3: Create an OCI test VM (no public IP)<\/h3>\n\n\n\n
                                                                                                Use OCI Bastion or an existing admin network for access. For simplicity, you can temporarily use a public IP and lock it down, but the more secure pattern is: no public IP + OCI Bastion<\/strong>.<\/p>\n\n\n\n
                                                                                                Recommended (secure) approach:<\/strong> OCI Bastion\nDocs: https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Bastion\/home.htm<\/p>\n\n\n\n
                                                                                                High-level steps (console-driven):\n1. Create a compute instance in lab-oci-subnet<\/code> with no public IP<\/strong>.\n2. Create an OCI Bastion in the VCN.\n3. Start a managed SSH session to the instance.<\/p>\n\n\n\n
                                                                                                Expected outcome<\/strong>\n– You can SSH into the OCI VM privately.<\/p>\n\n\n\n
                                                                                                Verification<\/strong>\n– On the OCI VM, confirm its IP (example: 10.10.10.10<\/code>) and that it can reach its default gateway.<\/p>\n\n\n\n
                                                                                                \n\n\n\n
                                                                                                Step 4: Create Azure VNet, subnets, and ExpressRoute gateway<\/h3>\n\n\n\n
                                                                                                4.1 Create Azure VNet and subnets<\/h4>\n\n\n\n
                                                                                                You need at minimum:\n– A workload subnet (e.g., 10.20.10.0\/24<\/code>)\n– A GatewaySubnet<\/strong> (required by Azure) (e.g., 10.20.255.0\/27<\/code> or larger as required; verify Azure requirements)<\/p>\n\n\n\n
                                                                                                Using Azure CLI (example):<\/p>\n\n\n\n
                                                                                                az group create --name rg-azure-oci-interconnect --location \"eastus\"\n\naz network vnet create \\\n  --resource-group rg-azure-oci-interconnect \\\n  --name vnet-azure-lab \\\n  --address-prefixes 10.20.0.0\/16 \\\n  --subnet-name subnet-workload \\\n  --subnet-prefixes 10.20.10.0\/24\n\naz network vnet subnet create \\\n  --resource-group rg-azure-oci-interconnect \\\n  --vnet-name vnet-azure-lab \\\n  --name GatewaySubnet \\\n  --address-prefixes 10.20.255.0\/27\n<\/code><\/pre>\n\n\n\n
                                                                                                4.2 Create an Azure test VM (private IP)<\/h4>\n\n\n\n
                                                                                                Create a VM in subnet-workload<\/code>. For a strict private lab, avoid public IP and use Azure Bastion<\/strong>. If you must use a public IP, restrict inbound rules to your IP only.<\/p>\n\n\n\n
                                                                                                Expected outcome<\/strong>\n– An Azure VM exists with a private IP in 10.20.10.0\/24<\/code>.<\/p>\n\n\n\n
                                                                                                Verification<\/strong>\n– In Azure Portal, confirm the VM NIC private IP (example: 10.20.10.10<\/code>).<\/p>\n\n\n\n
                                                                                                4.3 Create ExpressRoute gateway (Virtual Network Gateway)<\/h4>\n\n\n\n
                                                                                                ExpressRoute requires a Virtual Network Gateway. Exact command parameters depend on SKU and zone redundancy availability.<\/p>\n\n\n\n
                                                                                                Azure docs (authoritative): https:\/\/learn.microsoft.com\/azure\/expressroute\/expressroute-howto-add-gateway<\/p>\n\n\n\n
                                                                                                High-level (CLI outline; verify exact SKUs\/flags):\n1. Create a public IP for the gateway.\n2. Create the virtual network gateway of type ExpressRoute<\/strong>.<\/p>\n\n\n\n
                                                                                                Expected outcome<\/strong>\n– Azure ExpressRoute gateway exists and is associated with vnet-azure-lab<\/code>.<\/p>\n\n\n\n
                                                                                                Verification<\/strong>\n– Azure Portal shows Virtual network gateway provisioning succeeded.<\/p>\n\n\n\n
                                                                                                \n\n\n\n
                                                                                                Step 5: Provision Oracle Interconnect for Azure connectivity<\/h3>\n\n\n\n
                                                                                                This is the step where region-pair support and the latest workflow matter most.<\/p>\n\n\n\n
                                                                                                Use the official OCI guide for Oracle Interconnect for Azure:\n– OCI docs (verify current): https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Network\/Concepts\/azure.htm<\/p>\n\n\n\n
                                                                                                Typical high-level flow (verify exact order):\n1. In OCI, navigate to the Oracle Interconnect for Azure workflow (may be under Networking).\n2. Create an interconnect connection for your region pair.\n3. Obtain required service key \/ authorization<\/strong> details for Azure ExpressRoute.\n4. In Azure, create or associate an ExpressRoute circuit<\/strong> using the provided authorization\/service key (or generate a key in Azure to input into OCI\u2014depends on current workflow).\n5. Configure private peering<\/strong> and BGP parameters as required.\n6. Ensure the circuit and BGP peerings are in Provisioned<\/strong> \/ Enabled<\/strong> \/ Up<\/strong> state.<\/p>\n\n\n\n
                                                                                                Expected outcome<\/strong>\n– OCI and Azure show the interconnect connection as provisioned\/active.\n– BGP sessions are established (or the provider-managed routing is active, depending on model).<\/p>\n\n\n\n
                                                                                                Verification<\/strong>\n– OCI: interconnect\/virtual circuit status is Up<\/strong> or equivalent.\n– Azure: ExpressRoute circuit shows Provisioned<\/strong>, peering Enabled<\/strong>, and gateway connection Connected<\/strong>.<\/p>\n\n\n\n
                                                                                                \n\n\n\n
                                                                                                Step 6: Configure routing (OCI side)<\/h3>\n\n\n\n
                                                                                                You must ensure OCI subnets route Azure CIDRs to the DRG.<\/p>\n\n\n\n
                                                                                                6.1 Update OCI VCN route table<\/h4>\n\n\n\n
                                                                                                Add a route rule:\n– Destination: 10.20.0.0\/16<\/code>\n– Target: DRG<\/code><\/p>\n\n\n\n
                                                                                                Using OCI CLI (route table OCID needed):<\/p>\n\n\n\n
                                                                                                export ROUTE_TABLE_OCID=\"ocid1.routetable.oc1..exampleuniqueID\"\nexport AZURE_VNET_CIDR=\"10.20.0.0\/16\"\n\noci network route-table update \\\n  --rt-id \"$ROUTE_TABLE_OCID\" \\\n  --route-rules \"[\n    {\n      \\\"destination\\\": \\\"$AZURE_VNET_CIDR\\\",\n      \\\"destinationType\\\": \\\"CIDR_BLOCK\\\",\n      \\\"networkEntityId\\\": \\\"$DRG_OCID\\\"\n    }\n  ]\"\n<\/code><\/pre>\n\n\n\n
                                                                                                \n
                                                                                                Note: If your route table already has rules, you must include them all in the update payload. Many teams prefer editing in the OCI Console to avoid accidental overwrites.<\/p>\n<\/blockquote>\n\n\n\n
                                                                                                6.2 Ensure DRG route tables\/distributions allow Azure routes<\/h4>\n\n\n\n
                                                                                                Modern OCI DRG uses route tables and route distributions. You may need to:\n– Import Azure routes into the DRG route table associated with the VCN attachment.\n– Export OCI VCN routes to the interconnect attachment.<\/p>\n\n\n\n
                                                                                                Expected outcome<\/strong>\n– OCI knows that 10.20.0.0\/16<\/code> is reachable via DRG and the DRG knows how to reach Azure via the interconnect attachment.<\/p>\n\n\n\n
                                                                                                Verification<\/strong>\n– Check DRG route table \u201ceffective routes\u201d in OCI console (if available).\n– If OCI shows learned routes from Azure, confirm 10.20.0.0\/16<\/code> appears.<\/p>\n\n\n\n
                                                                                                \n\n\n\n
                                                                                                Step 7: Configure routing (Azure side)<\/h3>\n\n\n\n
                                                                                                In Azure, ExpressRoute + VNet gateway typically handles route propagation automatically for connected VNets, but you must ensure:\n– The VNet is connected to the ExpressRoute circuit via the gateway connection.\n– Routes to OCI CIDRs (10.10.0.0\/16<\/code>) are being learned\/propagated.<\/p>\n\n\n\n
                                                                                                Expected outcome<\/strong>\n– Azure workload subnet can route to OCI CIDRs via the ExpressRoute gateway.<\/p>\n\n\n\n
                                                                                                Verification<\/strong>\n– Check Effective routes on the Azure VM NIC:\n  – Azure Portal \u2192 VM \u2192 Networking \u2192 NIC \u2192 Effective routes<\/strong>\n– Confirm 10.10.0.0\/16<\/code> (or more specific OCI prefixes) appears with next hop as Virtual network gateway.<\/p>\n\n\n\n
                                                                                                \n\n\n\n
