Tune and Monitor Network
- Use stateless rules where appropriate to do so
Do this to avoid performance impact due to connection tracking wherever you expect to have a large number of connections. For example, use stateless rules for external facing components.
- Use load balancing for distributed applications
Oracle Cloud
Infrastructure Load Balancing
can handle incoming SSL traffic and pass the unencrypted request to a backend server. This can improve performance. Oracle Cloud Infrastructure load balancers can route traffic to multiple backends, providing elasticity to your application.
- Place your applications relative to users
Infrastructure services are offered globally in multiple, geographically distant regions. This benefit of the cloud lets you place applications where your users are, increasing performance and providing a better user experience. Select a region that enables you to fulfill your network requirements.
Learn About Network Impact On Application Performance
Network Architect, Infrastructure Architect, Application Architect, Cloud Architect
- Location of your resources
Evaluate if the increased network latency incurred when placing resources in different regions will affect your workload performance and scalability.
- Location of your End-Users
Evaluate how your end user will perceive your application performance. You might need to add automated benchmarks to gather metrics to support design decisions. You can use global traffic steering polices to help ensure your end uers will use their nearest region.
- Application requirements
Part of "Know your workload" is to also evaluate your application's network-specific requirements. Understand all the different components that are part of your application and the nature of the communication. Is the application "chatty" and sensitive to latency? Will the application run batch processing and transfer large amounts of data between components?
- Understand scalability and limits of the individual components
Familiarize yourself with the network scaling characteristics and features for such resources as load balancers, compute instances, and network attached block volumes.
Learn About Available Networking Services and Features
Network Architect, Infrastructure Architect, Cloud Architect, Security architect
- Compute Shapes
A shape is a template that determines the number of CPUs, amount of memory, and other resources allocated to a newly created instance. Each compute shape has a pre-defined maximum network bandwidth. Understand and choose your compute shapes based upon the required network throughput.
- Service Gateway
A service gateway lets your virtual cloud network (VCN) privately access specific Oracle services without exposing the data to the public internet. No internet gateway or NAT is required to reach those specific services. The resources in the VCN can be in a private subnet and use only private IP addresses. The traffic from the VCN to the Oracle service travels over the Oracle network fabric and never traverses the internet.
- Availability Domains
It is best practice to architect your application for high availability using availability domains. The availability domains within the same region are connected to each other by a low latency, high bandwidth network. However, the latency between components within an availability domain will be lower that than between availability domains due to the distances involved. You need to take this into account when placing components within your architecture.
- Remote Peering
When setting up a DR environment it is typical to do this between different regions. The best practice for connection the 2 regions is to setup a VCN within each region and connect them via a remote peering gateway. Traffic between the 2 VCNs will flow over the Oracle backbone between the 2 regions. This is a high speed interconnect provided by Oracle which is shared by all tenancies. The latency between the 2 regions depends primarily on the distance between the 2 regions being peered.
- IPSec Tunnel (VPN)
If you need to connect securely to your cloud environment, 1 option is to use an IPSec tunnel. Typically, the IPSec tunnel traverses the internet. The speed and latency of the connection depends on a number of factors. The speed and reliability of internet path the traffic is traversing is a primary factor. A secondary factor is the performance and scalability of the customer equipment at one end of the IPSec tunnel. A third consideration is the fact that it takes time to encrypt and decrypt the traffic when using an IPSec tunnel so this will reduce overall network performance by a factor.
- FastConnect
A dedicated connectivity to your on-premises data center. If you require reliable consistent network performance, choose FastConnect over VPN solutions. FastConnect comes in two forms. If you need to extend your data center to the cloud, FastConnect private peering allows you to add the VCN(s) in your tenancy to your on-premise network. If you need to access publicly available OCI end points then FastConnect public peering provides this feature.
Learn About the Impact of Stateful Security Lists
Network Architect, Security Architect
Learn About and Leverage SSL Termination Features
Network Architect, Infrastructure Architect, Security architect
Choose a Region Location Based On Networking Requirements
Network Architect, Infrastructure Architect,Cloud Architect
Use Traffic Steering When Serving a Global Audience
Cloud Architect, Infrastructure Architect, Cloud Architect
Learn About Networking Metrics
Network Architect, Infrastructure Architect, DevOps Architect
Use Global Health Checks to Monitor Your Workload
Infrastructure Architect, Cloud Architect, DevOps Architect