In this blog post, I will be covering Everything you should know about oci networking such as OCI VCN, IGW, SGW, SL, RT, and in the last, I will go over a case study of deploying Oracle EBS R12 on OCI.
- Overview Of OCI Network
- OCI Network Architecture
- Components of Networking in OCI
- Case Study: Networking In EBS R12 on OCI
The Oracle Cloud Infrastructure (OCI) is built on 5 pillars that are IAM, Networking, Compute, Storage & Database. Networking is a very important and complex topic in Oracle Cloud Infrastructure Architect. Networking allows communication between different resources in the OCI environment.
Overview Of Networking
After provisioning a new tenancy in OCI (creating root compartment). One of the first things to do is to create a Networking environment (VCN). OCI VCN allows different resources in OCI to communicate with each other within and outside a region.
In the below video, I have covered the things you must know about OCI Networking
OCI Networking Architecture
A typical OCI networking architecture has the following network components:
- Virtual Cloud Network (VCN) and inside this VCN, we have three subnets.
- One public subnet for bastion host and load balancer, and two private subnets, one for application host and one for database host.
- An Internet Gateway to connect to the internet from public subnet.
- A Service Gateway to access OCI Object Storage and other OCI services.
- A Dynamic Routing Gateway (DRG) for private access from an on-premises data center to OCI.
Check out: List of Free Oracle Cloud Certification
Components Of OCI Network
The Networking service in Oracle Cloud Infrastructure uses virtual versions of traditional network components you might already be familiar with:
What is VCN in OCI
- It is the first thing you create in order to make your OCI services accessible via the internet or via VPN (Private network)
- A software-defined version of a traditional physical network including subnet, route tables, and gateways
- VCN Resides within a single Region but can cross multiple Availability Domain (AD)
Read: How to setup a Virtual Cloud Network (VCN) in OCI
Subnet
- Bigger Network divided into multiple smaller networks
- A subnet can be AD specific or regional
- You can have multiple subnets in an Availability Domain (AD)
- There are two types of Subnets
- Public Subnet: In which public-facing resources reside like instance, load balancer, object storage.
- Private Subnet: In which highly secured resources reside like Database.
Read: Subnets in OCI
Route Table
VCN uses virtual route tables to send traffic out of the VCN (for example, to the internet, to your on-premises network, or to a peered VCN). These route tables have route rules that provide mapping for traffic from subnet via gateways to other subnets or destinations outside VCN
Each rule specifies a destination CIDR block and the target (the next hop) for any traffic that matches that CIDR.
Security List
Security List is a common set of firewall rules associated with a subnet and applied to all compute instances in that subnet. Security List specifies two types of traffic allowed:
- Ingress: Incoming Traffic
- Egress: Outgoing Traffic
Firewall rules in OCI are defined at the subnet level and not at compute instance level.
Network Security Group
Network Security Groups are another method for implementing security rules. NSGs provides a virtual firewall for a set of Cloud resources that have the same security posture.
Read our blog to know more about Network Security Groups Vs. Security List: When to use What?
Gateways
There are 5 gateways in OCI Networking:
1) Internet Gateway (IG): It provides a path for network traffic between the internet and OCI VCN. Compute Instance in Public Subnet by default won’t be able to connect to the internet without IG.
2) NAT Gateway: It gives resources without public IP addresses access to the internet without allowing incoming traffic from the internet to that resources.
3) Service Gateway: It allows OCI resources to access public OCI services without the use of the Internet or NAT Gateway Eg: Object Storage.
4) Dynamic Routing Gateway (DRG): DRG provides a single point of entry for remote network paths coming into VCN. It provides a path for VCNs to communicate across regions or outside the region to On-premise. Each VCN can have a single DRG.
5) Local Peering Gateway (LPG): Used to establish communication between resources of different VCNs within a Region.
Read our blog to know more in detail about Gateways in OCI: Internet Gateway, NAT Gateway, Service Gateway, Dynamic Routing Gateway
Load Balancer
Load Balancer is used to distribute the traffic coming from a source to multiple backend servers. It improves resource utilization, scaling & high availability. We can create a public or private load balancer within a VCN.
- Public load balancer has a public IP address that is accessible from the internet.
- Private load balancer has an IP address from the hosting subnet, which is visible only within your VCN.
Read: Load Balancer in OCI.
On-Premise Connectivity With Oracle Cloud
To establish a connection between OCI VCN & On-prem Datacenter we use DRG. There are two ways (VPN Connect & FastConnect) to establish this type of connection.
VPN Connect
- OCI VPN securely connects the on-premise network to OCI VCN through an IPSec VPN connection
- IPSec: Internet Protocol Security is a network protocol that ATN & encrypts data packets sent over the network
Fast Connect
- Connects existing network to VCN over a private physical network instead of the internet
- There are two ways to connect with FastConnect
- Colocation: By Co-locating with Oracle in a FastConnect Location
- Provider: By Connecting to a FastConnect Provider
Read: VPN Connect
VCN Peering
- VCN Peering is the process of connecting multiple virtual cloud networks (VCN)
- With peering, instances in two VCNs communicate as if they are in the same network
- VCN Peering can be of two types Local VCN Peering (within Region) using LPG & Remote VCN Peering (across Regions) using DRG.
- Local VCN Peering(LPG): The process of creating a path between VCNs for communication in a single region.