                                                                                                Step 8: Configure security rules (both sides)<\/h3>\n\n\n\n
                                                                                                Connectivity often fails not because of routing, but because of security rules.<\/p>\n\n\n\n
                                                                                                8.1 OCI: NSGs \/ Security Lists<\/h4>\n\n\n\n
                                                                                                Allow inbound from Azure CIDR to the OCI VM on required ports:\n– ICMP (for ping) if you want it\n– SSH (22) from Azure CIDR\n– Any app ports (e.g., 80\/443)<\/p>\n\n\n\n
                                                                                                Example security list rules (conceptual; apply via console or API):\n– Ingress: Source 10.20.0.0\/16<\/code>, Protocol TCP, Destination port 22\n– Ingress: Source 10.20.0.0\/16<\/code>, Protocol ICMP (type 8)<\/p>\n\n\n\n
                                                                                                8.2 Azure: NSG rules<\/h4>\n\n\n\n
                                                                                                Allow inbound from OCI CIDR to Azure VM:\n– ICMP may be blocked by OS firewall even if NSG allows it.\n– Allow SSH\/RDP depending on OS.\n– Allow app ports.<\/p>\n\n\n\n
                                                                                                Expected outcome<\/strong>\n– Security policies allow the intended cross-cloud traffic.<\/p>\n\n\n\n
                                                                                                Verification<\/strong>\n– Confirm no \u201cdeny\u201d rules override your allow rules.\n– Check OS firewalls (Linux ufw<\/code>\/firewalld<\/code>, Windows Defender Firewall).<\/p>\n\n\n\n
                                                                                                \n\n\n\n
                                                                                                Step 9: Validate connectivity<\/h3>\n\n\n\n
                                                                                                Perform tests from OCI VM to Azure VM and vice versa.<\/p>\n\n\n\n
                                                                                                9.1 Ping test (if allowed)<\/h4>\n\n\n\n
                                                                                                From OCI VM:<\/p>\n\n\n\n
                                                                                                ping -c 4 10.20.10.10\n<\/code><\/pre>\n\n\n\n
                                                                                                From Azure VM:<\/p>\n\n\n\n
                                                                                                ping -c 4 10.10.10.10\n<\/code><\/pre>\n\n\n\n
                                                                                                \n
                                                                                                Many Linux images block ICMP by default at the OS firewall or cloud policy; failure here doesn\u2019t always mean routing is broken.<\/p>\n<\/blockquote>\n\n\n\n
                                                                                                9.2 TCP connectivity test<\/h4>\n\n\n\n
                                                                                                From OCI VM to Azure VM SSH port (example):<\/p>\n\n\n\n
                                                                                                nc -vz 10.20.10.10 22\n<\/code><\/pre>\n\n\n\n
                                                                                                From Azure VM to OCI VM SSH port:<\/p>\n\n\n\n
                                                                                                nc -vz 10.10.10.10 22\n<\/code><\/pre>\n\n\n\n
                                                                                                9.3 Application test (optional)<\/h4>\n\n\n\n
                                                                                                Run a simple HTTP server on one VM:<\/p>\n\n\n\n
                                                                                                python3 -m http.server 8080 --bind 0.0.0.0\n<\/code><\/pre>\n\n\n\n
                                                                                                From the other VM:<\/p>\n\n\n\n
                                                                                                curl -I http:\/\/<peer-private-ip>:8080\n<\/code><\/pre>\n\n\n\n
                                                                                                Expected outcome<\/strong>\n– Packets traverse privately between OCI and Azure.\n– TCP connectivity succeeds for allowed ports.<\/p>\n\n\n\n
                                                                                                \n\n\n\n
                                                                                                Validation<\/h3>\n\n\n\n
                                                                                                Use this checklist:<\/p>\n\n\n\n
                                                                                                \n\n\n\n\n\n\n\n\n\n
                                                                                                Validation item<\/th>\nHow to check<\/th>\nSuccess looks like<\/th>\n<\/tr>\n<\/thead>\n
                                                                                                Interconnect\/circuit state<\/td>\nOCI console + Azure portal<\/td>\nProvisioned\/Up\/Connected<\/td>\n<\/tr>\n
                                                                                                BGP status<\/td>\nExpressRoute peering + OCI interconnect status<\/td>\nEstablished\/Up<\/td>\n<\/tr>\n
                                                                                                Effective routes (Azure)<\/td>\nNIC effective routes<\/td>\nOCI CIDRs present<\/td>\n<\/tr>\n
                                                                                                Effective routes (OCI)<\/td>\nDRG route tables \/ learned routes<\/td>\nAzure CIDRs present<\/td>\n<\/tr>\n
                                                                                                Security rules<\/td>\nNSG\/NSG + OS firewall<\/td>\nNo unintended denies<\/td>\n<\/tr>\n
                                                                                                End-to-end TCP test<\/td>\nnc<\/code>, curl<\/code>, app logs<\/td>\nSuccessful connections<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n
                                                                                                \n\n\n\n
                                                                                                Troubleshooting<\/h3>\n\n\n\n
                                                                                                Common problems and fixes:<\/p>\n\n\n\n
                                                                                                  \n
                                                                                                1. \n
                                                                                                  Overlapping CIDRs<\/strong>\n   – Symptom: Routes don\u2019t propagate or traffic blackholes.\n   – Fix: Re-IP one side (best) or introduce NAT (complex; avoid if possible).<\/p>\n<\/li>\n
                                                                                                2. \n
                                                                                                  Missing OCI route table entry<\/strong>\n   – Symptom: OCI VM can\u2019t reach Azure CIDR.\n   – Fix: Add route 10.20.0.0\/16 \u2192 DRG<\/code> to the subnet route table.<\/p>\n<\/li>\n
                                                                                                3. \n
                                                                                                  DRG route distribution misconfiguration (OCI)<\/strong>\n   – Symptom: OCI DRG doesn\u2019t learn\/advertise expected prefixes.\n   – Fix: Check DRG route tables and route distributions for each attachment. Verify import\/export rules.<\/p>\n<\/li>\n
                                                                                                4. \n
                                                                                                  Azure gateway not connected to ExpressRoute circuit<\/strong>\n   – Symptom: Azure effective routes don\u2019t show OCI prefixes.\n   – Fix: Confirm VNet gateway connection to the circuit is created and connected.<\/p>\n<\/li>\n
                                                                                                5. \n
                                                                                                  NSG\/security list blocks traffic<\/strong>\n   – Symptom: Routes look correct but TCP\/ICMP fails.\n   – Fix: Add explicit allow rules and verify OS firewall settings.<\/p>\n<\/li>\n
                                                                                                6. \n
                                                                                                  Asymmetric routing through firewalls<\/strong>\n   – Symptom: One direction works; return traffic is dropped.\n   – Fix: Ensure both directions follow the same inspection path or stateful device configuration supports it.<\/p>\n<\/li>\n
                                                                                                7. \n
                                                                                                  DNS resolution fails<\/strong>\n   – Symptom: IP connectivity works, but service names fail.\n   – Fix: Implement cross-cloud DNS forwarding (OCI DNS \u2194 Azure Private DNS) or use conditional forwarders.<\/p>\n<\/li>\n<\/ol>\n\n\n\n
                                                                                                  \n\n\n\n
                                                                                                  Cleanup<\/h3>\n\n\n\n
                                                                                                  To stop billing, remove resources in reverse order:<\/p>\n\n\n\n
                                                                                                  Azure:<\/strong>\n1. Delete test VMs (and associated NICs\/public IPs\/disks if not auto-deleted).\n2. Delete ExpressRoute gateway (Virtual Network Gateway).\n3. Delete ExpressRoute circuit (if created for the lab).\n4. Delete VNets if created only for lab.\n5. Delete resource group rg-azure-oci-interconnect<\/code> (fastest if all resources are inside it).<\/p>\n\n\n\n
