1. Best practices for optimizing the performance and cost of cloud resources
  2. Tune and Monitor Network

Tune and Monitor Network

The optimal network solution for a system varies based on latency, throughput requirements, redundancy, and so on. The network solution you implement can impact the performance of your application.
  • Use stateless rules where appropriate to do so

    Do this to avoid performance impact due to connection tracking wherever you expect to have a large number of connections. For example, use stateless rules for external facing components.

  • Use load balancing for distributed applications Oracle Cloud Infrastructure Load Balancing

    can handle incoming SSL traffic and pass the unencrypted request to a backend server. This can improve performance. Oracle Cloud Infrastructure load balancers can route traffic to multiple backends, providing elasticity to your application.

  • Place your applications relative to users

    Infrastructure services are offered globally in multiple, geographically distant regions. This benefit of the cloud lets you place applications where your users are, increasing performance and providing a better user experience. Select a region that enables you to fulfill your network requirements.

Learn About Network Impact On Application Performance

Network Architect, Infrastructure Architect, Application Architect, Cloud Architect

When evaluating network services in the context of performance efficiency and cost optimization the following points should be evaluated:
  • Location of your resources

    Evaluate if the increased network latency incurred when placing resources in different regions will affect your workload performance and scalability.

  • Location of your End-Users

    Evaluate how your end user will perceive your application performance. You might need to add automated benchmarks to gather metrics to support design decisions. You can use global traffic steering polices to help ensure your end uers will use their nearest region.

  • Application requirements

    Part of "Know your workload" is to also evaluate your application's network-specific requirements. Understand all the different components that are part of your application and the nature of the communication. Is the application "chatty" and sensitive to latency? Will the application run batch processing and transfer large amounts of data between components?

  • Understand scalability and limits of the individual components

    Familiarize yourself with the network scaling characteristics and features for such resources as load balancers, compute instances, and network attached block volumes.

Learn About Available Networking Services and Features

Network Architect, Infrastructure Architect, Cloud Architect, Security architect

Understand the available networking products and how they can impact network performance. Measure the impact of these features through testing, metrics, and analysis.
  • Compute Shapes

    A shape is a template that determines the number of CPUs, amount of memory, and other resources allocated to a newly created instance. Each compute shape has a pre-defined maximum network bandwidth. Understand and choose your compute shapes based upon the required network throughput.

  • Service Gateway

    A service gateway lets your virtual cloud network (VCN) privately access specific Oracle services without exposing the data to the public internet. No internet gateway or NAT is required to reach those specific services. The resources in the VCN can be in a private subnet and use only private IP addresses. The traffic from the VCN to the Oracle service travels over the Oracle network fabric and never traverses the internet.

  • Availability Domains

    It is best practice to architect your application for high availability using availability domains. The availability domains within the same region are connected to each other by a low latency, high bandwidth network. However, the latency between components within an availability domain will be lower that than between availability domains due to the distances involved. You need to take this into account when placing components within your architecture.

  • Remote Peering

    When setting up a DR environment it is typical to do this between different regions. The best practice for connection the 2 regions is to setup a VCN within each region and connect them via a remote peering gateway. Traffic between the 2 VCNs will flow over the Oracle backbone between the 2 regions. This is a high speed interconnect provided by Oracle which is shared by all tenancies. The latency between the 2 regions depends primarily on the distance between the 2 regions being peered.

  • IPSec Tunnel (VPN)

    If you need to connect securely to your cloud environment, 1 option is to use an IPSec tunnel. Typically, the IPSec tunnel traverses the internet. The speed and latency of the connection depends on a number of factors. The speed and reliability of internet path the traffic is traversing is a primary factor. A secondary factor is the performance and scalability of the customer equipment at one end of the IPSec tunnel. A third consideration is the fact that it takes time to encrypt and decrypt the traffic when using an IPSec tunnel so this will reduce overall network performance by a factor.

  • FastConnect

    A dedicated connectivity to your on-premises data center. If you require reliable consistent network performance, choose FastConnect over VPN solutions. FastConnect comes in two forms. If you need to extend your data center to the cloud, FastConnect private peering allows you to add the VCN(s) in your tenancy to your on-premise network. If you need to access publicly available OCI end points then FastConnect public peering provides this feature.

Learn About the Impact of Stateful Security Lists

Network Architect, Security Architect

Security lists contain stateless and stateful rules. Use stateless rules where you expect to have large number of connections to avoid performance impact due to connection tracking. For example, use stateless rules for external facing components.

Learn About and Leverage SSL Termination Features

Network Architect, Infrastructure Architect, Security architect

Oracle Cloud Infrastructure Load Balancing can handle incoming SSL traffic and pass the unencrypted request to a backend server. This can improve performance. Oracle Cloud Infrastructure load balancers can route traffic to multiple backends to provide elasticity to your application.

Choose a Region Location Based On Networking Requirements

Network Architect, Infrastructure Architect,Cloud Architect

Oracle Cloud Infrastructure services are offered globally in multiple, geographically distant regions. Select a region that enables you to fulfill your network requirements.

Use Traffic Steering When Serving a Global Audience

Cloud Architect, Infrastructure Architect, Cloud Architect

If your workload is deployed in different geographic regions you should consider using Traffic Steering policies to direct your end user to the closest region and thereby minimizing the latency.

Learn About Networking Metrics

Network Architect, Infrastructure Architect, DevOps Architect

Use data to analyze and make informed decisions about optimizing your network configuration. The Monitoring service provides several networking-related metrics.

Use Global Health Checks to Monitor Your Workload

Infrastructure Architect, Cloud Architect, DevOps Architect

Oracle Cloud Infrastructure (OCI) provides health check functionality that can be deployed to global vantage points outside of the OCI regions. This can be used to continuously capture response time and latency metrics providing a view into end user performance.

Learn More