{OCI 仮想クラウド・ネットワーク} ローカル・ピアリング・ゲートウェイを使用したローカルVCNピアリング

https://qiita.com/shirok/items/79e85af83cee040aa62d

https://docs.oracle.com/ja-jp/iaas/Content/Network/Tasks/localVCNpeering.htm

-- 1. コンパートメント

oci iam compartment create \
--compartment-id ocid1.tenancy.oc1..000000000000000000000000000000000000000000000000000000000000 \
--description cmp01 \
--name cmp01

oci iam compartment list \
--query 'data[?"name"==`'cmp01'`].id | [0]' \
--raw-output

oci iam compartment delete \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--force

-- 2. VCN

oci network vcn list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000

oci network vcn create \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--cidr-block 10.1.0.0/16 \
--display-name vcn01 \
--dns-label vcn01

oci network vcn create \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--cidr-block 10.2.0.0/16 \
--display-name vcn02 \
--dns-label vcn02

oci network vcn list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--query 'data.{"display-name":"display-name","id":"id"}' \
--raw-output

oci network vcn delete \
--vcn-id ocid1.vcn.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--force

-- 3. サブネット

oci network subnet list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000

oci network subnet create \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--vcn-id ocid1.vcn.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--display-name subnet01 \
--dns-label subnet01 \
--cidr-block 10.1.0.0/24

oci network subnet create \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--vcn-id ocid1.vcn.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--display-name subnet02 \
--dns-label subnet02 \
--cidr-block 10.2.0.0/24

oci network subnet list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--query 'data.{"display-name":"display-name","id":"id"}' \
--output table

oci network subnet delete \
--subnet-id ocid1.subnet.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--force

-- 4. インターネット・ゲートウェイ

oci network internet-gateway list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000

oci network internet-gateway create \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--vcn-id ocid1.vcn.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--is-enabled true \
--display-name igw01

oci network internet-gateway list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--query 'data[?"display-name"==`'igw01'`].id | [0]' \
--raw-output

oci network internet-gateway delete \
--ig-id ocid1.internetgateway.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--force

-- 5. ローカル・ピアリング・ゲートウェイ

oci network local-peering-gateway list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000

oci network local-peering-gateway create \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--vcn-id ocid1.vcn.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--display-name lpg01

oci network local-peering-gateway list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--query 'data.{"display-name":"display-name","id":"id"}' \
--output table

oci network local-peering-gateway delete \
--local-peering-gateway-id ocid1.localpeeringgateway.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--force

-- 6. Peering接続設定

oci network local-peering-gateway connect \
--local-peering-gateway-id ocid1.localpeeringgateway.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--peer-id ocid1.localpeeringgateway.oc1.iad.000000000000000000000000000000000000000000000000000000000000

逆方向も自動でピアリング済みとなる

-- 7. ルート表

oci network route-table list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000

oci network route-table create \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--vcn-id ocid1.vcn.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--display-name rt01 \
--route-rules '[
{"destination":"0.0.0.0/0","networkEntityId":"ocid1.internetgateway.oc1.iad.000000000000000000000000000000000000000000000000000000000000"},
{"destination":"10.2.0.0/24","networkEntityId":"ocid1.localpeeringgateway.oc1.iad.000000000000000000000000000000000000000000000000000000000000"},
]'

oci network route-table create \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--vcn-id ocid1.vcn.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--display-name rt02 \
--route-rules '[
{"destination":"10.1.0.0/24","networkEntityId":"ocid1.localpeeringgateway.oc1.iad.000000000000000000000000000000000000000000000000000000000000"},
]'

oci network route-table list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--query 'data.{"display-name":"display-name","id":"id"}' \
--output table

oci network route-table delete \
--rt-id ocid1.routetable.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--force

サブネットが使用するVCNルート表の変更

oci network subnet update \
--subnet-id ocid1.subnet.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--route-table-id ocid1.routetable.oc1.iad.000000000000000000000000000000000000000000000000000000000000

★ルート表削除前にサブネットにアタッチしたルート表をデフォルトルート表に変更必要
oci network subnet update \
--subnet-id ocid1.subnet.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--route-table-id ocid1.routetable.oc1.iad.000000000000000000000000000000000000000000000000000000000000

-- 8. セキュリティ・リスト

oci network security-list list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000

oci network security-list create \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--vcn-id ocid1.vcn.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--ingress-security-rules '[
{"source": "0.0.0.0/0", "protocol": "6", "isStateless": false, "tcpOptions": {"destinationPortRange": {"max": 22, "min": 22}, "sourcePortRange": null }},
{"source": "10.2.0.0/24", "protocol": "all", "isStateless": false }
]' \
--egress-security-rules '[
{"destination": "0.0.0.0/0", "protocol": "all", "isStateless": false }
]' \
--display-name sl01

oci network security-list create \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--vcn-id ocid1.vcn.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--ingress-security-rules '[
{"source": "10.1.0.0/24", "protocol": "all", "isStateless": false }
]' \
--egress-security-rules '[
{"destination": "0.0.0.0/0", "protocol": "all", "isStateless": false }
]' \
--display-name sl02

oci network security-list list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--query 'data.{"display-name":"display-name","id":"id"}' \
--output table

oci network security-list delete \
--security-list-id ocid1.securitylist.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--force

サブネットが使用するセキュリティ・リストの変更

oci network subnet update \
--subnet-id ocid1.subnet.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--security-list-ids '[
"ocid1.securitylist.oc1.iad.000000000000000000000000000000000000000000000000000000000000",
]' \
--force

★セキュリティ・リスト削除前にサブネットにアタッチしたセキュリティ・リストをデフォルトセキュリティ・リストに変更必要
oci network subnet update \
--subnet-id ocid1.subnet.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--security-list-ids '[
"ocid1.securitylist.oc1.iad.000000000000000000000000000000000000000000000000000000000000",
]' \
--force

-- 9. インスタンス作成

oci compute instance launch \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--availability-domain OEIw:US-ASHBURN-AD-1 \
--subnet-id ocid1.subnet.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--assign-public-ip true \
--boot-volume-size-in-gbs 50 \
--display-name vm01 \
--fault-domain FAULT-DOMAIN-1 \
--image-id ocid1.image.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--shape VM.Standard.E2.1 \
--ssh-authorized-keys-file "$HOME/.ssh/id_rsa.pub"

oci compute instance launch \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--availability-domain OEIw:US-ASHBURN-AD-2 \
--subnet-id ocid1.subnet.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--assign-public-ip false \
--boot-volume-size-in-gbs 50 \
--display-name vm02 \
--fault-domain FAULT-DOMAIN-2 \
--image-id ocid1.image.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--shape VM.Standard.E2.1 \
--ssh-authorized-keys-file "$HOME/.ssh/id_rsa.pub"

oci compute instance list \
--compartment-id ocid1.compartment.oc1..000000000000000000000000000000000000000000000000000000000000 \
--query 'data.{"display-name":"display-name","id":"id","lifecycle-state":"lifecycle-state"}' \
--output table

oci compute instance terminate \
--instance-id ocid1.instance.oc1.iad.000000000000000000000000000000000000000000000000000000000000 \
--force

-- 10. 動作確認

scp -i $HOME/.ssh/id_rsa $HOME/.ssh/id_rsa opc@192.0.2.1:/home/opc

ssh -i $HOME/.ssh/id_rsa opc@192.0.2.1

ping 10.2.0.27

ssh -i $HOME/id_rsa opc@10.2.0.27