top of page
Search

OCI Networking Explained

  • Jason Beattie
  • Apr 25, 2024
  • 4 min read

Updated: Jan 8

Author: Jason Beattie


Overview


In this blog, we’ll introduce the key virtual networking components within Oracle Cloud Infrastructure (OCI). Understanding these components is critical when building a robust cloud environment. We will explore Virtual Cloud Network (VCN) resources, their purpose, and how they work together to form a functional network.


Prerequisites


Before creating a VCN, ensure the following steps are in place:

  1. Your tenancy is provisioned.

  2. Create a Compartment. A compartment groups related resources such as VMs, networks, and storage, with access controlled by policies.


Core Virtual Networking Components


1. Virtual Cloud Network (VCN)


The VCN acts as your cloud-based virtual network, functioning similarly to traditional on-premises networks. It hosts resources such as subnets, gateways, and route tables.


VCN Requirements:


  • You must define a CIDR block (Classless Inter-Domain Routing).

  • Each VCN requires at least one subnet to run instances.


2. CIDR Blocks – Required


A CIDR block defines the IP address range of your VCN. OCI supports CIDR blocks from /16 to /30.


Example:


  • CIDR Block: 10.1.0.0/28

  • Usable IP Range: 10.1.0.1 – 10.1.0.15


Note: Ensure the CIDR block does not overlap with on-premises networks or peered VCNs.


3. Subnets – Required


Subnets are subdivisions of the VCN’s CIDR block. Subnets can be:


  • Regional: Spread across all Availability Domains (ADs).

  • AD-Specific: Limited to a single AD.


Subnets allow logical segregation of resources, such as separating public and private workloads.


4. Route Tables – Required


Route tables contain rules that determine how traffic is directed outside the VCN.


Example Rule:


  • Route to the internet: Target = Internet Gateway


Each subnet must be associated with a route table, even if it’s the default one.


5. Internet Gateway – Optional


An Internet Gateway allows instances within a subnet to access the public internet. After creating the gateway, update the route table to direct internet-bound traffic to the Internet Gateway.


6. Dynamic Routing Gateway (DRG) – Optional


A DRG enables secure communication between:


  • Your VCN and on-premises networks using IPSec VPN or FastConnect.


Attach the DRG to the VCN before configuring the connection.


7. Network Security Groups (NSGs) – Optional


NSGs provide a way to group resources and apply security rules at the VNIC level. This is an alternative to subnet-wide security lists.


Key Features:


  • NSGs contain ingress (inbound) and egress (outbound) rules.

  • Rules apply only to VNICs attached to the NSG.


8. Security Lists – Required


Security lists act as virtual firewalls for a subnet, defining rules for allowed inbound (ingress) and outbound (egress) traffic.


Default Security List:OCI creates a default list, which should be edited to meet your security needs.


9. DHCP Options – Optional


Dynamic Host Configuration Protocol (DHCP) options provide IP addressing and DNS configuration to instances at boot time.


10. Local Peering Gateways (LPG) – Optional


LPGs enable VCN-to-VCN communication within the same region without using the internet.


Use Case: Interconnect multiple VCNs for a hub-and-spoke network architecture.


11. NAT Gateway – Optional


A NAT Gateway allows instances without public IP addresses to access the internet for software updates and patching while preventing incoming traffic.


12. Service Gateway – Optional


The Service Gateway allows VCN resources to privately access Oracle services such as:

  • Object Storage

  • Autonomous Database


Oracle Cloud Infrastructure Terminology


Understanding OCI terminology is essential when designing your network. Oracle provides an official guide to key terms and concepts. Refer to the OCI Documentation for further clarification.


OCI Network Architecture


Here’s an example of a simple OCI network architecture:


  • A VCN attached to three subnets (public, private, and isolated).

  • Internet Gateway for public-facing resources.

  • NAT Gateway for private resources needing outbound internet access.

  • DRG connected via IPSec VPN for hybrid cloud connectivity.


Network Visualizer


Once the VCN is created, OCI provides a Network Visualizer that automatically maps your network layout. It displays:


  • Connections between VCNs and on-premises endpoints.

  • Security rules and route configurations.


This tool simplifies troubleshooting and provides a visual understanding of your architecture.


Steps to Create a Basic VCN


  1. Create a Tenancy.

  2. Set up a Compartment for resource organization.

  3. Create a VCN and define the CIDR block.

  4. Add Resources:

    • Subnets

    • Gateways (Internet, NAT, DRG)

    • Route Tables

    • Security Rules (NSGs or Security Lists)


Simplifying Deployment with QuickStart Wizard


OCI offers a QuickStart Wizard to automate VCN creation. The wizard guides you through:

  • Creating a VCN.

  • Setting up subnets, gateways, and route tables.

  • Configuring security rules.


This feature is ideal for beginners or for quickly spinning up test environments.


Conclusion


Oracle Cloud Infrastructure provides a robust and flexible virtual networking environment. By understanding each VCN component and its function, you can design secure and efficient networks tailored to your needs.


In Summary:


  • Start by creating a compartment and VCN.

  • Add the required resources such as subnets, route tables, and security rules.

  • Use optional components like NAT Gateways, DRGs, and LPGs to enhance connectivity.


Tip: Plan ahead and document your CIDR blocks, route tables, and security rules before deployment. This will save time and reduce configuration errors.

Opmerkingen

Beoordeeld met 0 uit 5 sterren.
Nog geen beoordelingen
Voeg een beoordeling toe
Post: Blog2 Post
  • LinkedIn

©2023 Proudly created with Wix.com

bottom of page