Demonstrate command of DRG and DRG Attachments

Summary

DRG (Dynamic Routing Gateway) can connect to various OCI network objects through DRG attachments. For each attachments, DRG import route tables so that traffic can be routed to the correct attachment.

Reference

Dynamic Routing Gateway

A DRG can have many network attachments of each of the following types:

  • VCN attachments: you can attach many VCNs to a single DRG. Each VCN can be in the same tenancy as the DRG, or in a different tenancy (provided appropriate policies are set). A VCN can attach to one and only one DRG.
  • RPC attachments: you can peer a DRG to other DRGs using remote peering connections. The other DRG can be in other regions or tenancies, or in the same region.
  • IPSEC_TUNNEL attachments: you can use Site-to-Site VPN to attach two or more IPSec tunnels to your DRG to connect to on-premises networks. This is also allowed across tenancies.
  • VIRTUAL_CIRCUIT attachments: you can attach one or more FastConnect virtual circuits to your DRG to connect to on-premises networks.
  • LOOPBACK attachments: you can use Site-to-Site VPN to encrypt FastConnect virtual circuits. See Loopback Attachments for details.

Creating DRG route tables and DRG route distributions lets you define routing policies that route traffic between attachments. Routes can be dynamically imported and exported through these attachments. A route table must be associated with an attachment for that table's configuration to be applied, but an unassociated routing table can exist. DRG route distributions are of an explicit type (either import or export) and don't inherit an action that depends on where they're associated.

DRG Attachments

The objects that can be attached to a DRG are:

DRG Import Route Distributions and Route Tables

  • Configuration
    • Import route distributions are associated with DRG route tables
    • DRG route tables are associated with attachments
    • Configuration structure is designed to scale to large tenancies
  • Operation
    • Import route distributions control what routes appear in a route table through a declarative policy language

DRG Metrics

  • Metrics available for traffic to/from specific DRg attachments in bytes, packets, and drops.
  • Additional dimensions available for DRG route table, attachment type, and peer region (for RPC)
  • Drop type:
    • Throughput - Packet drops from exceeding the allocated bandwidth.
    • No available route - Drops dueto no route to destination
    • Other - Exceed MTU, TTL expired in transit, packet traverses OCI as transit (on-prem to on-prem)

Labs

Associated labs are: