Learn About Network Topologies for Oracle Database@Azure

Learn about the various network topology options to select the one best suited for your organizational needs.

The topologies include the following components:

• Region

  An OCI region is a localized geographic area that contains one or more data centers, hosting availability domains. Regions are independent of other regions, and vast distances can separate them (across countries or even continents).

• Virtual cloud network (VCN) and subnet

  A VCN is a customizable, software-defined network that you set up in an OCI region. Like traditional data center networks, VCNs give you control over your network environment. A VCN can have multiple non-overlapping classless inter-domain routing (CIDR) blocks that you can change after you create the VCN. You can segment a VCN into subnets, which can be scoped to a region or to an availability domain. Each subnet consists of a contiguous range of addresses that don't overlap with the other subnets in the VCN. You can change the size of a subnet after creation. A subnet can be public or private.

• Security list

  For each subnet, you can create security rules that specify the source, destination, and type of traffic that is allowed in and out of the subnet.

• Azure Virtual Network (VNet)

  Azure Virtual Network (VNet) is the fundamental building block for your private network in Azure. VNet enables many types of Azure resources, such as Azure virtual machines (VMs), to securely communicate with each other, the internet, and on-premises networks.

• Azure delegated subnet

  A delegated subnet allows you to insert a managed service, specifically a platform-as-a-service (PaaS) service, directly into your virtual network as a resource. You have full integration management of external PaaS services within your virtual networks.

• VNIC

  The servers in OCI data centers have physical network interface cards (NICs). When you create an instance on one of these servers, the instance communicates using Networking service virtual NICs (VNICs) associated with the physical NICs. A virtual network interface card (VNIC) enables an instance to connect to a VCN and determines how the instance connects with endpoints inside and outside the VCN. Each VNIC resides in a subnet in a VCN.

• Azure Virtual WAN

  Azure Virtual WAN (VWAN) is a networking service that brings many networking, security, and routing functionalities together to provide a single operational interface.

• Azure route table

  Virtual route tables contain rules to route traffic from subnets to destinations outside a VNet, typically through gateways. Route tables are associated with subnets in a VNet.

About Local VNet Topology

If you want high performance and low latency, host your applications within the same virtual network (VNet) as your database. To maintain application isolation, use separate subnets for each application while sharing the Oracle Database@Azure residing in a delegated subnet. This setup not only minimizes latency but also reduces expenses since no VNet peering costs are involved.

The following architecture shows a local VNet topology:

Description of the illustration azure-local-vnet-topology.png

azure-local-vnet-topology-oracle.zip

About VNet Peering Topology

Connect your applications in one VNet to the database in another VNet within the same region using local VNet peering. Consider that VNet peering incurs ingress costs but doesn't add latency.

If your application components are in different subscriptions from your database components, identify the physical availability zone and colocate the services in the same availability zone to improve latency performance. Finally, allow connection from a peered VNet update OCI NSG of the database.

The following architecture shows a local VNet peering topology:

Description of the illustration azure-local-vnet-peering-topology.png

azure-local-vnet-peering-topology-oracle.zip

For more information on pricing related to VNet peering and Virtual Networks, see the Azure Virtual Network Pricing documentation linked in the Explore More section.

About Hub-and-Spoke VNet Peering Topology

The Hub VNet functions as a centralized point of connectivity, facilitating communication between applications and databases. The spoke VNets establish connections with the Hub by VNet peering and require an Azure Route table (UDR) to route to the Hub NVA. Choose this topology if you don't have latency-sensitive applications due to the additional hop required and consider that VNet peering add standard Azure VNet peering costs.

The following architecture shows a hub-and-spoke VNet peering topology with Azure Firewall or NVA:

Description of the illustration azure-hub-and-spoke-vnet-peering-topology.png

azure-hub-and-spoke-vnet-peering-topology-oracle.zip

See the Azure Virtual Network Pricing documentation linked in the Explore More section.

About Global Connectivity Between Regions

Set up the VWAN Hub in both regions to establish seamless global connectivity. Configure a firewall within the Hub to inspect all traffic and ensure the Hub is secure. The VWAN Hub centrally manages routing and streamlines network operations. If you choose this topology, consider that the VWAN incurs costs and adds latency.

The following architecture shows global connectivity between regions:

Description of the illustration azure-global-connectivity-regions.png

azure-global-connectivity-regions-oracle.zip

About Connectivity from On-Premises Network with Hub-and-Spoke

Connect on-premises users or applications to Oracle Database@Azure by establishing an express route (or site-to-site VPN) to the Azure Hub network. The gateway learns the routes through transitivity. The database spoke VNet learns the route through peering. Consider that VNet peering adds standard Azure VNet peering costs.

The following architecture shows a hub-and-spoke on-premises topology:

Description of the illustration azure-premises-hub-and-spoke-network.png

azure-premises-hub-and-spoke-premises-network.zip