Summary
There are three (3) primary transit routing scenarios:
- Access between multiple networks through a single DRG with a firewall between networks
- Access to multiple VCNs in the same region
- Private access to Oracle service
Reference
Overview
Transit Routing inside a hub VCN says:
Transit routing is simply routing traffic to either a virtual cloud network (VCN) or an on-premises network through a central hub VCN. Here's a basic example of why you might use transit routing: you have a large organization with different departments, each with their own VCN. Your on-premises network needs access to the different VCNs, but you don't want the administration overhead of maintaining a secure connection from each VCN to the on-premises network. Instead you want to use a single FastConnect or Site-to-Site VPN.
All three (3) scenarios use a hub-and-spoke configuration with either a DRG or a VCN as the hub. The spokes are either other VCNs or OCI services.
Scenarios
Normally, a single VCN is connected to the on-premises network either through FastConnect or Site-to-site VPN. If there are multiple VCNs in the customer's subscription, then the management and cost overhead of multiple connections can become an issue.
Transit Routing is based upon a single connection between the on-premises network and a hub VCN that has local peering connections to other VCNs. All spoke VCNs must be in the same region as the hub VCN.
The online course only mentions a hub VCN. However, the online documentation mentions that the upgraded DRG can function as the hub with the VCNs as the spokes. This latter configuration simplifies the routing setup. In the original scenario, the spoke VCNs had to route to the LPG which is peered to the hub VCN.