Scribd
Upload
40 views

Internet Gateway: For Resources With Public IP Addresses That Need To Be Reached From

A VCN resides within a single region and covers a single IPv4 CIDR block. It automatically includes a default route table, security list, and DHCP options. Secondary VNICs can connect an instance to multiple subnets or be used with a bare metal instance. Secondary private IPs allow for instance failover or running multiple services on a single instance, and each VNIC can have up to 31 secondary private IPs.

Uploaded by

Monojit Kar
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
40 views

Internet Gateway: For Resources With Public IP Addresses That Need To Be Reached From

A VCN resides within a single region and covers a single IPv4 CIDR block. It automatically includes a default route table, security list, and DHCP options. Secondary VNICs can connect an instance to multiple subnets or be used with a bare metal instance. Secondary private IPs allow for instance failover or running multiple services on a single instance, and each VNIC can have up to 31 secondary private IPs.

Uploaded by

Monojit Kar
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

A VCN resides in a single Oracle Cloud Infrastructure region and covers a single,

contiguous IPv4 CIDR block of your choice. The allowable VCN size range is /16 to /30.
Example:
10.0.0.0/16. The Networking service reserves the first two IP addresses and the last one in
each
subnet's CIDR.

Your VCN automatically comes with these default components:


l Default route table, with no rules

l Default security list, with default rules

l Default set of DHCP options, with default values

Here are some reasons why you might use secondary VNICs:
l Use your own hypervisor on a bare metal instance

l Connect an instance to subnets in multiple VCNs

Attaching multiple VNICs from the same subnet CIDR block to an instance can introduce
asymmetric routing, especially on instances using a variant of Linux. If you need this type of
configuration, Oracle recommends assigning multiple private IP addresses to one VNIC, or
using policy-based routing.

Each VNIC has a primary private IP

The secondary private IP address must come from the CIDR of the VNIC's subnet. You can
move a secondary private IP from a VNIC on one instance to a VNIC on another instance if
both VNICs belong to the same subnet.

Here are a few reasons why you might use secondary private IPs:
l Instance failover

l Running multiple services or endpoints on a single instance

Here are more details about secondary private IP addresses:


l They're supported for all shapes and OS types, for both bare metal and VM instances.

l A VNIC can have a maximum of 31 secondary private IPs.

Internet gateway: For resources with public IP addresses that need to be reached from
the
internet (example: a web server) or need to initiate connections to the internet.
NAT gateway: For resources without public IP addresses that need to initiate connections
to
the internet (example: for software updates) but need to be protected from inbound
connections from the internet.

Traffic between a given subnet and gateway is controlled by the subnet's route table and
security lists.

Just having an internet gateway alone does not expose the instances in the VCN's subnets
directly to
the internet. The following requirements must also be met:
l The internet gateway must be enabled (by default, the internet gateway is enabled upon

creation).
l The subnet must be public.

l The subnet must have a route rule that directs traffic to the internet gateway.

l The subnet must have security list rules that allow the traffic (and each instance's firewall

must
allow the traffic).
l The instance must have a public IP address.

Dynamic Routing Gateway (DRG) : It provides a path for private


network traffic between your VCN and on-premises network. You can use it with other
Networking components and a router in your on-premises network to establish a connection
by way of IPSec VPN or Oracle Cloud Infrastructure FastConnect. It can also provide a path
for private network traffic between your VCN and another VCN in a different region.

Service Gateway : A service gateway is another optional virtual router that you can
add to your VCN. It provides a path for private network traffic between your VCN and
supported services in the Oracle Services Network (examples: Oracle Cloud Infrastructure
Object Storage and Autonomous Database). For example, DB Systems in a private subnet in
your VCN can back up data to Object Storage without needing public IP addresses or access
to the internet.

Local Peering Gateway (LPG) : It lets you peer one VCN with another VCN in the
same region. Peering means the VCNs communicate using private IP addresses, without the
traffic traversing the internet or routing through your on-premises network.

The Internet and VCN Resolver also enables reverse DNS lookup, which lets you
determine the hostname corresponding to the private IP address.
DHCP Options : Each time the instance boots up or you restart the instance's DHCP
client, DHCP passes that same private IP address to the instance.

Security Lists : Security lists are virtual firewall rules for your VCN. Security lists have
ingress and egress rules that specify the types of traffic (protocol and port) allowed in and
out of the instances.

VCN Connectivity : Two way :


VPN Connect, : Offers multiple IPSec tunnels between your existing network's edge and
your VCN, by way of a DRG that you create and attach to your VCN.

Oracle Cloud Infrastructure FastConnect : Both private peering and public peering are
supported. That means your on-premises hosts can access private IPv4 addresses in your
VCN as well as regional public IPv4 addresses in Oracle Cloud Infrastructure (for example,
Object Storage or public load balancers in your VCN)

VCN Peering : Two types :


Local VCN peering (within region) : You can also place shared resources into a single VCN
that all the other VCNs can access privately.

lRemote VCN peering (across regions) : remote VCN peering crosses regions, you can use it
(for example) to mirror or back up your databases in one region to another. For an
example, see the scenario in Disaster Recovery Across
Regions.

The DRG enables the VCN's private connectivity to the on-premises network
over IPSec VPN or FastConnect. The DRG also enables the remote peering
connection to the other
VCN.

You might also like