In Part 1, we explored IAM, compartments, and how resources are securely scoped and organized in OCI. Now in Part 2, letβs dive into the networking backbone of Oracle Cloud β the VCN (Virtual Cloud Network), gateways, peering, security, and load balancers.
πΈοΈ Virtual Cloud Network (VCN) β Your Private Cloud Network
In OCI, the VCN is your private network environment where you launch all your resources β similar to a VPC in AWS.
You can create a VCN in two ways:
- π§βπ§ Manual setup
- β‘ VCN Wizard (quick-start templates like:
- Create VCN with internet access
- Create VCN with internet + VPN connectivity)
Inside a VCN:
- Public Subnet: Instances with public IPs (can talk to internet)
- Private Subnet: No public IPs, for internal workloads
- Internet Gateway (IGW): Enables internet access (for public subnets)
- NAT Gateway: Outbound-only internet from private subnets β Inbound is denied by design
- Service Gateway: Private access to Oracle services (like Object Storage)
π Site-to-Site Connectivity
Want to connect your on-premises network to OCI?
Use:
πΈ Site-to-Site VPN β Encrypted tunnel over the public internet
πΈ FastConnect β Dedicated private circuit with higher performance
Both options use a Dynamic Routing Gateway (DRG) to route traffic between your on-prem and OCI.
πΊοΈ Route Tables: Directing Network Traffic
Each subnet in a VCN is associated with a route table.
- It defines how traffic leaves the subnet β to:
- Internet
- DRG (on-prem)
- Peered VCN
- OCI uses longest prefix match to decide route priority.
- You donβt need routing between public and private subnets in the same VCN β OCI handles that internally.
π VCN Peering: Connecting VCNs
- Local Peering: Between VCNs in the same region π Update both VCNsβ route tables and security rules
- Remote Peering: Across regions via DRG π Requires setup of Remote Peering Connection (RPC) on both ends
Scaling to 100+ VCNs?
Use DRG v2:
- Hub-and-spoke model
- Supports up to 300 VCNs in a single region!
π VCN Security
OCI provides two levels of network access control:
1. Security Lists
- Subnet-level firewall rules (stateful)
- Apply to all instances in the subnet
- Less flexible for micro-segmentation
2. Network Security Groups (NSGs)
- Apply to specific VNICs (virtual NICs)
- More granular and modern than security lists
- You can use CIDRs or other NSGs as source/destination
βοΈ Load Balancing in OCI
OCI Load Balancer helps you achieve High Availability (HA) and Scalability.
You get two options:
1. Flexible Load Balancer (Dynamic bandwidth):
- Define min & max bandwidth (e.g., 10 Mbps β 8 Gbps)
- Automatically adjusts to traffic load
2. Predefined Shapes (Legacy):
- Micro, Small, Medium, Large
- Auto-scales based on shape
Load Balancer Types:
- Public LB β Accessible via internet
- Private LB β Internal only (within VCN)
π Layer 4 vs Layer 7 Load Balancers
-
Layer 7 (Application LB):
- Protocols: HTTP, HTTPS
- Smarter routing (URL-based, header-based)
- Ideal for web apps, APIs
-
Layer 3/4 (Network LB):
- Protocols: TCP, UDP
- Lower latency β‘
- Higher performance, faster response
- Ideal for streaming, game servers, low-latency apps
π§° Bonus: Network Visualizer
π¨ OCI provides a Network Visualizer in the Network Command Center.
It helps:
- Visualize traffic flow
- Troubleshoot route conflicts
- View gateways, subnets, and peering paths
β Summary
OCI Networking = Flexibility + Performance + Security
- VCN is your starting point
- Subnets, route tables, and gateways define your topology
- NSGs and Security Lists secure your workloads
- Peering and DRG scale your network
- Load balancers ensure availability and performance
π Coming Next: OCI Compute and Storage (Part 3)
π Missed Part 1?
π Introduction to IAM in OCI
Top comments (0)