This image shows an OCI region with an availability domain and three fault domains. The region contains a VCN with an internet gateway and a NAT gateway.

The VCN contains three subnets:

• Public Subnet A with a VTAP enabled Load Balancer-as-a-Service (LBaaS) (layer 7, proxy load balancer).
• Private Subnet B with the following components. Each component has VTAP enabled.
  • VNICs from application servers that the load balancer is directing traffic to
  • Exadata clusters
  • DBaaS systems
  • Autonomous databases accessed via private endpoint (PE)
• The captured traffic from each VTAP is directed to a Network Load Balancer (layer 4, non-proxy load balancer) with backend hosts in a separate Private Subnet C with backend hosts which have the Wireshark packet analyzer software installed.

A Bastion Service allows the user to access the backend hosts. Each subnet has a security list and a route table.