Technical and Product News and Insights from Rackspace
This post gives an overview of the components that are part of the Oracle® Cloud Infrastructure (OCI) network.
An OCI network comprises the following components:
You need to create a Virtual Cloud Network (VCN) before you launch an instance to work in an OCI network. The VCN is like the traditional data center network and includes subnets, route tables, and gateways.
The VCN resides within a single region but can cross multiple availability domains (AD) that cover a single, contiguous IPv4 Classless Inter-Domain Routing (CIDR) block. When you delete a VCN, you should remove the attached gateways and make sure the subnets are empty.
VCNs automatically come with the following default components that you cannot delete:
Each subnet you create has the following components associated with it:
If you do not specify the preceding components, the subnet automatically uses the default VCN components.
A subnet is a subdivision of the VCN and can be either a specific or regional AD. Oracle recommends using regional subnets because they are more flexible.
You can have multiple subnets in an AD that use the same route table, security lists, and DHCP options. Subnets contain virtual network interface cards, which are attached to the instances. Each subnet has a contiguous range of IPs, and the IP ranges cannot overlap.
You can designate subnets as either of the following choices:
In the following diagram, the ADs each have one or more datacenters located within a region (local geographical area). The region is composed of three availability domains.
A virtual network interface card (VNIC) enables an instance to connect to a VCN and determines how the instance connects with endpoints inside and outside of a VCN.
The primary VNIC is attached to each instance during launch, and you cannot remove it. You can attach secondary VNICs and remove them from an existing instance that is in the same availability domain as the primary VNIC.
Security lists are virtual firewall rules for the VCN and provide information about the following types of traffic:
There are two types of rules:
The security rules are enforced at an instance level, even though they are associated at the subnet level.
Use route tables to send traffic out of the VCN, which consists of route rules with the following elements:
You don’t need route rules to enable traffic within the VCN itself.
Permissible target types for route rules include the following ones:
A dynamic routing gateway routes private network traffic between your VCN and on-premises network by using either an IPSec VPN, FastConnect, or a peered VCN in another region.
Use an Internet gateway for public subnets that access the Internet directly. The public subnet must have a route table and use a security list to control the traffic in and out of the resources. Internet gateways support connections initiated within VCN and from the Internet, such as from web servers.
Use a Network Address Translation (NAT) gateway for resources that have the following qualities:
The public IP is automatically assigned to the NAT gateway, and you cannot choose or use the reserved public IP addresses. A database system that needs to download patches from the Internet might use a NAT gateway.
Use a service gateway for subnets that need private access to Oracle services, such as an autonomous database.
The subnets that need private access to a peered VCN in the same region communicate by using private IP addresses. The two VCN’s in the peering network cannot have overlapping CIDRs.
Set up your OCI network by creating the VCN, subnets, internet gateway, NAT gateway, service gateway with basic security list rules. In just a couple of guided steps the Virtual Networking QuickStart wizard console, you can quickly create the VCN and other components described in this post.
Use the Feedback tab to make any comments or ask questions. You can also click Sales Chat to chat now and start the conversation.