VCN in OCI

tags :

VCN in OCI #

• It is the first thing you create in order to make your OCI services accessible via the internet or via VPN (Private network)
• A software-defined version of a traditional physical network including subnet, route tables, and gateways
• VCN Resides within a single Region but can cross multiple Availability Domain (AD)

Default routing table issue #

• Faced it on <2024-08-14 Wed> the solution was to add routing rules to the default routing table of the vcn.

solution in images #

How traffic flows in OCI? #

Client user (browser) -> internet gateway -> VCN (Subnet in OCI) (routing table directs traffic) -> Load balancer -> backend set -> backend applications

DNS -> WAF (WAF in OCI) -> Internet Gateway -> Subnet (routing table and security list) -> Load Balancer -> backend app

OCR of Images #

2024-08-16_14-14-01_screenshot.png #

ORACLE Cloud Search resources, services, documentation, and N Prod ENV VCN VCN Move resource Add tags Delete VCN Information Tags AVAILABLE Compartment: Network OCID: ...xk6wla Show Copy DNS Resolver: Prod ENV VCN Default Route Default Route Table for Created: Tue, Aug 13, 2024, 17:43:25 IPv4 CIDR Block: 10.3.0.0/16 UTC Table: DNS Domain Name: Prod ENV VCN IPv6 Prefix: - prodvcn.oraclevcn.co m sources NAT Gateways in Network compartment bnets (2) DR Blocks/Prefixes (1) ute Tables (3) ernet Gateways (1) namic Routing Gateways achments (0) Create NAT Gateway Name State Public IP Address Route Table Created Tue, Aug 3, 2024, 7:43:27 J 1 of 1 -i Prod_ NA T Gatew ay Avail able 158.101.252.167 twork Security Groups (0) curity ists (A) Showing 1 item ) Li i Or 2 nuri cbt  2024 Oran l an à lo it affili

2024-08-16_14-14-18_screenshot.png #

g > Virtual cloud networks> Prod ENV VCNX > Route Table Details Default Route Table for Prod ENV VCN RT Move resource Add tags Terminate Route Table Information Tags VAILABLE OCID: ..odfthq Show Copy Created: Tue, Aug 13, 2024, 17:43:26 UTC Compartment: Network ces Route Rules Traffic within the VCN is handled by the VCN's local routing by default. Intra- VCN routing allows you more control over routing between subnets. Learn more. If you're having problems, use Network Path Analyzer to check your ules (0) connections. Add Route Rules Edit Remove Destination Target Type Target Route Type No items found. J selected Showing 0 items 1 of 1 Terms of Use and Privacy Cookie Preferences Copyright @ 2024, Oracle and/or its affiliates. All rights reserve

2024-08-16_14-14-55_screenshot.png #

ORACLE Cloud Search resources, services, documentation, and N rking > Virtual cloud networks > Prod E Add Route Rules Default N - Important: RT Move resource For a route rule that targets a Private IP, you must first enable "Skip Source/Destination Check" on the VNIC that the Private IP is assigned to. Route Tabl AVAILABLE Route Rule Target Type Internet Gateway OCID: ...odft Created: Tue A V Compartme Destination CIDR Block 0.0.0.0/0 Example: 10.0.0.0/24 urces Target Internet Gateway in Network (Change compartment) Prod Internet Gateway V e Rules (0) Description Optional Maximum 255 characters

2024-08-16_15-02-54_screenshot.png #

2 - - & Oracle Cloud Infrastructure - Region - Internet Gateway VCN AD 1 Load Balancer AD 2 X. A Subnet 0.0.0.0/00 Subnet 0.0.0.0/00 Subnet X.X. X.X.X. X.X.X. Subnet 0.0.0.0/00 0.0.0.0/00 0D0 OE JOE X.X.X X.X.X DD0

2024-08-16_15-10-41_screenshot.png #

ORACLE CLOUD INFRASTRUCTURE (REGION) Availability Domain 1 Availability Domain 2 AD3 E Subnet A Bastian Server 10.0.30.0/24 Subnet D 10.0.30.0/24 Loaded Balanced Web Servers gog 0a0 Virtual Machine 000 gog Identity & Access Management - € - N - Load Balancer DRG Dynamic Routing Gateway VPN Bare Metal Compute Virtual Machine Standby Database ;Subnet B 10.0.30.0/24 Primary Database Subnet C :10.0.30.0/24 Auditing pde dEE Database System AO D 8l8 Database System Object Storage VCN