- Remote Peering Connection: The process of creating a path between VCNs communication across regions.
- Local VCN Peering is supported in all OCI Regions.
Transit Routing
Transit routing is a process of accessing resources in multiple VCNs across various regions or from the On-premise Datacenter using a single VCN. It follows the Hub-Spoke concept in which we have access to only the Hub VCN and all other VCNs are connected to Hub VCN using Local Peering.
Check out our blog to know more about Transit routing in OCI.
Microsoft Azure & OCI Interconnect
This cross-cloud interlink enables customers to migrate and run mission-critical enterprise workloads across Microsoft Azure and Oracle Cloud Infrastructure (OCI). It is done using express route and FastConnect.
To know more check out our blog on Microsoft & OCI interconnect.
Case Study: Networking In EBS R12 on OCI
So far we have discussed all the networking components in OCI, now let’s discuss a Case Study: Deploying networking components of Oracle EBS R12 on OCI for Single AD, Single Region.
Read our blog to know more about OCI Availability Domain (AD) & Regions.
A typical EBS environment has three tiers:
1) Client tier: The EBS client installed on a desktop or laptop
2) Application Tier: Here we will deploy application servers such as EBS R12 compute instances.
3) Database Tier: Here we will deploy the database, which could be a VMDB, BMDB, Exadata, or DB on Compute.
In this case study, we have the following network components:
- Virtual loud Network (VCN) inside we have deployed application and database tier.
- We have three subnets inside this VCN. One public subnet for our bastion host and two private subnets, one for application tier and one for database tier.
- An Internet Gateway to connect to the internet from public subnet.
- A Service Gateway to access OCI Object Storage and other OCI services.
- A Dynamic Routing Gateway (DRG) for private access from an on-premises data center to EBS application.
For deploying Oracle EBS R12 on OCI, you have to create network resources in OCI as mentioned below:
- Create a Virtual Cloud Network (VCN), this will be the network inside which your EBS Database Tier and Application Tier will reside.
Note: You can use an existing VCN if already created in OCI or create a new one. - Create Subnets inside VCN created earlier.
a) One to host Bastion Server
b) One to host EBS Application Tier, that is your EBS compute instances
c) One to host Database Tier
d) One to host Primary & Secondary Load Balancer for EBS Apps Tier - Create Internet Gateway (IGW), this will be used in this network on OCI needs to talk to the Internet.
- Create Route Tables (of target type as Internet Gateway), one for EBS Compute instance, one for database instance and one for Load Balancer, and all connecting to IGW created in the previous step.
- Create Security Lists (Firewall), one for EBS Compute instance, one for database instance, and one for Load Balancer.
Read our blog to know more about Oracle EBS (R12) On Cloud Deployment Architecture
Related/Further Readings
-
- Virtual Networking (VCN) Quickstart In Oracle Cloud (OCI)
- Network Security Groups (NSGs) Vs. Security List (SL): When to use What?
- Transit Routing: Access To Multiple VCNs From On-Premise
- [Video 3 of 5] Oracle Cloud: Create VCN, Subnet, Firewall (Security List), IGW, DRG: Step By Step
- [Video 4 of 5] What Is Load Balancer In Oracle Cloud (OCI) & How To Create: Step By Step
- [Q/A] Oracle Cloud Infrastructure Architect Training Day 3: Networking (VCN, Subnets, Gateways, Route Tables, Security List)
- IAM In OCI – User, Groups, Compartment, Policy, Tags, Federation & MFA
- OCI Regions | OCI Availability Domain | Oracle Cloud Region | OCI Realms
- Oracle Cloud Observability and Management Platform: Everything You Need to Know
Begin Your Cloud Journey
Begin your journey towards becoming an Oracle Cloud Expert and earn a lot more in 2024 by joining our FREE CLASS. You will also know more about the Roles and Responsibilities, Job opportunities for OCI Architects, Admins in the market, and what to study Including Hands-On labs you must perform to get the Higher Paying jobs.
Click on the below image to Register for Our FREE Class on MASTERING ORACLE CLOUD FOR DBAs, APPs DBAs, ARCHITECTS & SYS ADMINS
Sunil says
Very well explained in most simplified manner. Thanks Atul.
Atul Kumar says
Thanks Sunil. Glad that you liked networking concepts in OCI for 1Z0-932 Atul
Raj says
Appreciate your efforts in explaining the key details in short (to the point that is required).
Thank you so much
Rahul Dangayach says
Hi Raj,
We are glad that you liked our blog!
Please stay tuned for more informative blogs like this.
Thanks & Regards
Rahul Dangayach
Team K21 Academy
Satish says
It’s very nice blog as always
Rahul Dangayach says
Hi Satish,
We are glad that you liked our blog!
Please stay tuned for more informative blogs like this.
Thanks & Regards
Rahul Dangayach
Team K21 Academy
Ashish says
This is detailed with simple and imp points explained with Archs. Thaks a lot please.
Rahul Dangayach says
Hi Ashish,
We are Glad you liked our blog.
Please stay tuned for more informative blogs.
Thanks and Regards
Rahul Dangayach
Team K21 Academy
Netravati says
really good blog explained in very simple way.
Thanks Atul.
Rahul Dangayach says
Hi Netravati,
We are Glad you liked our blog.
Please stay tuned for more informative blogs.
Thanks and Regards
Rahul Dangayach
Team K21 Academy