The image shows an OCI region that contains a Transit Provider Network Boundary. The OCI region contains an Edge Network with incoming traffic from multiple sources.

• Untrusted Network Traffic

  Hostile traffic and clean traffic originating from the untrusted network flows into the OCI region Edge Network. Router countermeasures for individual hosts are applied only during attacks. Excess traffic is routed away from the region when the transit provider capacity is at risk of being exceeded.

• Protected Network Traffic

  Customer configurable protection (ACLs/WAF) from multiple internal hosts.

• Clean traffic is returned to the region across the OCI backbone.
• Monitoring and Router Communication

  Detection and mitigation platforms are physically located in every OCI public region, with redundant management systems located globally.

• Hostile and clean traffic to mitigation. Clean traffic returns from mitigation. Traffic for attacked hosts are diverted through the mitigation platform only during attacks.