OCI Foundations - Networking: Difference between revisions
Jump to navigation
Jump to search
NickPGSmith (talk | contribs) No edit summary |
NickPGSmith (talk | contribs) m (6 revisions imported) |
||
| (4 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
== Introduction == | |||
Virtual | Virtual Cloud Network: Software Defined Network | ||
Internet Gateway: Bidrectional | * Internet Gateway: Bidrectional | ||
NAT Gateway: Unidirectional (out) | * NAT Gateway: Unidirectional (out) | ||
Service Gateway: Access OCI public services but without Internet | * Service Gateway: Access OCI public services but without Internet | ||
Dynamic Routing Gateway: Routing to non-public endpoints like on-premise networks | * Dynamic Routing Gateway: Routing to non-public endpoints like on-premise networks | ||
These are created with a VCN: | These are created with a VCN: | ||
* Default DHCP options | * Default DHCP options | ||
* Default route tables | * Default route tables | ||
* | * Default security list | ||
== VCN Routing == | == VCN Routing == | ||
| Line 18: | Line 19: | ||
* Access to on-premise network -> Dynamic Routing Gateway -> VPN/On-prem network | * Access to on-premise network -> Dynamic Routing Gateway -> VPN/On-prem network | ||
Public | Public Subnet | ||
* Access for serving: -> Internet Gateway -> Internet | * Access for serving: -> Internet Gateway -> Internet | ||
Latest revision as of 04:53, 8 May 2024
Introduction
Virtual Cloud Network: Software Defined Network
- Internet Gateway: Bidrectional
- NAT Gateway: Unidirectional (out)
- Service Gateway: Access OCI public services but without Internet
- Dynamic Routing Gateway: Routing to non-public endpoints like on-premise networks
These are created with a VCN:
- Default DHCP options
- Default route tables
- Default security list
VCN Routing
Private Subnet
- Access for patching: -> NAT Gateway -> Internet
- Access to on-premise network -> Dynamic Routing Gateway -> VPN/On-prem network
Public Subnet
- Access for serving: -> Internet Gateway -> Internet
Local Peering:
- Where networks are in same OCI region
- Networks communicate via Local Peering Gateway
Remote Peering:
- Where networks are in different OCI regions
- Networks communicate via Dynamic Routing Gateway
New: Dynamic Routing Gateway v2
- Up to 300 VCNs can be connected, rather than point-point
VCN Security
Security List: Firewall rules in/out of subnets
Network Security Group: only apply specific vNICs. Therefore different rules can be applied to different NICs in the same subnet.
Load Balancer
Layer 7 LB: HTTP/HTTPS
- Flexible Shape: define min/max from 10 Mbps - 8 Gbps
- Dynamic Shape: define micro/small/medium/large
- Public or Private options
- High available, highly scalable
- Higher routing intelligence
Network LB, Layer 3/4: TCP/UDP/ICMP
- Much lower latency