                                                                                                  OCI:<\/strong>\n1. Terminate test compute instances.\n2. Delete Bastion (if created).\n3. Detach and delete interconnect\/virtual circuit resources (per official procedure).\n4. Detach DRG from VCN and delete DRG.\n5. Delete subnet(s) and VCN.<\/p>\n\n\n\n
                                                                                                  \n
                                                                                                  Always verify interconnect and circuit deletion steps; some resources have dependencies and required ordering.<\/p>\n<\/blockquote>\n\n\n\n
                                                                                                  \n\n\n\n
                                                                                                  11. Best Practices<\/h2>\n\n\n\n
                                                                                                  Architecture best practices<\/h3>\n\n\n\n
                                                                                                    \n
                                                                                                  • Use hub-and-spoke<\/strong> in each cloud for scaling and centralized controls.<\/li>\n
                                                                                                  • Keep cross-cloud traffic to well-defined interfaces<\/strong> (API layer) rather than chatty east-west microservice calls.<\/li>\n
                                                                                                  • Prefer asynchronous integration<\/strong> (queues\/events) where latency matters.<\/li>\n
                                                                                                  • Design for failure domains<\/strong>: region outage, circuit impairment, gateway failure.<\/li>\n<\/ul>\n\n\n\n
                                                                                                    IAM\/security best practices<\/h3>\n\n\n\n
                                                                                                      \n
                                                                                                    • Use least-privilege:<\/li>\n
                                                                                                    • Separate roles for network engineers vs operators vs auditors.<\/li>\n
                                                                                                    • Require change management for:<\/li>\n
                                                                                                    • Route table changes<\/li>\n
                                                                                                    • BGP configuration changes<\/li>\n
                                                                                                    • Security rules changes<\/li>\n
                                                                                                    • Use resource tagging for ownership and cost center tracking.<\/li>\n<\/ul>\n\n\n\n
                                                                                                      Cost best practices<\/h3>\n\n\n\n
                                                                                                        \n
                                                                                                      • Right-size bandwidth and review utilization monthly.<\/li>\n
                                                                                                      • Use VPN for dev\/test unless the environment must exactly mirror production.<\/li>\n
                                                                                                      • Minimize egress-heavy flows; consider data locality and compression.<\/li>\n<\/ul>\n\n\n\n
                                                                                                        Performance best practices<\/h3>\n\n\n\n
                                                                                                          \n
                                                                                                        • Place latency-sensitive dependencies in paired regions.<\/li>\n
                                                                                                        • Avoid unnecessary hairpinning through multiple firewalls unless required.<\/li>\n
                                                                                                        • Use connection pooling and retries with sane timeouts across clouds.<\/li>\n<\/ul>\n\n\n\n
                                                                                                          Reliability best practices<\/h3>\n\n\n\n
                                                                                                            \n
                                                                                                          • Implement redundancy per provider guidance:<\/li>\n
                                                                                                          • Redundant links\/circuits where applicable<\/li>\n
                                                                                                          • Zone-redundant gateways when supported<\/li>\n
                                                                                                          • Test failover scenarios quarterly:<\/li>\n
                                                                                                          • Circuit down<\/li>\n
                                                                                                          • Route withdrawal<\/li>\n
                                                                                                          • Gateway replacement<\/li>\n<\/ul>\n\n\n\n
                                                                                                            Operations best practices<\/h3>\n\n\n\n
                                                                                                              \n
                                                                                                            • Build dashboards:<\/li>\n
                                                                                                            • Circuit state<\/li>\n
                                                                                                            • BGP status<\/li>\n
                                                                                                            • Throughput saturation<\/li>\n
                                                                                                            • Packet drops<\/li>\n
                                                                                                            • Alert on:<\/li>\n
                                                                                                            • BGP down<\/li>\n
                                                                                                            • Sudden route changes<\/li>\n
                                                                                                            • Sustained >70\u201380% bandwidth utilization<\/li>\n
                                                                                                            • Runbooks:<\/li>\n
                                                                                                            • \u201cNo route to host\u201d<\/li>\n
                                                                                                            • \u201cBGP down\u201d<\/li>\n
                                                                                                            • \u201cOnly one direction works\u201d<\/li>\n<\/ul>\n\n\n\n
                                                                                                              Governance\/tagging\/naming best practices<\/h3>\n\n\n\n
                                                                                                                \n
                                                                                                              • Standardize names:<\/li>\n
                                                                                                              • env-region-app-purpose<\/code><\/li>\n
                                                                                                              • Tag both OCI and Azure resources:<\/li>\n
                                                                                                              • Owner<\/code>, CostCenter<\/code>, Environment<\/code>, DataClassification<\/code><\/li>\n
                                                                                                              • Document CIDR allocations centrally.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                \n\n\n\n
                                                                                                                12. Security Considerations<\/h2>\n\n\n\n
                                                                                                                Identity and access model<\/h3>\n\n\n\n
                                                                                                                  \n
                                                                                                                • OCI:<\/li>\n
                                                                                                                • Use IAM policies scoped to compartments.<\/li>\n
                                                                                                                • Restrict who can manage DRG, route tables, and interconnect resources.<\/li>\n
                                                                                                                • Azure:<\/li>\n
                                                                                                                • Use RBAC and Privileged Identity Management (PIM) where possible.<\/li>\n
                                                                                                                • Restrict ExpressRoute circuit modifications.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                  Encryption<\/h3>\n\n\n\n
                                                                                                                    \n
                                                                                                                  • The interconnect provides a private<\/strong> path; encryption is typically achieved by:<\/li>\n
                                                                                                                  • TLS<\/strong> (HTTPS, mTLS) for application traffic<\/li>\n
                                                                                                                  • Database native encryption<\/strong> (where applicable)<\/li>\n
