Wednesday, October 24, 2018

#662 OCI - Virtual Cloud Networks (VCNs) and Compute Instance Creation & Connectivity



























According to the ORCL docs -

A Virtual Cloud Network is a virtual version of a traditional network—including subnets,
route tables, and gateways—on which your instances run. A cloud network resides
within a single region but can cross multiple Availability Domains. A VCN covers a single, contiguous IPv4 CIDR block of your choice.

Some more concepts/definitions -

1. Subnets - Subdivisions you define in a VCN (for example, 10.0.0.0/24 and 10.0.1.0/24). Subnets contain virtual network interface cards (VNICs), which attach to instances. Each subnet exists in a single availability domain  and consists of a contiguous range of IP addresses that do not overlap with other subnets in the VCN

2. VNICs - A virtual network interface card (VNIC), which attaches to an instance and resides in a subnet to enable a connection to the subnet's VCN. The VNIC determines how the instance connects with endpoints inside and outside the VCN. Each instance has a primary VNIC that's created during instance launch and cannot be removed. 

3. Private IP - A private IP address and related information for addressing an instance (for example, a hostname for DNS). Each VNIC has a primary private IP, and you can add and remove secondary private IPs. The primary private IP address on an instance doesn't change during the instance's lifetime and cannot be removed from the instance.

4. Public IP - A public IP address and related information. You can optionally assign a public IP to your instances or other resources that have a private IP. Public IPs can be either ephemeral or reserved.

5. Internet Gateway - An optional virtual router that you can add to your VCN. It provides a path for network traffic between your VCN and the internet. 

6. Routing Tables - Virtual route tables for your VCN. Your VCN comes with a default route table, and you can add more. These route tables provide mapping for the traffic from subnets via gateways or specially configured instances to destinations outside the VCN.

7. Security Lists - Virtual firewall rules for your VCN. Your VCN comes with a default security list, and you can add more. These security lists provide ingress and egress rules that specify the types of traffic allowed in and out of the instances. 

8. Dynamic Routing Gateway - A virtual router that provides a single point of entry for remote network paths coming into your VCN. You can use it to establish a connection with your on-premises network via IPsec VPN or FastConnect.


Check out the full docs here

VCNs



So let's go and create a VCN -















































3 Subnets have also been created.






















One subnet per Activity Domain.

This can be seen, when I then go to create a Compute Instance -


























The relevant subnet is selected, based on AD.





















Other resources have also been created -


























Create a Compute Instance



Now back to the Compute Instance creation...
























I can then login -



























Just a note on Connectivity to on-premise -


3 options -

1. Public Internet
2. VPN - IPSec VPN
3. Fast Connect


No comments: