Network Topology

There are several different network topologies to considerwhen moving workloads to Oracle Cloud Infrastructure (OCI).

It can be tempting when delivering a single simple workload to quickly deploy and not focus a great deal of effort on network design. However, when multiple workloads are expected to be migrated or developed over time, the benefits of implementing a rigorous, well-thought-out network design are considerable.

Tip:

The topology most often decided upon by customers deploying multiple workloads is a hub and spoke design. And there are good reasons for this.

In this topic, the term “organisational unit” is used. An organisational unit is a discrete entity within an organisation. Organisational units might be centered around business units, geography, business units, or environment types (production, non-production).

Separation of Critical Resources - The Hub

A hub and spoke design offers a way of separating critical network resources, such as a Dynamic Router Gateway (DRG), shared amongst workloads, from the workload networks (VCN’s) themselves. This ensures that the administration of these shared critical resources is conducted by a small number of personnel who specialise in providing the shared network services.

For example; Imagine a design where access to the DRG is accessible to all network administrators. An inexperienced administrator makes a configuration change intended to be local to their organisational unit. However, because the DRG is a shared resource, all workloads within the tenancy would be affected.

Flexibility & Independence - The Spokes

A hub and spoke design allows organisations to structure themselves more flexibly around each organisational unit with appropriate levels of independence and autonomy. If network services are only available under a shared model, making local and specific changes to an organisational unit may be difficult. For example;