OCI Foundations - Networking
Jump to navigation
Jump to search
Introduction
Virtual Cloud Network: Software Defined Network
- Internet Gateway: Bidrectional
- NAT Gateway: Unidirectional (out)
- Service Gateway: Access OCI public services but without Internet
- Dynamic Routing Gateway: Routing to non-public endpoints like on-premise networks
These are created with a VCN:
- Default DHCP options
- Default route tables
- Default security list
VCN Routing
Private Subnet
- Access for patching: -> NAT Gateway -> Internet
- Access to on-premise network -> Dynamic Routing Gateway -> VPN/On-prem network
Public Subnet
- Access for serving: -> Internet Gateway -> Internet
Local Peering:
- Where networks are in same OCI region
- Networks communicate via Local Peering Gateway
Remote Peering:
- Where networks are in different OCI regions
- Networks communicate via Dynamic Routing Gateway
New: Dynamic Routing Gateway v2
- Up to 300 VCNs can be connected, rather than point-point
VCN Security
Security List: Firewall rules in/out of subnets
Network Security Group: only apply specific vNICs. Therefore different rules can be applied to different NICs in the same subnet.
Load Balancer
Layer 7 LB: HTTP/HTTPS
- Flexible Shape: define min/max from 10 Mbps - 8 Gbps
- Dynamic Shape: define micro/small/medium/large
- Public or Private options
- High available, highly scalable
- Higher routing intelligence
Network LB, Layer 3/4: TCP/UDP/ICMP
- Much lower latency