In Oracle Cloud Infrastructure (OCI), it’s common to deploy workloads across multiple VCNs (Virtual Cloud Networks)—for example, separating EBS, ADW, OAC, and 3rd-party services into their own networks. But how do you enable secure communication between them without exposing traffic over the internet?
That’s where Local Peering Gateways (LPG) and Remote Peering Connections (RPC) come into play.
This blog will break down what LPG and RPC are, when to use them, and how they differ.
What is a Local Peering Gateway (LPG)?
An LPG allows you to connect two VCNs within the same region so they can communicate privately over OCI’s internal network without going through the internet or NAT gateways.
Use Case:
- You have separate VCNs in Ashburn region for EBS and ADW, and want direct private connectivity between them.
- You want to keep network segmentation for compliance but allow selective routing.
Key Features:
- Same region only
- VCNs can be in the same or different compartments
- No cost for peering traffic within the region
- Low latency, high bandwidth communication
- Requires route table and security list updates
What is a Remote Peering Connection (RPC)?
An RPC connects two VCNs across different regions, enabling private and secure communication without traversing the public internet.
Use Case:
- Your primary EBS workload is in Phoenix, but OAC reporting is in Ashburn.
- You want real-time sync between regional services without going through NAT/public IPs.
Key Features:
- Works across regions
- Requires dynamic routing gateways (DRGs) on both VCNs
- Involves remote peering connection (RPC) setup
- Secure and encrypted traffic over OCI backbone
- Still uses private IP communication (not public internet)
📊 LPG vs RPC: What’s the Difference?
|
Feature |
Local Peering Gateway (LPG) |
Remote Peering Connection (RPC) |
|
Scope |
Within same region |
Across different regions |
|
Use Case |
EBS → ADW in same region |
EBS → OAC/ATP across regions |
|
Requires DRG? |
❌ No |
✅ Yes, both VCNs need DRGs |
|
Gateway Type |
LPG |
RPC via DRG |
|
Traffic Path |
OCI regional backbone |
OCI inter-region backbone |
|
Latency |
Lower (regional) |
Slightly higher (due to region distance) |
|
Cost |
No data transfer charges (same region) |
Inter-region data transfer charges apply |
|
Configuration Complexity |
Simple |
More steps (DRG attachments, RPC handshake) |
Implementation Steps
For LPG:
- Create LPG in both VCNs
- Add route rules in both VCN route tables
- Update security lists/NSGs to allow traffic
- Accept the peering request from the other VCN
For RPC:
- Create DRGs in each region and attach to VCNs
- Create RPC in both DRGs
- Establish peering handshake
- Update route tables and security rules
- Validate connectivity (e.g., ping private IPs)
Real-World Scenario
Let’s say a company has:
· EBS workloads in Phoenix VCN
· OAC Analytics in Ashburn
· ADW in the same region as OAC
To securely connect EBS → ADW:
→ Use RPC between Phoenix and Ashburn VCNs (via DRG & RPC setup)
To connect OAC → ADW (both in Ashburn):
→ Use LPG within Ashburn region
This allows low-latency intra-region traffic and secure inter-region sync, all over OCI’s backbone—not the internet.
Best Practices
- Always use LPG where possible to avoid inter-region data costs
- For cross-region architectures, prefer RPC over public endpoints
- Tag your DRGs, RPCs, and LPGs for governance and billing clarity
- Use NSGs (Network Security Groups) for scalable, rule-based access
- Monitor with VNIC Flow Logs and OCI Logging/Monitoring
OCI’s peering capabilities—LPG and RPC—offer the flexibility to architect secure, scalable, and cost-effective multi-VCN topologies. Whether you’re segmenting dev/prod traffic, connecting regional DR sites, or enabling analytics across environments, understanding when and how to use LPG vs RPC is foundational for robust OCI network design.
- GitHub Copilot Coding Agent - May 20, 2025
- Enabling Natural Language Queries in Oracle E-Business Suite with OCI Generative AI - April 20, 2025
- Agentic AI basics – A Simple Introduction - February 8, 2025