OAC to GCP private google access

Question

Google has a concept called Private Google Access which allows their customers to access GCP services across their private links (Cloud Interconnects, Cloud VPN) instead of over the public internet.

We are trying to leverage Private Google Access to control the traffic path from our on-prem datacenters as well as our network connected partner networks (like OCI).  The OCI side of the equation works if we follow through the standard deployment pattern of superseding resolution for the google apis to the restricted IP ranges but when OAC has a data source configured to use the BigQuery data connector all the traffic traverses the public internet regardless of the configuration in OCI.

references:

https://cloud.google.com/vpc-service-controls/docs/private-connectivity

https://cloud.google.com/vpc-service-controls/docs/set-up-private-connectivity

GayathriAnand-Oracle · Answer

Ok Thanks for this update, seems you already have confirmation that this is currently a limitation in the way oac establishes connections. Will see if PMs in this forum have anything more to add to this thread. @Alan Lee - Oracle-Oracle

User_D8D29 · Answer

Already done and they said this is a defect in the bigquery connector from OACs side.    We can stand up a compute and validate that our internal routing and dns override works as designed but once OAC attempts to do a schema validation or pull data from a test query it traverses the public internet and never attempts any traffic across the private channel.

We have validated that the private channel can be used for our on-prem infrastructure so we know that part is working as well from OAC.

GayathriAnand-Oracle · Answer

Hi

Analyzing this issue will require looking into your networking setup, oac private access channel setup, etc. Kindly create SR with Oracle Support so we can assist you further.

Thank you

Gayathri