Connectivity to other cloud providers – Cloud Adoption Framework

This guidance discusses ways to connect an Azure landing zone architecture to other cloud providers, such as Amazon Web Services (AWS) and Google Cloud Platform (GCP).

The various options differ in speed, latency, reliability, service-level agreements (SLAs), complexity, and costs. This article considers options and makes recommendations.

Note

Microsoft and Oracle partnered to provide high-throughput, low-latency cross-connections between Azure and Oracle Cloud Infrastructure (OCI). For more information, see Connectivity to Oracle Cloud Infrastructure.

Design considerations

  • We consider the following options to connect Azure to another cloud:

    • Option 1: Connect Azure ExpressRoute and the other cloud provider’s equivalent private connection. The customer manages routing.
    • Option 2: Connect ExpressRoute and the other cloud provider’s equivalent private connection. A cloud exchange provider handles routing.
    • Option 3: Use Site-to-Site VPN over the internet. For more information, see Connect on-premises networks to Azure by using Site-to-Site VPN gateways (Learn).

    You can use the following cross-cloud connectivity flow chart as an aid to choosing an option:

    Diagram of cross-cloud connectivity flow chart

    Figure 1: Cross-cloud connectivity flow chart

  • You can only connect an Azure virtual network to another cloud provider’s virtual private cloud (VPC) if the private IP address spaces don’t overlap.

  • Site-to-Site VPN might have lower throughput and higher latency than the ExpressRoute options.

  • Site-to-Site VPN is the fastest deployment option if Azure ExpressRoute and the other cloud provider equivalent aren’t already in use.

  • Routing complexity of Azure ExpressRoute and other cloud provider equivalent with customer-managed routing can be high if not done through a cloud exchange provider.

  • All options are applicable to both the traditional Azure network topology and the Virtual WAN topology.

  • You might need to provide DNS resolution between Azure and the other cloud provider. This configuration might incur extra costs.

  • The FastPath feature of ExpressRoute improves data path performance between Azure and on-premises networks, and between Azure and other cloud providers. When enabled, FastPath sends network traffic directly to virtual machines in the virtual network, bypassing the ExpressRoute gateway. For more information, see About ExpressRoute FastPath.

  • FastPath is available on all ExpressRoute circuits.

  • FastPath still requires a virtual network gateway to be created for route exchange purposes. The virtual network gateway must use either the Ultra Performance SKU or the ErGw3AZ SKU for the ExpressRoute gateway to enable route management.

  • There are configurations that FastPath doesn’t support, such as a UDR on the gateway subnet. For more information, see Limitations in about ExpressRoute FastPath.

Design recommendations

  • Use option 1 or option 2 to avoid use of the public internet, if you require an SLA, if you want predictable throughput, or need to handle data volume transfer. Consider whether to use a customer-managed routing or a cloud exchange provider if you haven’t implemented ExpressRoute already.

  • Create the ExpressRoute circuits for option 1 and option 2 in the connectivity subscription.

  • Use the ExpressRoute circuit of option 1 or option 2 to connect to the hub virtual network of a traditional hub and spoke topology or to the virtual hub for a Virtual WAN topology. For more information, see Figure 2 and Figure 3.

    Figure 2: Cross-cloud connectivity with customer-managed routing (option 1)

    Figure 2: Cross-cloud connectivity with customer-managed routing (Option 1)

    Figure 3: Cross-cloud connectivity with a cloud exchange provider (option 2).

    Figure 3: Cross-cloud connectivity with a cloud exchange provider (Option 2)

  • If you need to minimize latency between Azure and another cloud provider, consider deploying your application in a single virtual network with an ExpressRoute gateway, and enable FastPath.

    Figure 4: Cross-cloud connectivity with FastPath enabled

    Figure 4: Cross-cloud connectivity with FastPath enabled

  • If ExpressRoute isn’t required or not available, you can use Site-to-Site VPN over the internet to connect between Azure and another cloud provider.

    Cross-cloud connectivity using Site-to-Site VPN over the internet.

    Figure 5: Cross-cloud connectivity using site-to-site VPN over the Internet

Next steps

To learn more about connectivity to Oracle Cloud Infrastructure (OCI), see Connectivity to Oracle Cloud Infrastructure.

Source Article