1. Platform Preparation and Installation Guide
  2. Public Cloud Platforms
  3. Create and Deploy on OCI
  4. Prerequisites to Deploying an OCI Instance

Prerequisites to Deploying an OCI Instance

The OCI deployment infrastructure provides a flexible management system that allows you to create objects required during the instance deployment procedure prior to or during that deployment. When created prior to deployment, these objects become selectable, typically from drop-down lists in the appropriate deployment dialogs. You may use these objects for a single deployment or for multiple deployments.

Deployment prerequisite tasks:
  • Identify and deploy to the correct OCI Region. This is typically a default component of your OCI Account.
  • Identify and deploy to the correct OCI Availability Domain. By deploying 2 (HA) instances during deployment at the same time, you are ensuring that both instances either reside in the same Availability Domain or are attached to the same regional subnet if they are located in different Availability Domains.
  • Identify and deploy to the correct OCI Fault Domains (HA only). You deploy HA instances in the same Availability Domain, and in separate Fault Domains.
  • Create an Oracle Virtual Cloud Network (VCN). Required VCN configuration includes:
    • Security list—These access control lists provide traffic control at the packet level.
    • Subnet configuration—The SBC has 3 types of vNICs, including management (wancom0), HA (wancom1/wancom2) and Media (s0p0, s1p0 etc). To maintain traffic separation, each of the vNICs should be connected to a separate subnet within the VCN.
    • Internet Gateway—Create a default internet gateway for the compartment and give it an appropriate name.
    • Route table (Use Default)—Create a route table to route appropriate Subnet(s) through the Internet Gateway.
    • DHCP options (Use Default)—Enable DHCP on the VCN by creating a set of DHCP options, and using the default resolver.

There are additional VCN components that you may find useful for your SBC deployment. These include:

  • Dynamic Routing Gateway
  • Local Peering Gateways
  • NAT Gateways
  • Service Gateways

Create Security Lists

Security lists specify the type of traffic allowed on a particular type of subnet. SBC deployments typically need 2 lists, but you may use three if there are specific rules that apply to your HA subnet and are different from your management subnet.

Rules set on security lists can be either stateful or stateless. Stateful rules employ connection tracking and have the benefit of not requiring exit rules. However, there is a limit to the number of connections allowed over stateful connections. and there is a performance hit. Oracle, therefore, recommends stateless lists for media interfaces.

Note:

The SBC implements its own ACLs. Protocol access may require that you configure OCI security lists and SBC ACLs. In addition, the port numbers you use within SBC ACLs should match those configured in these security groups.

The security list for management ports can be stateful. Ports you should consider opening for management interfaces include:

  • SSH—TCP port 22
  • NTP—UDP port 123
  • SNMP—UDP port 161
  • SNMP Trap—UDP port 162

The security list for media ports should be stateless. Ports you should consider opening for management interfaces include:

  • SIP—UDP or TCP port 5060
  • SIP TLS—TCP port 5061
  • H323—TCP port 1719
  • RTP —UDP or TCP port 5004 and 5005

Oracle recommends using a private subnet for HA and a basic security list that allows all local traffic. However, there are some deployments where this is not possible. In these cases, create a security list with a port open for the port you've selected in redundancy-config, which is typically port 9090.

Create Networks and Subnets

OCI interface types include those hidden from the internet and those that are not. In addition, if you are deploying the SBC in HA mode, you must ensure that the cloud can switch between media interfaces on HA instances during failover. This requires secondary private and reserved public addressing. The table below lists configuration requirements and considerations for interfaces, with respect to OCI interface types.

vNIC Subnet Public or Private Required for Standalone Required for HA Private IP Public IP - Ephemeral Secondary Private IP Reserved Public IP
wancom0 Either Required Required Required Optional N/A Optional
wancom1 Private N/A Required Required N/A N/A N/A
wancom2 Private N/A Optional Required N/A N/A N/A
s0p0, s1p0, s0p1

(and all other Media interfaces)

Public Between 1 and 8 interfaces Between 1 and 8 interfaces Required Yes for standalone mode, if traffic comes through Internet.

(N/A for HA)

Yes for HA mode.

(Optional for standalone)

Yes for HA mode, if traffic comes through Internet.

(Can be used instead of ephemeral public IP for standalone.)

Oracle recommends creating regional subnets, which means the subnet can span across availability domains within the region. With this primary and secondary SBC instances can be deployed in two different Availability Domains thereby making use of OCI infrastructure level high availability. Alternatively you could create non-Regional subnets which means the subnet is limited to a single Availability Domain. In this case, both primary and secondary SBC instances MUST be deployed within that Availability Domain

Refer to OCI's Regional Subnets documentation for further information about using these objects.

During the deployment procedure, ensure that OCI provides the IP address for the wancom0 (primary management) interface via DHCP.