Network Topology
There are several different network topologies to considerwhen moving workloads to Oracle Cloud Infrastructure (OCI).
It can be tempting when delivering a single simple workload to quickly deploy and not focus a great deal of effort on network design. However, when multiple workloads are expected to be migrated or developed over time, the benefits of implementing a rigorous, well-thought-out network design are considerable.
Tip:
The topology most often decided upon by customers deploying multiple workloads is a hub and spoke design. And there are good reasons for this.
In this topic, the term “organisational unit” is used. An organisational unit is a discrete entity within an organisation. Organisational units might be centered around business units, geography, business units, or environment types (production, non-production).
Separation of Critical Resources - The Hub
A hub and spoke design offers a way of separating critical network resources, such as a Dynamic Router Gateway (DRG), shared amongst workloads, from the workload networks (VCN’s) themselves. This ensures that the administration of these shared critical resources is conducted by a small number of personnel who specialise in providing the shared network services.
For example; Imagine a design where access to the DRG is accessible to all network administrators. An inexperienced administrator makes a configuration change intended to be local to their organisational unit. However, because the DRG is a shared resource, all workloads within the tenancy would be affected.
Flexibility & Independence - The Spokes
A hub and spoke design allows organisations to structure themselves more flexibly around each organisational unit with appropriate levels of independence and autonomy. If network services are only available under a shared model, making local and specific changes to an organisational unit may be difficult. For example;
- The change may need to be assessed to understand in what way multiple parties might be affected.
- The change may conflict with the requirements of another organisational unit.
- The shared service function may act as a bottleneck to getting localised changes delivered