OCI Foundations - Networking: Difference between revisions

Virtual Cloud Network: Software Defined Network

• Internet Gateway: Bidrectional
• NAT Gateway: Unidirectional (out)
• Service Gateway: Access OCI public services but without Internet
• Dynamic Routing Gateway: Routing to non-public endpoints like on-premise networks

These are created with a VCN:

• Default DHCP options
• Default route tables
• Default security list

VCN Routing

Private Subnet

• Access for patching: -> NAT Gateway -> Internet
• Access to on-premise network -> Dynamic Routing Gateway -> VPN/On-prem network

Public Sunbet

• Access for serving: -> Internet Gateway -> Internet

Local Peering:

• Where networks are in same OCI region
• Networks communicate via Local Peering Gateway

Remote Peering:

• Where networks are in different OCI regions
• Networks communicate via Dynamic Routing Gateway

New: Dynamic Routing Gateway v2

• Up to 300 VCNs can be connected, rather than point-point

VCN Security

Security List: Firewall rules in/out of subnets

Network Security Group: only apply specific vNICs. Therefore different rules can be applied to different NICs in the same subnet.

Load Balancer

Layer 7 LB: HTTP/HTTPS

• Flexible Shape: define min/max from 10 Mbps - 8 Gbps
• Dynamic Shape: define micro/small/medium/large
• Public or Private options
• High available, highly scalable
• Higher routing intelligence

Network LB, Layer 3/4: TCP/UDP/ICMP

• Much lower latency