Troubleshooting Networking

Troubleshooting Networking Issues

Set up the VCN flow logs to troubleshoot the traffic in and out of your virtual network interface cards (VNICs).

Flow logs record details about the traffic that is accepted or rejected based on the security rules set up for your VCN. This enables you to log your network traffic and isolate networking issues, security lists, VPN connections, and so on.

Related Topics

Resolving Connection Issues to a DB System From a Client

Troubleshoot the ingress rules and local firewall settings to connect to a DB system from a client application running locally or in a compute instance.

This task requires the following:

Permission to access the Console, create DB systems, view and edit your VCN configuration.
A client application running locally or on a compute instance, which is unable to connect to a DB system.

Check the following:

Ingress rules: Confirm the ingress rules on your subnets allow connections from your client IP address. See Adding Ingress Rules for a Compute Instance, Bastion Session or VPN Connection and Security Lists.
Local firewall settings: Confirm your local firewall is configured to allow connections from your client to the DB system.

Viewing the Certificate of a DB System

Use a networking service such as a compute instance, VPN connection, or Bastion session to view the self-signed certificate of a DB system.

Note

The certificates are self-signed and no trusted certificate authority (CA) is involved, which makes the certificate insecure. Additionally, it is unusual to ask the servers to present their own certificates.

This task requires the following:

An active DB system.
An active networking service such as a compute instance, VPN connection, or Bastion session.
OpenSSL installaed on the host machine.

Do the following to check the sescurity service of a DB system:

Connect to the networking service of your choice. See Connecting to a DB System.
For example, if you are using a compute instance, run the following command from your host machine to connect to the compute instance:
```
ssh -i <PrivateKeyFile> <Username>@<ComputePublicIpAddress>
```
- <PrivateKeyFile>: Specify the full path and name of the file that contains the private key associated with the instance you want to access.
- <Username>: Specify the default username for the instance. For Oracle Linux and CentOS images, the default username is opc. For Ubuntu images, the default username is ubuntu.
- <ComputePublicIpAddress>: Specify the IP address of the instance that you retrieved from the Console.
Get the self-signed certificate for the DB system:
```
openssl s_client -starttls mysql -connect <DBSystemIpAddress>:<Port>
```
- <DBSystemIpAddress>: Specify the IP address of the DB system. See Viewing DB System Details.
- <Port>: Specify the port the DB system is configured to use. The default port is 3306.

Oracle Cloud Infrastructure Documentation