Core Network Capabilities
The resources in this category are the standard components to use when building a simple network within OCI. These include;
Virtual Cloud Networks
A Virtual Cloud Network (VCN)is a software-defined network that is set up in the Oracle Cloud Infrastructure data centers in a particular region. It can span across multiple Availability Domains. You can peer VCN’s to each other so long as their CIDR’s do not overlap. There are a maximum of 64,000 IPv4 IP addresses that can be allocated in a single VCN.
Subnets
A subnet is a distinct segment of a VCN. It consists of a contiguous range of IPv4 addresses that must not overlap with other subnets within the VCN. Subnets can either be private or public.
-
Public Subnets
Public Subnets are the default type of subnet. They allow for the allocation of public IP addresses and access to the internet. -
Private Subnets
Private Subnets do not allow for the allocation of public IP addresses and prohibit access to the internet.
Route Tables
Route Tables contain rules that specify what traffic can be sent out from within the VCN (and its subnets) to what destinations. These destinations include another VCN, an on-premises network or to the internet).
Security Lists
Security Lists act as a virtual firewall for a VCN (and its subnets). They are a collection of Security Rules that are applied to the VCN. The Security Rules allow or prohobit specific types of traffic from being routed to, or from, resources within the VCN. By default Subnets are associated with the default Security List for the VCN. Alternatively, they can be associated with one or more specific Security Lists.
Network Security Groups
Security Lists are applied to all Virtual Network Interface Cards (VNIC’s) in a subnet. Whereas, Network Security Groups (NSG’s) allow a set of Security Rules to be applied to specific Virtual Network Interface Cards (VNIC). When a VNIC is added to an NSG the associated set of rules will then be applied. This then allows resources that share similar characeteristics to be grouped together, from a Security Rule perspective, regardless of which subnet in which they reside. Oracle recommends the use of NSG’s rathert than Security Lists as it allows the security requirements of a class of resources to be predominant, rather than the subnet architecture.