OCI Foundations - Networking

From Smithnet Wiki
Jump to navigation Jump to search

Introduction

Virtual Cloud Network: Software Defined Network

  • Internet Gateway: Bidrectional
  • NAT Gateway: Unidirectional (out)
  • Service Gateway: Access OCI public services but without Internet
  • Dynamic Routing Gateway: Routing to non-public endpoints like on-premise networks

These are created with a VCN:

  • Default DHCP options
  • Default route tables
  • Default security list

VCN Routing

Private Subnet

  • Access for patching: -> NAT Gateway -> Internet
  • Access to on-premise network -> Dynamic Routing Gateway -> VPN/On-prem network

Public Subnet

  • Access for serving: -> Internet Gateway -> Internet

Local Peering:

  • Where networks are in same OCI region
  • Networks communicate via Local Peering Gateway

Remote Peering:

  • Where networks are in different OCI regions
  • Networks communicate via Dynamic Routing Gateway

New: Dynamic Routing Gateway v2

  • Up to 300 VCNs can be connected, rather than point-point

VCN Security

Security List: Firewall rules in/out of subnets

Network Security Group: only apply specific vNICs. Therefore different rules can be applied to different NICs in the same subnet.

Load Balancer

Layer 7 LB: HTTP/HTTPS

  • Flexible Shape: define min/max from 10 Mbps - 8 Gbps
  • Dynamic Shape: define micro/small/medium/large
  • Public or Private options
  • High available, highly scalable
  • Higher routing intelligence

Network LB, Layer 3/4: TCP/UDP/ICMP

  • Much lower latency