                                                                                                                  • Optional IPsec overlay<\/strong> if your security policy requires network-layer encryption (verify feasibility and performance impact)<\/li>\n<\/ul>\n\n\n\n
                                                                                                                    Network exposure<\/h3>\n\n\n\n
                                                                                                                      \n
                                                                                                                    • Prefer no public IPs<\/strong> for workloads.<\/li>\n
                                                                                                                    • Use bastion services (OCI Bastion, Azure Bastion).<\/li>\n
                                                                                                                    • Avoid broad CIDR advertisements; only advertise what you must.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                      Secrets handling<\/h3>\n\n\n\n
                                                                                                                        \n
                                                                                                                      • Store secrets in:<\/li>\n
                                                                                                                      • OCI Vault: https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/KeyManagement\/home.htm<\/li>\n
                                                                                                                      • Azure Key Vault: https:\/\/learn.microsoft.com\/azure\/key-vault\/<\/li>\n
                                                                                                                      • Never embed credentials in VM images or user data scripts.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                        Audit\/logging<\/h3>\n\n\n\n
                                                                                                                          \n
                                                                                                                        • OCI Audit logs:<\/li>\n
                                                                                                                        • Track networking and IAM changes.<\/li>\n
                                                                                                                        • Azure Activity Log:<\/li>\n
                                                                                                                        • Track ExpressRoute and gateway changes.<\/li>\n
                                                                                                                        • Centralize logs to a SIEM and retain per policy.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                          Compliance considerations<\/h3>\n\n\n\n
                                                                                                                            \n
                                                                                                                          • Maintain evidence:<\/li>\n
                                                                                                                          • Route and security policy definitions<\/li>\n
                                                                                                                          • Change approvals<\/li>\n
                                                                                                                          • Access reviews<\/li>\n
                                                                                                                          • Validate whether \u201cprivate connectivity\u201d satisfies regulatory requirements for data in transit.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                            Common security mistakes<\/h3>\n\n\n\n
                                                                                                                              \n
                                                                                                                            • Treating private circuits as \u201ctrusted\u201d and allowing overly broad access.<\/li>\n
                                                                                                                            • Advertising default routes cross-cloud without careful segmentation.<\/li>\n
                                                                                                                            • Overlapping CIDRs and using NAT as a band-aid without threat modeling.<\/li>\n
                                                                                                                            • Lack of monitoring for route changes and BGP flaps.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                              Secure deployment recommendations<\/h3>\n\n\n\n
                                                                                                                                \n
                                                                                                                              • Enforce segmentation:<\/li>\n
                                                                                                                              • Separate app, data, and admin networks.<\/li>\n
                                                                                                                              • Add inspection where required:<\/li>\n
                                                                                                                              • Azure Firewall \/ OCI Network Firewall<\/li>\n
                                                                                                                              • Use deny-by-default security groups and explicitly allow required ports.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                \n\n\n\n
                                                                                                                                13. Limitations and Gotchas<\/h2>\n\n\n\n
                                                                                                                                \n
                                                                                                                                Confirm the latest constraints in official docs for your target region pair.<\/p>\n<\/blockquote>\n\n\n\n
                                                                                                                                  \n
                                                                                                                                • Region pair constraints:<\/strong> Available only in specific OCI \u2194 Azure region pairs.<\/li>\n
                                                                                                                                • Lead time:<\/strong> Provisioning may not be instantaneous; enterprise connectivity can require coordination.<\/li>\n
                                                                                                                                • Cost surprises:<\/strong> ExpressRoute and private connectivity can be significantly more expensive than VPN for low-traffic environments.<\/li>\n
                                                                                                                                • Overlapping CIDRs:<\/strong> A frequent blocker; avoid at design time.<\/li>\n
                                                                                                                                • Route propagation complexity:<\/strong> OCI DRG route tables\/distributions can be misconfigured; Azure effective routes can be misinterpreted.<\/li>\n
                                                                                                                                • Asymmetric routing with inspection:<\/strong> Stateful firewalls require symmetric flows; multicloud routing can break symmetry.<\/li>\n
                                                                                                                                • DNS is not automatic:<\/strong> Name resolution across clouds needs explicit design.<\/li>\n
                                                                                                                                • Throughput limits:<\/strong> Azure gateway SKU and circuit bandwidth can cap performance; OCI limits may also apply.<\/li>\n
                                                                                                                                • Change blast radius:<\/strong> A route change can affect many networks; implement guardrails.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                  \n\n\n\n
                                                                                                                                  14. Comparison with Alternatives<\/h2>\n\n\n\n
                                                                                                                                  Alternatives to consider<\/h3>\n\n\n\n
                                                                                                                                    \n
                                                                                                                                  • OCI Site-to-Site VPN + Azure VPN Gateway<\/strong> (internet-based IPsec)<\/li>\n
                                                                                                                                  • Third-party interconnect providers<\/strong> (Megaport, Equinix, etc.) using FastConnect\/ExpressRoute (depending on your colo strategy)<\/li>\n
                                                                                                                                  • Application-layer integration<\/strong> (public APIs with mTLS, WAF, private endpoints\u2014where appropriate)<\/li>\n
                                                                                                                                  • Self-managed SD-WAN\/NVA appliances<\/strong> (complex, but sometimes required)<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                    Comparison table<\/h3>\n\n\n\n
                                                                                                                                    \n\n\n\n\n\n\n\n\n
                                                                                                                                    Option<\/th>\nBest For<\/th>\nStrengths<\/th>\nWeaknesses<\/th>\nWhen to Choose<\/th>\n<\/tr>\n<\/thead>\n