2024-08-20_11-12-41_screenshot.png #

Architecture Here is high level architecture of this solution: OCI Region Oracle Service Network IPublic ubnet - bic.aaa.bbb WAF Internet Public NAT Gateway OIC Instance DNS Gateway Load Balancer an VCN

OCR of Images #

2024-08-16_14-14-01_screenshot.png #

ORACLE Cloud Search resources, services, documentation, and N Prod ENV VCN VCN Move resource Add tags Delete VCN Information Tags AVAILABLE Compartment: Network OCID: ...xk6wla Show Copy DNS Resolver: Prod ENV VCN Default Route Default Route Table for Created: Tue, Aug 13, 2024, 17:43:25 IPv4 CIDR Block: 10.3.0.0/16 UTC Table: DNS Domain Name: Prod ENV VCN IPv6 Prefix: - prodvcn.oraclevcn.co m sources NAT Gateways in Network compartment bnets (2) DR Blocks/Prefixes (1) ute Tables (3) ernet Gateways (1) namic Routing Gateways achments (0) Create NAT Gateway Name State Public IP Address Route Table Created Tue, Aug 3, 2024, 7:43:27 J 1 of 1 -i Prod_ NA T Gatew ay Avail able 158.101.252.167 twork Security Groups (0) curity ists (A) Showing 1 item ) Li i Or 2 nuri cbt  2024 Oran l an à lo it affili

2024-08-16_14-14-18_screenshot.png #

g > Virtual cloud networks> Prod ENV VCNX > Route Table Details Default Route Table for Prod ENV VCN RT Move resource Add tags Terminate Route Table Information Tags VAILABLE OCID: ..odfthq Show Copy Created: Tue, Aug 13, 2024, 17:43:26 UTC Compartment: Network ces Route Rules Traffic within the VCN is handled by the VCN's local routing by default. Intra- VCN routing allows you more control over routing between subnets. Learn more. If you're having problems, use Network Path Analyzer to check your ules (0) connections. Add Route Rules Edit Remove Destination Target Type Target Route Type No items found. J selected Showing 0 items 1 of 1 Terms of Use and Privacy Cookie Preferences Copyright @ 2024, Oracle and/or its affiliates. All rights reserve

2024-08-16_14-14-55_screenshot.png #

ORACLE Cloud Search resources, services, documentation, and N rking > Virtual cloud networks > Prod E Add Route Rules Default N - Important: RT Move resource For a route rule that targets a Private IP, you must first enable "Skip Source/Destination Check" on the VNIC that the Private IP is assigned to. Route Tabl AVAILABLE Route Rule Target Type Internet Gateway OCID: ...odft Created: Tue A V Compartme Destination CIDR Block 0.0.0.0/0 Example: 10.0.0.0/24 urces Target Internet Gateway in Network (Change compartment) Prod Internet Gateway V e Rules (0) Description Optional Maximum 255 characters

2024-08-16_15-02-54_screenshot.png #

2 - - & Oracle Cloud Infrastructure - Region - Internet Gateway VCN AD 1 Load Balancer AD 2 X. A Subnet 0.0.0.0/00 Subnet 0.0.0.0/00 Subnet X.X. X.X.X. X.X.X. Subnet 0.0.0.0/00 0.0.0.0/00 0D0 OE JOE X.X.X X.X.X DD0

2024-08-16_15-10-41_screenshot.png #

ORACLE CLOUD INFRASTRUCTURE (REGION) Availability Domain 1 Availability Domain 2 AD3 E Subnet A Bastian Server 10.0.30.0/24 Subnet D 10.0.30.0/24 Loaded Balanced Web Servers gog 0a0 Virtual Machine 000 gog Identity & Access Management - € - N - Load Balancer DRG Dynamic Routing Gateway VPN Bare Metal Compute Virtual Machine Standby Database ;Subnet B 10.0.30.0/24 Primary Database Subnet C :10.0.30.0/24 Auditing pde dEE Database System AO D 8l8 Database System Object Storage VCN

2024-08-20_11-12-41_screenshot.png #

Architecture Here is high level architecture of this solution: OCI Region Oracle Service Network IPublic ubnet - bic.aaa.bbb WAF Internet Public NAT Gateway OIC Instance DNS Gateway Load Balancer an VCN