An Oracle Cloud Infrastructure (OCI) Virtual Cloud Network (VCN) is a virtual version of a traditional network—including subnets, route tables, and gateways—on which your instances run.
There are different kinds of gateways supported in OCI for different purposes as shown in Table 1. Before we start, read this companion article first:
Notes:
Instances use IP addresses for communication. Each instance has at least one private IP address and at least one optional public IP address:
Virtual Cloud Network (VCN) is a virtual cloud network that you set up in Oracle data centers and it's private.
Figure 1. Sample OAC Architecture Diagram (Source: [3])
There are different kinds of gateways supported in OCI for different purposes as shown in Table 1. Before we start, read this companion article first:
OCI―Knowing Virtual Cloud Network Basics
Gateway1 | Usage |
Internet Gateway (IGW) |
Public VCN <-----> Internet Gateway (Public IP address) <-------> Internet |
Dynamic Routing Gateway (DRG) |
On-premises network
<----DRG---> Private
VCN
Private
VCN
(region A)
<---DRG---> Private
VCN
(region B)
|
NAT Gateway |
Private
VCN -----> NAT Gateway (Public IP address) <-------> Internet
VCN
---OK---> Internet
VCN <---NO--- Internet |
Service Gateway | Private
VCN <-----> Service
Gateway <------->
Public OCI
Service (e.g. Object Storage) No need for Public IP address on VCN or access to Internet |
Local Peering Gateway2 | Private
VCN (region
A) <----->
Private VCN
(region A) With Private IP address and Private network traffic |
Table 1. Gateways supported in OCI
Notes:
- Traffic between a given VCN and gateway is controlled by the VCN's route table and security lists.
- After creating an IGW or attaching a DRG, you must add a route for the IGW/DRG in the VCN's route table to enable traffic flow. You can watch video above for more information.
- Without peering, a given VCN would need an internet gateway
and public IP addresses for the instances that need to
communicate with another VCN.
Public IP vs Private IP
Instances use IP addresses for communication. Each instance has at least one private IP address and at least one optional public IP address:
- Private IP address
- Enables the instance to communicate with other instances inside the VCN, or with hosts in your on-premises network (via an IPSec VPN or Oracle Cloud Infrastructure FastConnect).
- Each instance receives a primary private IP object during launch.
- The private IP object is terminated when the instance is terminated.
- Public IP address (optional)
- Enables the instance to communicate with hosts on the internet.
- A private IP can have a public IP assigned to it at your discretion.
Public Subnet vs Private Subnet
Virtual Cloud Network (VCN) is a virtual cloud network that you set up in Oracle data centers and it's private.
A subnet is a subdivision of a VCN and it can be designated as either Public or Private. You choose this during subnet creation, and you can't change it later.
- Public Subnet (default)
- Instances in that subnet are allowed to have public IP addresses
- Private Subnet
- Instances in the subnet have no internet access
- Instances in the subnet are prohibited from having public IP addresses
Gateways are virtual routers which provide controlled entry points for traffic. There are different kinds of gateways supported in OCI and some of them are listed below:
- Internet Gateway (IGW)
- Provides a path for network traffic between your VCN and the Internet
- Dynamic Routing Gateway (DRG)
- Provides a path for private traffic (that is, traffic that uses private IPv4 addresses) between your VCN and networks outside the VCN's region.
- Provides a single point of entry for remote network paths coming into a VCN
- Is a standalone object
- To use it, you must attach it to a VCN
- A VCN can be attached to only one DRG at a time, and a DRG can be attached to only one VCN at a time
- You can use it to
- Connect a VCN to your on-premises network through
- IPSec VPN (doc) or FastConnect (see Figure 2&3)
- Peer your VCN with a VCN in another region
- NAT Gateway
- Gives instances in a private subnet access to the internet
- Instances in a private subnet don't have public IP addresses. With the NAT gateway, they can initiate connections to the internet and receive responses, but not receive inbound connections initiated from the internet.
- Are highly available and support TCP, UDP, and ICMP ping traffic.
- Is automatically always attached to only one VCN of your choice.
- Service Gateway
- Used for subnets that need private access to a public OCI service such as Object Storage.
- For example, DB Systems in a private subnet in your VCN can back up data to Object Storage without needing public IP addresses or access to the internet.
- Local Peering Gateway (LPG)
- Used for subnets that need private access to a peered VCN in the same region.
- Allows VCNs to communicate using private IP addresses, without the traffic traversing the internet or routing through your on-premises network.
- A given VCN must have a separate LPG for each peering it establishes.
References
- Networking (OCI)
- OCI Level 100 - Connectivity (Youtube)
- "Best Practices for implementing Analytics Cloud" from Oracle University
1 comment:
고객센터 - 우리카지노 - 【바카라사이트】카지노사이트인포,메리트카지노,샌즈카지노
Post a Comment