                                                                                                                                    Oracle Interconnect for Azure<\/td>\nProduction-grade OCI\u2194Azure private connectivity in supported region pairs<\/td>\nPrivate, high throughput, lower latency, enterprise routing<\/td>\nRegion-pair limits, cost, provisioning complexity<\/td>\nWhen you need predictable private connectivity for prod workloads<\/td>\n<\/tr>\n
                                                                                                                                    OCI Site-to-Site VPN + Azure VPN Gateway<\/td>\nDev\/test, smaller workloads, quick setup<\/td>\nFast to deploy, encrypted by default (IPsec), lower entry cost<\/td>\nInternet variability, lower throughput, more tunnel ops<\/td>\nWhen budgets are tight or region pairs aren\u2019t supported<\/td>\n<\/tr>\n
                                                                                                                                    ExpressRoute + FastConnect via third-party provider<\/td>\nEnterprises with existing colocation\/interconnect contracts<\/td>\nFlexibility across many regions, multi-provider options<\/td>\nMore vendor coordination, more moving parts<\/td>\nWhen you need broader geographic reach than the native interconnect pairing<\/td>\n<\/tr>\n
                                                                                                                                    Public internet with strong security (TLS\/mTLS, WAF)<\/td>\nPublic-facing APIs, low-risk integrations<\/td>\nSimple architecture, minimal network dependencies<\/td>\nPublic exposure, egress costs, latency variability<\/td>\nWhen workloads are designed for internet and don\u2019t require private routing<\/td>\n<\/tr>\n
                                                                                                                                    Self-managed NVAs\/SD-WAN overlay<\/td>\nHighly customized routing\/security, multi-site<\/td>\nDeep control, consistent policy<\/td>\nOperational burden, licensing, HA complexity<\/td>\nWhen you already run SD-WAN and must extend it to clouds<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n
                                                                                                                                    \n\n\n\n
                                                                                                                                    15. Real-World Example<\/h2>\n\n\n\n
                                                                                                                                    Enterprise example: Retail platform with Azure app tier and OCI data tier<\/h3>\n\n\n\n
                                                                                                                                      \n
                                                                                                                                    • Problem:<\/strong> A retailer runs customer-facing apps in Azure but uses Oracle Cloud for a data platform. They need low-latency, private access from Azure services to OCI-hosted data services without exposing databases publicly.<\/li>\n
                                                                                                                                    • Proposed architecture:<\/strong><\/li>\n
                                                                                                                                    • Azure hub-and-spoke VNets with Azure Firewall.<\/li>\n
                                                                                                                                    • ExpressRoute gateway in hub VNet.<\/li>\n
                                                                                                                                    • OCI hub VCN with DRG and OCI Network Firewall.<\/li>\n
                                                                                                                                    • Oracle Interconnect for Azure connects Azure hub to OCI hub.<\/li>\n
                                                                                                                                    • Only specific OCI subnets are advertised to Azure; only app subnets can reach data subnets.<\/li>\n
                                                                                                                                    • Why this service was chosen:<\/strong><\/li>\n
                                                                                                                                    • Stable performance for high-traffic internal API calls and data access.<\/li>\n
                                                                                                                                    • Reduced public exposure and simpler compliance story than public endpoints.<\/li>\n
                                                                                                                                    • Expected outcomes:<\/strong><\/li>\n
                                                                                                                                    • Fewer timeouts, improved performance consistency.<\/li>\n
                                                                                                                                    • Reduced attack surface (no public DB endpoints).<\/li>\n
                                                                                                                                    • Clear operational ownership with monitoring and change control.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                      Startup\/small-team example: SaaS with phased multicloud adoption<\/h3>\n\n\n\n
                                                                                                                                        \n
                                                                                                                                      • Problem:<\/strong> A startup is Azure-first but wants to adopt an OCI service for a specific backend capability. They need secure connectivity without redesigning their network around public endpoints.<\/li>\n
                                                                                                                                      • Proposed architecture:<\/strong><\/li>\n
                                                                                                                                      • Single Azure VNet with an ExpressRoute gateway.<\/li>\n
                                                                                                                                      • Single OCI VCN with DRG.<\/li>\n
                                                                                                                                      • Oracle Interconnect for Azure for production; VPN for dev\/test.<\/li>\n
                                                                                                                                      • Minimal routing: only 10.20.10.0\/24<\/code> \u2194 10.10.10.0\/24<\/code>.<\/li>\n
                                                                                                                                      • Why this service was chosen:<\/strong><\/li>\n
                                                                                                                                      • Production needs predictable, private connectivity.<\/li>\n
                                                                                                                                      • Keeps architecture simple: a narrow, controlled cross-cloud path.<\/li>\n
                                                                                                                                      • Expected outcomes:<\/strong><\/li>\n
                                                                                                                                      • Faster delivery than rewriting services for public exposure.<\/li>\n
                                                                                                                                      • Lower security risk by keeping services private.<\/li>\n
                                                                                                                                      • A migration path to more advanced hub-and-spoke later.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                        \n\n\n\n
                                                                                                                                        16. FAQ<\/h2>\n\n\n\n
                                                                                                                                          \n
                                                                                                                                        1. \n
                                                                                                                                          Is Oracle Interconnect for Azure the same as FastConnect or ExpressRoute?<\/strong>\n   No. Oracle Interconnect for Azure is the cross-cloud interconnect offering\/pattern. It is typically implemented using OCI FastConnect and Azure ExpressRoute building blocks, plus provider-managed connectivity between the two clouds.<\/p>\n<\/li>\n
                                                                                                                                        2. \n
                                                                                                                                          Do I need non-overlapping CIDRs?<\/strong>\n   Yes, strongly recommended. Overlapping address spaces are one of the most common causes of failed routing and complex NAT workarounds.<\/p>\n<\/li>\n
                                                                                                                                        3. \n
                                                                                                                                          Is traffic encrypted over Oracle Interconnect for Azure?<\/strong>\n   The connectivity is private, but encryption is generally your responsibility (TLS\/mTLS, or IPsec overlay if required). Verify encryption guarantees in official docs and your compliance requirements.<\/p>\n<\/li>\n
                                                                                                                                        4. \n
                                                                                                                                          Which regions are supported?<\/strong>\n   Only specific OCI \u2194 Azure region pairs. Check the official Oracle documentation for the current list.<\/p>\n<\/li>\n
                                                                                                                                        5. \n
