What are the two use cases to use fast connect when connecting to a virtual cloud network from on-premises?

In this blog post, I will be covering Everything you should know about oci networking such as OCI VCN, IGW, SGW, SL, RT, and in the last, I will go over a case study of deploying Oracle EBS R12 on OCI.

The Oracle Cloud Infrastructure (OCI) is built on 5 pillars that are IAM, Networking, Compute, Storage & Database. Networking is a very important and complex topic in Oracle Cloud Infrastructure Architect. Networking allows communication between different resources in the OCI environment.

Overview Of Networking

After provisioning a new tenancy in OCI (creating root compartment). One of the first things to do is to create a Networking environment (VCN). OCI VCN allows different resources in OCI to communicate with each other within and outside a region.

In the below video, I have covered the things you must know about  OCI Networking

OCI Networking Architecture

A typical OCI networking architecture has the following network components:

• Virtual Cloud Network (VCN) and inside this VCN, we have three subnets.
• One public subnet for bastion host and load balancer, and two private subnets, one for application host and one for database host.
• An Internet Gateway to connect to the internet from public subnet.
• A Service Gateway to access OCI Object Storage and other OCI services.
• A Dynamic Routing Gateway (DRG) for private access from an on-premises data center to OCI.

Check out: List of Free Oracle Cloud Certification

Components Of OCI Network

The Networking service in Oracle Cloud Infrastructure uses virtual versions of traditional network components you might already be familiar with:

What is VCN in OCI

• It is the first thing you create in order to make your OCI services accessible via the internet or via VPN (Private network)
•  A software-defined version of a traditional physical network including subnet, route tables, and gateways
• VCN Resides within a single Region but can cross multiple Availability Domain (AD)

Read: How to setup a Virtual Cloud Network (VCN) in OCI

Subnet

• Bigger Network divided into multiple smaller networks
• A subnet can be AD specific or regional
• You can have multiple subnets in an Availability Domain (AD)
• There are two types of Subnets
  • Public Subnet: In which public-facing resources reside like instance, load balancer, object storage.
  • Private Subnet: In which highly secured resources reside like Database.

Read: Subnets in OCI

Route Table

VCN uses virtual route tables to send traffic out of the VCN (for example, to the internet, to your on-premises network, or to a peered VCN). These route tables have route rules that provide mapping for traffic from subnet via gateways to other subnets or destinations outside VCN

Each rule specifies a destination CIDR block and the target (the next hop) for any traffic that matches that CIDR.

Security List

Security List is a common set of firewall rules associated with a subnet and applied to all compute instances in that subnet. Security List specifies two types of traffic allowed:

• Ingress: Incoming Traffic
• Egress: Outgoing Traffic

Firewall rules in OCI are defined at the subnet level and not at compute instance level.

Network Security Group

Network Security Groups are another method for implementing security rules. NSGs provides a virtual firewall for a set of Cloud resources that have the same security posture.

Read our blog to know more about Network Security Groups Vs. Security List: When to use What?

Gateways

There are 5 gateways in OCI Networking:

1) Internet Gateway (IG): It provides a path for network traffic between the internet and OCI VCN. Compute Instance in Public Subnet by default won’t be able to connect to the internet without IG.

2) NAT Gateway: It gives resources without public IP addresses access to the internet without allowing incoming traffic from the internet to that resources.

3) Service Gateway: It allows OCI resources to access public OCI services without the use of the Internet or NAT Gateway Eg: Object Storage.

4) Dynamic Routing Gateway (DRG): DRG provides a single point of entry for remote network paths coming into VCN. It provides a path for VCNs to communicate across regions or outside the region to On-premise. Each VCN can have a single DRG.

5) Local Peering Gateway (LPG): Used to establish communication between resources of different VCNs within a Region.

Read our blog to know more in detail about Gateways in OCI: Internet Gateway, NAT Gateway, Service Gateway, Dynamic Routing Gateway

Load Balancer

Load Balancer is used to distribute the traffic coming from a source to multiple backend servers. It improves resource utilization, scaling & high availability. We can create a public or private load balancer within a VCN.

• Public load balancer has a public IP address that is accessible from the internet.
• Private load balancer has an IP address from the hosting subnet, which is visible only within your VCN.

Read: Load Balancer in OCI.

On-Premise Connectivity With Oracle Cloud

To establish a connection between OCI VCN & On-prem Datacenter we use DRG. There are two ways (VPN Connect & FastConnect) to establish this type of connection.

