![[Multi Cloud] AWS-OCI VPN Turnel 이중화 (BGP)_11. BGP에 의한 Dynamic Route Table 및 회고](https://img1.daumcdn.net/thumb/R750x0/?scode=mtistory2&fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdna%2FbQbcdz%2FdJMb9VT4ydi%2FAAAAAAAAAAAAAAAAAAAAAP4I9m9WsMVMfWh1OUdF3OirJWx8kcEWSaJEy0bTDqER%2Fimg.png%3Fcredential%3DyqXZFxpELC7KVnFOS48ylbz2pIh7yKj8%26expires%3D1761922799%26allow_ip%3D%26allow_referer%3D%26signature%3Dv0YhmQwer5VQTqh%252Bi3EIadXR0J8%253D)
11.1. OCI 측 DRG Route tableAWS 측에서 광고 받아 서브넷 정보 동적으로 등록 11.2. AWS 측 Transit gateway Route tableOCI 측에서 광고 받아 서브넷 정보 동적으로 등록 11.3. 회고정말 이중화라는 것은 끝도 없는 것 같다.. 세상에 장애 없는 시스템은 없고, 이를 어디까지 이중화 시키는지에 대한 고민이 당연하게도 필요하다. 예를 들어, 비용적인 부분을 고려하지 않는다면 멀티 리전을 넘어, 멀티 클라우드로까지 고려해 볼 수 있다. 하지만, 누구나 그렇듯 비용적인 부분이 항상 걸림돌이다.AWS 터널에 장애가 발생하면 어쩌나 -> 터널을 이중화하면 되지AWS 서울 리전이 장애가 발생하면 어쩌나 -> 타 리전에 DR을 구축하면 되지AWS 자체에 장애가 발..
![[Multi Cloud] AWS-OCI VPN Turnel 이중화 (BGP)_10. 통신 확인](https://img1.daumcdn.net/thumb/R750x0/?scode=mtistory2&fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdna%2FdXxuWD%2FdJMb9LRxvSc%2FAAAAAAAAAAAAAAAAAAAAADEwwl_7qZDv76OUkdvXWqXZqMNiFJf_NtE_lhpgX9dY%2Fimg.png%3Fcredential%3DyqXZFxpELC7KVnFOS48ylbz2pIh7yKj8%26expires%3D1761922799%26allow_ip%3D%26allow_referer%3D%26signature%3DYuxBGM%252FomyCTrkte2u1jnLvefZY%253D)
통신은 양 측 라우팅 테이블, 방화벽 설정이 완료된 것을 전제로 진행 10.1. Ping10.1.1. AWS → OCI 10.1.2. OCI → AWS 10.2. SSH10.2.1. AWS → OCI 10.2.2. OCI → AWS
![[Multi Cloud] AWS-OCI VPN Turnel 이중화 (BGP)_9. 결과 확인](https://img1.daumcdn.net/thumb/R750x0/?scode=mtistory2&fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdna%2FvVn1M%2FdJMb9OU11Hb%2FAAAAAAAAAAAAAAAAAAAAAJztXhj6NFrfzUJTzDEQTcvmc05TL2mmoaFAcFPl9s7_%2Fimg.png%3Fcredential%3DyqXZFxpELC7KVnFOS48ylbz2pIh7yKj8%26expires%3D1761922799%26allow_ip%3D%26allow_referer%3D%26signature%3DUG78SfRViYjvs9GtnWeUts54Ftk%253D)
9.1. AWS VPN 및 BGP State 9.2. OCI VPN 및 BGP State
![[Multi Cloud] AWS-OCI VPN Turnel 이중화 (BGP)_7. AWS-OCI VPN2 구성 (OCI)](https://img1.daumcdn.net/thumb/R750x0/?scode=mtistory2&fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdna%2FCL8K9%2FdJMb9QFjqVx%2FAAAAAAAAAAAAAAAAAAAAAGXRmTa_CcLQLarwUECLr1Aj8ynMexMrZtpabagwsK0v%2Fimg.png%3Fcredential%3DyqXZFxpELC7KVnFOS48ylbz2pIh7yKj8%26expires%3D1761922799%26allow_ip%3D%26allow_referer%3D%26signature%3DBdFH90UZnMy6w0vnE%252BjAMgPggWo%253D)
7.1. CPE7.1.1. AWS 측 VPN Turnel 2 IP 확인Virtual Private Gateway 항목 확인OCI 측에서 CPE IP에 해당 3.1.2. 설정1. 내비게이션 메뉴 → Networking → Customer connectivity → Customer-premises equipment 2. Create CPE a. Name : b. IP address : c. Vendor : Other 3. 생성 확인 3.2. VPN3.2.1. 기본 생성1. 내비게이션 메뉴 → Networking → Customer connectivity → Site-to-Site VPN 2. Create IPSec connection a. Name : b. Customer-premis..