                                                                                                                                          How long does provisioning take?<\/strong>\n   It varies by region and workflow. Some steps can be fast, but enterprise circuits\/gateways may have lead times. Verify with provider docs and your account team.<\/p>\n<\/li>\n
                                                                                                                                        6. \n
                                                                                                                                          Can I use it for dev\/test environments?<\/strong>\n   You can, but it may be cost-inefficient compared to VPN. Many teams use VPN for dev\/test and interconnect for production.<\/p>\n<\/li>\n
                                                                                                                                        7. \n
                                                                                                                                          Does it support redundancy?<\/strong>\n   Redundancy is typically part of the design (dual links\/paths), but the exact model depends on the region and configuration. You must still design redundancy in gateways and routing.<\/p>\n<\/li>\n
                                                                                                                                        8. \n
                                                                                                                                          Can I connect multiple VNets to OCI over the same interconnect?<\/strong>\n   Commonly yes by connecting multiple VNets to ExpressRoute and controlling route propagation, but details depend on your Azure and OCI routing design. Verify limits and patterns.<\/p>\n<\/li>\n
                                                                                                                                        9. \n
                                                                                                                                          Can I connect multiple VCNs to Azure over the same DRG?<\/strong>\n   Yes, DRG is designed to connect multiple VCN attachments and manage routing between them and external networks.<\/p>\n<\/li>\n
                                                                                                                                        10. \n
                                                                                                                                          Do I need an Azure ExpressRoute gateway even if I only have one VNet?<\/strong>\n   Typically yes, VNets require an ExpressRoute gateway to use ExpressRoute connectivity. Confirm with Azure ExpressRoute documentation.<\/p>\n<\/li>\n
                                                                                                                                        11. \n
                                                                                                                                          Will my OCI private DNS automatically resolve Azure private hostnames (and vice versa)?<\/strong>\n   No. You must design DNS forwarding\/conditional resolvers across clouds if you need name resolution.<\/p>\n<\/li>\n
                                                                                                                                        12. \n
                                                                                                                                          How do I restrict which networks are reachable across the interconnect?<\/strong>\n   Use route advertisement controls (BGP prefixes), OCI DRG route tables\/distributions, Azure route filters\/propagation controls where applicable, and security groups.<\/p>\n<\/li>\n
                                                                                                                                        13. \n
                                                                                                                                          What monitoring should I set up?<\/strong>\n   Monitor circuit health, BGP status, throughput, and drops in both OCI and Azure. Alert on BGP down and sustained high utilization.<\/p>\n<\/li>\n
                                                                                                                                        14. \n
                                                                                                                                          Can I run a firewall between the clouds?<\/strong>\n   Yes. Many production architectures insert Azure Firewall or OCI Network Firewall (or NVAs). Ensure symmetric routing for stateful inspection.<\/p>\n<\/li>\n
                                                                                                                                        15. \n
                                                                                                                                          Is Oracle Interconnect for Azure suitable for active-active architectures?<\/strong>\n   It can be part of an active-active design, but active-active requires careful data consistency, latency planning, and failure handling. Evaluate application architecture first.<\/p>\n<\/li>\n
                                                                                                                                        16. \n
                                                                                                                                          What\u2019s the simplest first deployment?<\/strong>\n   A single VCN and single VNet connected through the interconnect, advertising only one subnet each, with basic TCP validation tests and strict security rules.<\/p>\n<\/li>\n
                                                                                                                                        17. \n
                                                                                                                                          How do I estimate costs without surprises?<\/strong>\n   Model bandwidth + gateway SKUs + expected monthly data transfer. Use both OCI and Azure pricing pages and calculators, and include log\/firewall costs.<\/p>\n<\/li>\n<\/ol>\n\n\n\n
                                                                                                                                          \n\n\n\n
                                                                                                                                          17. Top Online Resources to Learn Oracle Interconnect for Azure<\/h2>\n\n\n\n
                                                                                                                                          \n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
                                                                                                                                          Resource Type<\/th>\nName<\/th>\nWhy It Is Useful<\/th>\n<\/tr>\n<\/thead>\n
                                                                                                                                          Official documentation<\/td>\nOCI: Oracle Interconnect for Microsoft Azure (verify current) \u2014 https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Network\/Concepts\/azure.htm<\/td>\nPrimary reference for region support, workflow, and OCI-side configuration<\/td>\n<\/tr>\n
                                                                                                                                          Official documentation<\/td>\nOCI FastConnect \u2014 https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Network\/Concepts\/fastconnect.htm<\/td>\nExplains FastConnect concepts often used as part of interconnect implementations<\/td>\n<\/tr>\n
                                                                                                                                          Official documentation<\/td>\nOCI DRG (Dynamic Routing Gateway) \u2014 https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Network\/Tasks\/managingDRGs.htm (verify exact URL)<\/td>\nDRG routing, attachments, route distributions\u2014critical for correct routing<\/td>\n<\/tr>\n
                                                                                                                                          Official pricing<\/td>\nOCI Networking pricing \u2014 https:\/\/www.oracle.com\/cloud\/networking\/pricing\/<\/td>\nUnderstand OCI networking charges (egress, connectivity services)<\/td>\n<\/tr>\n
                                                                                                                                          Official pricing<\/td>\nOCI Pricing overview \u2014 https:\/\/www.oracle.com\/cloud\/pricing\/<\/td>\nEntry point for OCI pricing documentation<\/td>\n<\/tr>\n
                                                                                                                                          Pricing calculator<\/td>\nOCI Cost Estimator \u2014 https:\/\/www.oracle.com\/cloud\/costestimator.html<\/td>\nEstimate OCI-side costs (verify current tool availability)<\/td>\n<\/tr>\n
                                                                                                                                          Official documentation<\/td>\nAzure ExpressRoute overview \u2014 https:\/\/learn.microsoft.com\/azure\/expressroute\/expressroute-introduction<\/td>\nUnderstand ExpressRoute components and design requirements<\/td>\n<\/tr>\n
                                                                                                                                          Official documentation<\/td>\nAzure ExpressRoute gateway setup \u2014 https:\/\/learn.microsoft.com\/azure\/expressroute\/expressroute-howto-add-gateway<\/td>\nGateway requirements and steps<\/td>\n<\/tr>\n
                                                                                                                                          Official pricing<\/td>\nAzure ExpressRoute pricing \u2014 https:\/\/azure.microsoft.com\/pricing\/details\/expressroute\/<\/td>\nExpressRoute circuit and plan pricing model<\/td>\n<\/tr>\n
                                                                                                                                          Pricing calculator<\/td>\nAzure Pricing Calculator \u2014 https:\/\/azure.microsoft.com\/pricing\/calculator\/<\/td>\nModel Azure-side costs including gateway SKUs<\/td>\n<\/tr>\n
                                                                                                                                          Architecture center<\/td>\nOracle Architecture Center \u2014 https:\/\/docs.oracle.com\/solutions\/<\/td>\nReference architectures; search for multicloud and Azure interconnect patterns<\/td>\n<\/tr>\n