VPN Connect

• OCI VPN securely connects the on-premise network to  OCI VCN through an IPSec VPN connection
• IPSec: Internet Protocol Security is a network protocol  that ATN & encrypts data packets sent over the network

Fast Connect

• Connects existing network to VCN over a private physical network instead of the internet
• There are two ways to connect with FastConnect
  • Colocation: By Co-locating with Oracle in a FastConnect Location
  • Provider: By Connecting to a FastConnect Provider

Read: VPN Connect

VCN Peering

• VCN Peering is the process of connecting multiple virtual cloud networks (VCN)
• With peering, instances in two VCNs communicate as if they are in the same network
• VCN Peering can be of two types Local VCN Peering (within Region) using LPG & Remote VCN Peering (across Regions) using DRG.
  • Local VCN Peering(LPG): The process of creating a path between VCNs for communication in a single region.
  • Remote Peering Connection: The process of creating a path between VCNs communication across regions.
• Local VCN Peering is supported in all OCI Regions.

Transit Routing

Transit routing is a process of accessing resources in multiple VCNs across various regions or from the On-premise Datacenter using a single VCN. It follows the Hub-Spoke concept in which we have access to only the Hub VCN and all other VCNs are connected to Hub VCN using Local Peering.

Check out our blog to know more about Transit routing in OCI.

Microsoft Azure & OCI Interconnect

This cross-cloud interlink enables customers to migrate and run mission-critical enterprise workloads across Microsoft Azure and Oracle Cloud Infrastructure (OCI). It is done using express route and FastConnect.

To know more check out our blog on Microsoft & OCI interconnect.

Case Study: Networking In EBS R12 on OCI

So far we have discussed all the networking components in OCI, now let’s discuss a Case Study: Deploying networking components of Oracle EBS R12 on OCI for Single AD, Single Region.

Read our blog to know more about  OCI Availability Domain (AD) & Regions.

A typical EBS environment has three tiers:

1) Client tier: The EBS client installed on a desktop or laptop
2) Application Tier: Here we will deploy application servers such as EBS R12 compute instances.
3) Database Tier: Here we will deploy the database, which could be a VMDB, BMDB, Exadata, or DB on Compute.

In this case study, we have the following network components:

• Virtual loud Network (VCN) inside we have deployed application and database tier.
• We have three subnets inside this VCN. One public subnet for our bastion host and two private subnets, one for application tier and one for database tier.
• An Internet Gateway to connect to the internet from public subnet.
• A Service Gateway to access OCI Object Storage and other OCI services.
• A Dynamic Routing Gateway (DRG) for private access from an on-premises data center to EBS application.

For deploying Oracle EBS R12 on OCI, you have to create network resources in OCI as mentioned below:

• Create a Virtual Cloud Network (VCN), this will be the network inside which your EBS Database Tier and Application Tier will reside.
  Note: You can use an existing VCN if already created in OCI or create a new one.
• Create Subnets inside VCN created earlier.
  a) One to host Bastion Server
  b) One to host EBS Application Tier, that is your EBS compute instances
  c) One to host Database Tier
  d) One to host Primary & Secondary Load Balancer for EBS Apps Tier
• Create Internet Gateway (IGW), this will be used in this network on OCI needs to talk to the Internet.
• Create Route Tables (of target type as Internet Gateway), one for EBS Compute instance, one for database instance and one for Load Balancer, and all connecting to IGW created in the previous step.
• Create Security Lists (Firewall), one for EBS Compute instance, one for database instance, and one for Load Balancer.

Read our blog to know more about Oracle EBS (R12) On Cloud Deployment Architecture

Related/Further Readings

• • Virtual Networking (VCN) Quickstart In Oracle Cloud (OCI)
  • Network Security Groups (NSGs) Vs. Security List (SL): When to use What?
  • Transit Routing: Access To Multiple VCNs From On-Premise
  • [Video 3 of 5] Oracle Cloud: Create VCN, Subnet, Firewall (Security List), IGW, DRG: Step By Step
  • [Video 4 of 5] What Is Load Balancer In Oracle Cloud (OCI) & How To Create: Step By Step
  • [Q/A] Oracle Cloud Infrastructure Architect Training Day 3: Networking (VCN, Subnets, Gateways, Route Tables, Security List)
  • IAM In OCI – User, Groups, Compartment, Policy, Tags, Federation & MFA
  • OCI Regions | OCI Availability Domain | Oracle Cloud Region | OCI Realms
  • Oracle Cloud Observability and Management Platform: Everything You Need to Know

Begin Your Cloud Journey

Begin your journey towards becoming a Certified Oracle Cloud Infrastructure Architect and earning a lot more in 2022 by joining our FREE CLASS. You will also know more about the Roles and Responsibilities, Job opportunities for OCI Architects in the market, and what to study Including Hands-On labs you must perform to clear the Oracle Cloud Architect Associate Certification (OCI) certification exam by registering for our FREE Masterclass.

Click on the below image to Register Our FREE Class on Master Oracle Cloud (OCI) and Get a Higher Paying Job!