![[Multi Cloud] AWS-OCI VPN Turnel 이중화 (BGP)_6. AWS-OCI VPN2 구성 (AWS)](https://img1.daumcdn.net/thumb/R750x0/?scode=mtistory2&fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdna%2FlZPXg%2FdJMb9jtS2Uw%2FAAAAAAAAAAAAAAAAAAAAANHL-SF1l2h5NDcAGi4TLQEAFOWFpndIL-6cJknH8rbw%2Fimg.png%3Fcredential%3DyqXZFxpELC7KVnFOS48ylbz2pIh7yKj8%26expires%3D1761922799%26allow_ip%3D%26allow_referer%3D%26signature%3DATKaNbT135OfizLiTWL%252FDnf350c%253D)
6.1. 임시 Customer Gateway6.1.1. 개요OCI 측의 VPN Turnel IP를 Customer Gateway로 생성해야 하지만, 아직 OCI 측 Turnel IP를 모르기 때문에 임시 Customer Gateway를 생성 (2.2.2.2)VPN1 생성 했을 때 사용한 Customer gateway(1.1.1.1)를 사용해도 무방함(단, AWS에서 VPN1과 VPN2를 동시에 생성하는 경우 두 개의 임시 Customer gateway를 생성해야 함) 6.1.2. 설정1. VPC → Customer Gateway → Create customer gateway 클릭 2. Create customer gateway a. Name tag : b. BGP ASN : 31898 (OCI ..
![[Multi Cloud] AWS-OCI VPN Turnel 이중화 (BGP)_5. 결과 확인](https://img1.daumcdn.net/thumb/R750x0/?scode=mtistory2&fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdna%2FcB0kB9%2FdJMb9XdhDxg%2FAAAAAAAAAAAAAAAAAAAAAKBpKQUb6QQWut5n9AwQ5VI_FlIOqKYxA_AeeY4q61Jk%2Fimg.png%3Fcredential%3DyqXZFxpELC7KVnFOS48ylbz2pIh7yKj8%26expires%3D1761922799%26allow_ip%3D%26allow_referer%3D%26signature%3DX6kNxxRNDfXQN%252FGMbbRS8CVcfEk%253D)
5.1. AWS VPN 및 BGP State 5.2. OCI VPN 및 BGP State
![[Multi Cloud] AWS-OCI VPN Turnel 이중화 (BGP)_4. AWS-OCI VPN1 구성 (AWS)](https://img1.daumcdn.net/thumb/R750x0/?scode=mtistory2&fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdna%2Fn4vJQ%2FdJMb9P0IaUq%2FAAAAAAAAAAAAAAAAAAAAADI67KJOoSTHfRt795JjB9wNYMxyZ1--uVLwU8UoufSP%2Fimg.png%3Fcredential%3DyqXZFxpELC7KVnFOS48ylbz2pIh7yKj8%26expires%3D1761922799%26allow_ip%3D%26allow_referer%3D%26signature%3DV%252B3rxNVMPdEiXvqsNHXnkb6gN8w%253D)
4.1. Customer gateway4.1.1. OCI 측 Turnel IP를 가진 정식 Customer gateway 생성1. Create customer gateway a. Name tag : b. BGP ASN : 31898 c. IP address : 2. 생성 확인 4.1.2. VPN 구성 변경1. 이전에 생성한 VPN 선택 → 우측 상단 Actions → Modify VPN connection 클릭 2. Target customer gateway 변경 3. 적용 확인 4.2. PSK (Pre-Shared Key) 변경1. 생성한 VPN 우측 상단 → Actions → Modify VPN turnel options 클릭 2. OCI 측과 연결한 Turnel 선택 3. OCI 측에..
![[Multi Cloud] AWS-OCI VPN Turnel 이중화 (BGP)_3. AWS-OCI VPN1 구성 (OCI)](https://img1.daumcdn.net/thumb/R750x0/?scode=mtistory2&fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdna%2Fcvbnqu%2FdJMb9N9FdRI%2FAAAAAAAAAAAAAAAAAAAAAFOBJuSKqN7I6SbtfGSykytu8x6N7FPlia903jNlCevv%2Fimg.png%3Fcredential%3DyqXZFxpELC7KVnFOS48ylbz2pIh7yKj8%26expires%3D1761922799%26allow_ip%3D%26allow_referer%3D%26signature%3DC9J8h%252B7ll2grAPcygr88Q%252FJ%252FYjw%253D)
3.1. CPE3.1.1. AWS 측 VPN Turnel 1 IP 확인Virtual Private Gateway 항목 확인OCI 측에서 CPE IP에 해당 3.1.2. 설정1. 내비게이션 메뉴 → Networking → Customer connectivity → Customer-premises equipment 2. Create CPE a. Name : b. IP address : c. Vendor : Other 3. 생성 확인 3.2. VPN3.2.1. 기본 생성1. 내비게이션 메뉴 → Networking → Customer connectivity → Site-to-Site VPN 2. Create IPSec connection a. Name : b. Customer-premis..