                                                                                                                                          Community (high-quality)<\/td>\nMicrosoft Learn (ExpressRoute learning paths) \u2014 https:\/\/learn.microsoft.com\/training\/<\/td>\nStructured learning for ExpressRoute\/networking fundamentals<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n
                                                                                                                                          \n\n\n\n
                                                                                                                                          18. Training and Certification Providers<\/h2>\n\n\n\n
                                                                                                                                          \n\n\n\n\n\n\n\n\n
                                                                                                                                          Institute<\/th>\nSuitable Audience<\/th>\nLikely Learning Focus<\/th>\nMode<\/th>\nWebsite URL<\/th>\n<\/tr>\n<\/thead>\n
                                                                                                                                          DevOpsSchool.com<\/td>\nDevOps engineers, SREs, cloud engineers<\/td>\nMulticloud DevOps, automation, cloud networking fundamentals<\/td>\nCheck website<\/td>\nhttps:\/\/www.devopsschool.com\/<\/td>\n<\/tr>\n
                                                                                                                                          ScmGalaxy.com<\/td>\nBeginners to intermediate engineers<\/td>\nSCM\/DevOps foundations, CI\/CD practices relevant to multicloud ops<\/td>\nCheck website<\/td>\nhttps:\/\/www.scmgalaxy.com\/<\/td>\n<\/tr>\n
                                                                                                                                          CLoudOpsNow.in<\/td>\nCloud operations teams<\/td>\nCloud operations, monitoring, reliability practices<\/td>\nCheck website<\/td>\nhttps:\/\/www.cloudopsnow.in\/<\/td>\n<\/tr>\n
                                                                                                                                          SreSchool.com<\/td>\nSREs, platform teams<\/td>\nSRE principles, incident response, observability for cloud networks<\/td>\nCheck website<\/td>\nhttps:\/\/www.sreschool.com\/<\/td>\n<\/tr>\n
                                                                                                                                          AiOpsSchool.com<\/td>\nOps and platform engineers<\/td>\nAIOps concepts, automation, operational analytics<\/td>\nCheck website<\/td>\nhttps:\/\/www.aiopsschool.com\/<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n
                                                                                                                                          \n\n\n\n
                                                                                                                                          19. Top Trainers<\/h2>\n\n\n\n
                                                                                                                                          \n\n\n\n\n\n\n\n
                                                                                                                                          Platform\/Site<\/th>\nLikely Specialization<\/th>\nSuitable Audience<\/th>\nWebsite URL<\/th>\n<\/tr>\n<\/thead>\n
                                                                                                                                          RajeshKumar.xyz<\/td>\nDevOps\/cloud coaching and guidance (verify offerings)<\/td>\nEngineers seeking hands-on mentoring<\/td>\nhttps:\/\/rajeshkumar.xyz\/<\/td>\n<\/tr>\n
                                                                                                                                          devopstrainer.in<\/td>\nDevOps training and workshops (verify offerings)<\/td>\nBeginners to working professionals<\/td>\nhttps:\/\/www.devopstrainer.in\/<\/td>\n<\/tr>\n
                                                                                                                                          devopsfreelancer.com<\/td>\nFreelance DevOps consulting\/training platform (verify offerings)<\/td>\nTeams wanting short-term help or coaching<\/td>\nhttps:\/\/www.devopsfreelancer.com\/<\/td>\n<\/tr>\n
                                                                                                                                          devopssupport.in<\/td>\nDevOps support and training resources (verify offerings)<\/td>\nOps\/DevOps teams needing practical support<\/td>\nhttps:\/\/www.devopssupport.in\/<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n
                                                                                                                                          \n\n\n\n
                                                                                                                                          20. Top Consulting Companies<\/h2>\n\n\n\n
                                                                                                                                          \n\n\n\n\n\n\n
                                                                                                                                          Company<\/th>\nLikely Service Area<\/th>\nWhere They May Help<\/th>\nConsulting Use Case Examples<\/th>\nWebsite URL<\/th>\n<\/tr>\n<\/thead>\n
                                                                                                                                          cotocus.com<\/td>\nCloud\/DevOps consulting (verify exact services)<\/td>\nMulticloud architecture, automation, operations<\/td>\nDesigning OCI\u2194Azure connectivity patterns; building runbooks and monitoring<\/td>\nhttps:\/\/cotocus.com\/<\/td>\n<\/tr>\n
                                                                                                                                          DevOpsSchool.com<\/td>\nDevOps and cloud consulting\/training<\/td>\nDelivery enablement, platform engineering practices<\/td>\nMulticloud landing zones; IaC pipelines for network provisioning<\/td>\nhttps:\/\/www.devopsschool.com\/<\/td>\n<\/tr>\n
                                                                                                                                          DEVOPSCONSULTING.IN<\/td>\nDevOps consulting (verify exact services)<\/td>\nImplementation support and operational best practices<\/td>\nCI\/CD integration, monitoring setup for cross-cloud platforms<\/td>\nhttps:\/\/www.devopsconsulting.in\/<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n
                                                                                                                                          \n\n\n\n
                                                                                                                                          21. Career and Learning Roadmap<\/h2>\n\n\n\n
                                                                                                                                          What to learn before this service<\/h3>\n\n\n\n
                                                                                                                                            \n
                                                                                                                                          • Networking fundamentals:<\/li>\n
                                                                                                                                          • CIDR, routing tables, NAT, DNS, TCP\/IP<\/li>\n
                                                                                                                                          • BGP basics (ASNs, route advertisement, failover)<\/li>\n
                                                                                                                                          • OCI basics:<\/li>\n
                                                                                                                                          • Compartments, IAM policies<\/li>\n
                                                                                                                                          • VCNs, subnets, NSGs\/security lists<\/li>\n
                                                                                                                                          • DRG concepts<\/li>\n
                                                                                                                                          • Azure basics:<\/li>\n
                                                                                                                                          • Resource groups, RBAC<\/li>\n
                                                                                                                                          • VNets, subnets, NSGs<\/li>\n
                                                                                                                                          • Virtual Network Gateway and ExpressRoute concepts<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                            What to learn after this service<\/h3>\n\n\n\n
                                                                                                                                              \n
                                                                                                                                            • Advanced multicloud networking:<\/li>\n
                                                                                                                                            • Hub-and-spoke at scale<\/li>\n
                                                                                                                                            • Firewall insertion and symmetric routing patterns<\/li>\n
                                                                                                                                            • Cross-cloud DNS architectures<\/li>\n
                                                                                                                                            • Infrastructure as Code:<\/li>\n
                                                                                                                                            • Terraform for OCI and Azure (separate providers; careful orchestration)<\/li>\n
                                                                                                                                            • Observability:<\/li>\n
                                                                                                                                            • Building SLOs\/SLIs for network connectivity<\/li>\n
                                                                                                                                            • Cross-cloud incident response<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                              Job roles that use it<\/h3>\n\n\n\n
                                                                                                                                                \n
                                                                                                                                              • Cloud Network Engineer<\/li>\n
                                                                                                                                              • Solutions Architect (Multicloud)<\/li>\n
                                                                                                                                              • Platform Engineer<\/li>\n
                                                                                                                                              • SRE (Network-focused)<\/li>\n
                                                                                                                                              • Security Engineer (cloud network security)<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                Certification path (if available)<\/h3>\n\n\n\n
                                                                                                                                                  \n
                                                                                                                                                • OCI:<\/li>\n
                                                                                                                                                • OCI networking-focused certifications (verify current Oracle certification tracks)<\/li>\n
                                                                                                                                                • Azure:<\/li>\n
                                                                                                                                                • Azure Network Engineer Associate (or equivalent; verify current)<\/li>\n
                                                                                                                                                • Multicloud:<\/li>\n
                                                                                                                                                • Vendor-neutral networking certifications can help (conceptually), but always align to your employer needs.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                  Project ideas for practice<\/h3>\n\n\n\n
                                                                                                                                                    \n
                                                                                                                                                  1. Build OCI\u2194Azure connectivity and publish internal service over private IP.<\/li>\n
                                                                                                                                                  2. Implement hub-and-spoke in both clouds with firewall inspection.<\/li>\n
                                                                                                                                                  3. Create a cross-cloud DNS conditional forwarding setup.<\/li>\n
                                                                                                                                                  4. Build monitoring dashboards and alerts for BGP\/circuit health.<\/li>\n
                                                                                                                                                  5. Run a failure drill: withdraw a route, validate recovery procedures.<\/li>\n<\/ol>\n\n\n\n
                                                                                                                                                    \n\n\n\n
                                                                                                                                                    22. Glossary<\/h2>\n\n\n\n
                                                                                                                                                      \n
                                                                                                                                                    • OCI (Oracle Cloud Infrastructure):<\/strong> Oracle Cloud\u2019s IaaS\/PaaS platform.<\/li>\n
                                                                                                                                                    • Azure:<\/strong> Microsoft\u2019s cloud platform.<\/li>\n
                                                                                                                                                    • Multicloud:<\/strong> Using more than one cloud provider in a coordinated architecture.<\/li>\n
                                                                                                                                                    • VCN (Virtual Cloud Network):<\/strong> OCI\u2019s virtual network container.<\/li>\n
                                                                                                                                                    • VNet (Virtual Network):<\/strong> Azure\u2019s virtual network container.<\/li>\n
                                                                                                                                                    • Subnet:<\/strong> A segment of a VCN\/VNet where resources are deployed.<\/li>\n
                                                                                                                                                    • DRG (Dynamic Routing Gateway):<\/strong> OCI\u2019s virtual router for connecting VCNs to external networks.<\/li>\n
                                                                                                                                                    • FastConnect:<\/strong> OCI service for private connectivity to on-prem or partners.<\/li>\n
                                                                                                                                                    • ExpressRoute:<\/strong> Azure service for private connectivity to on-prem or partners.<\/li>\n
                                                                                                                                                    • BGP (Border Gateway Protocol):<\/strong> Routing protocol used to exchange network prefixes dynamically.<\/li>\n
                                                                                                                                                    • CIDR:<\/strong> Notation for IP address ranges (e.g., 10.10.0.0\/16).<\/li>\n
                                                                                                                                                    • NSG (Network Security Group):<\/strong> Security rules in OCI (and also in Azure, NSG is a similar concept) controlling traffic.<\/li>\n
                                                                                                                                                    • Security List (OCI):<\/strong> Subnet-level firewall rules (older model compared to NSGs).<\/li>\n
                                                                                                                                                    • Route table:<\/strong> Defines next hops for traffic to destination CIDRs.<\/li>\n
                                                                                                                                                    • Peering (Azure ExpressRoute private peering):<\/strong> The configuration to enable private routing over ExpressRoute.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                      \n\n\n\n
                                                                                                                                                      23. Summary<\/h2>\n\n\n\n
                                                                                                                                                      Oracle Interconnect for Azure is an Oracle Cloud Multicloud<\/strong> connectivity service\/pattern that provides private, routed network connectivity<\/strong> between OCI and Microsoft Azure in supported paired regions. It matters because it enables real-world cross-cloud architectures\u2014like apps in Azure accessing data services in Oracle Cloud\u2014without relying on the public internet.<\/p>\n\n\n\n
                                                                                                                                                      From an architecture perspective, it fits best when you need predictable performance, enterprise routing (BGP), and tight security boundaries across clouds. From a cost perspective, the biggest drivers are typically ExpressRoute\/FastConnect-style connectivity charges, gateway SKUs, and data egress<\/strong>, so you should model bandwidth and monthly data volume carefully. From a security perspective, treat the interconnect as private transport, but still apply least privilege routing<\/strong>, segmentation<\/strong>, and encryption at higher layers<\/strong> (TLS\/mTLS) as required.<\/p>\n\n\n\n
                                                                                                                                                      Use Oracle Interconnect for Azure when you have supported region pairs and production-grade cross-cloud requirements. If you\u2019re early-stage or cost-sensitive, consider VPN for dev\/test and migrate to interconnect for production once traffic and reliability needs justify it.<\/p>\n\n\n\n
                                                                                                                                                      Next step: read the official OCI Oracle Interconnect for Azure documentation and build a small proof of concept that validates routing, security rules, and monitoring before scaling to hub-and-spoke production design.<\/p>\n","protected":false},"excerpt":{"rendered":"
                                                                                                                                                      Multicloud<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[73,62],"tags":[],"class_list":["post-939","post","type-post","status-publish","format-standard","hentry","category-multicloud","category-oracle-cloud"],"_links":{"self":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts\/939","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/comments?post=939"}],"version-history":[{"count":0,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts\/939\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/media?parent=939"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/categories?post=939"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/tags?post=939"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}