Oracle Cloud Infrastructure Documentation

Configure

This topic explains the steps required to configure connectivity between the Application and Oracle Database@Google Cloud.

  1. Configure Network Security Group Rules
  2. Configure DNS Resolution

Configure Network Security Group Rules

This topic explains the steps required to configure Network Security Group rules. .

To connect from an application on a different network (in the cloud or on-premises), validate the CIDR in the client subnet's NSG and add an ingress rule if needed.

These are the steps to update OCI NSG:
  1. From the OCI Console, select Oracle AI Database and then select Oracle Exadata Database Service on Dedicated Infrastructure.
  2. From the left menu, select Exadata VM Clusters and then select an Exadata VM Cluster that you are using.
  3. From the VM Cluster information tab, navigate to Networking section, and then select Client network security groups.This screenshot shows how to navigate to NSG.
  4. Edit the security rules to allow connection from the clients in the cloud or on-premises.This screenshot shows how to edit NSG rules.

Configure DNS Resolution

This topic explains how to implement advanced DNS resolution use cases from Google Cloud to OCI and configure DNS forwarding from OCI to Google Cloud.

Prerequisites

  1. Review the DNS section covering the default configuration.
  2. Obtain the following information:
    • Define the domain name or delegated sub-domain for the database resources.
    • Obtain the DNS server IP address in GCP or on-premises.
    • Ensure that the ODB Network and VPC have connectivity to the listener or DNS server.
  • Note

    The following use cases are covered:
    1. Creating a custom domain in Google Cloud and a CNAME to the default domain name.
    2. Creating DNS peering to resolve domain names from a different VPC.
    1. Create a CNAME Custom Domain Name

      To use a canonical name, for example during database migrations, you can configure a CNAME to point to the default domain name. This option is supported for Oracle Exadata Database Service on Dedicated Infrastructure, Oracle Exadata Database Service on Exascale Infrastructure, and Oracle Base Database Service in Oracle Database@Google Cloud.

      By default, the DNS forwarder is created for Oracle Database resource names. You can create a CNAME record in your Google Cloud DNS private zone that points to the database’s FQDN.

      By default, the DNS forwarder is created for Oracle Database resource names. You can create a CNAME record in your Google Cloud DNS private zone that points to the database’s FQDN.

      For example, to create a scan-dns subdomain such as scan-dns.mydomain.local in Google Cloud DNS, create a CNAME record set that points to the canonical name of the database (*.oraclevcn.com).

      Prerequisite:

      These are the steps to obtain Hostname domain name from the OCI console :
      1. From the Google Cloud Console, select Dedicated Infrastructure and then select the Exadata VM Clusters tab.
      2. From the list, select your Exadata VM Cluster that you are using.
      3. Select the Manage in OCI button to open your Exadata VM Cluster in OCI.
      4. From the VM Cluster information tab, note the Hostname domain name which displays the fully qualified domain name (FQDN).
      This screenshot shows how to obtain the hostname domain name
      These are the steps to create a custom domain name in Google Cloud DNS and CNAME to the default oraclevcn.com domain.
      1. From the Google Cloud Console, select Network Services.
      2. From the left menu, select Cloud DNS.This screenshot shows how to create zone.
      3. Select the + Create zone button and complete the following substeps:
        1. Select the Private option as Zone type.
        2. Enter a zone name in the Zone name field to match with your custom domain name. The Zone name must be lowercase letters, numbers, and hyphens. Do not use any spaces.
        3. Enter your DNS name. This field is required.
        4. The Description field is optional.
        5. From the Options dropdown list, select the Default (private) option.
        6. Select the Add networks button, and then select your Project and Networks.
          gcloud dns --project=XXXX managed-zones create mydomain-local --description="" --dns-name="mydomain.local." --visibility="private" --networks="https://compute.googleapis.com/compute/v1/projects/XXX/global/networks/demo-vpc-01"
        This screenshot shows how to create zone.
      4. Select the Add standard button and complete the following substeps:
        1. From the Create record set page, enter scan-dns in the DNS name field.
        2. From the Resource record type dropdown list, select the CNAME option.
        3. Select minutes from the TTL dropdown list.
        4. Provide the FQDN information in the Canonical name 1 field followed by a period. See the Prerequisites section to obtain your FQDN information. For example: exa-vm-01-izuuo-scan.yykrhpnoxd.v1217cd62.oraclevcn.com.
        5. Review your information, and then select the Create button. As a result, DNS resolution returns the CNAME record and forwards traffic through the default DNS forwarder.
        This screenshot shows how to create record set.
    2. Create Google DNS Zone Peering

      Using multiple VPCs or projects can increase DNS complexity. To resolve database resources from multiple VPCs, configure DNS peering to allow clients in different VPCs or projects to resolve hostnames directly from Google Cloud DNS.

      Configure Cloud DNS peering to access Oracle Database@Google Cloud resources across VPCs. By default, the Cloud DNS forwarding zone is configured when an Oracle Database@Google Cloud instance is deployed.

      To resolve Oracle Database resources from multiple VPCs, create a private DNS zone with DNS peering to query the same resolver for a forwarding zone in another VPC.

      Prerequisite:

      These are the steps to obtain Hostname domain name from the OCI console :
      1. From the Google Cloud Console, select Dedicated Infrastructure and then select the Exadata VM Clusters tab.
      2. From the list, select your Exadata VM Cluster that you are using.
      3. Select the Manage in OCI button to open your Exadata VM Cluster in OCI.
      4. From the VM Cluster information tab, note the Hostname domain name which displays the fully qualified domain name (FQDN).
      This screenshot shows how to obtain the hostname domain name
      These are the steps to configure a private Cloud DNS peering zone.
      1. From the Google Cloud Console, select Network Services.
      2. From the left menu, select Cloud DNS, and then select the + Create zone button.
        1. Select the Private option as Zone type.
        2. Enter a zone name in the Zone name field to match with your custom domain name. The Zone name must be lowercase letters, numbers, and hyphens. Do not use any spaces.
        3. Enter your DNS name suffix for the private zone. All records in the zone share the suffix such as example.private.
        4. The Description field is optional.
        5. From the Options dropdown list, select the DNS peering option.
        6. Select the Networks where the private zone is available.
        7. From the Peer project dropdown list, select your peer project.
        8. From the Peer network dropdown list, select your peer network.
        9. Review your information, and then select the Create button. This creates an additional DNS peering zone in the peered VPC, which forwards queries to the OCI VCN resolver.
        This screenshot shows how to create DNS zone.
  • Note

    The following use cases are covered:
    1. Forwarding DNS resolution to Google Cloud.
    2. Creating a custom zone and records.
    Both use cases are mutually exclusive. The private DNS system evaluates DNS requests in the following sequence:
    1. Private views (zones)
    2. Rules
    3. Internet

    Attached views are evaluated first, in the order they are configured. The default view is evaluated next, unless it is included in the list of attached views. A match in the sequence ends the resolution, even if the match results in an NXDOMAIN. For more information, see DNS and Traffic Management.

    1. Forward DNS to Google Cloud

      The topic explains how to resolve a private host zone hosted in Google Cloud from Oracle Database@Google Cloud.

      1. Forward OCI DNS to Google Cloud
        1. Create inbound forwarding in Google Cloud.
          1. gcloud dns policies create mydomain --description="DNS resolution" --networks=poc-oracle-vpc --enable-inbound-forwarding
        2. Note the IP of the endpoint.
      2. Create OCI DNS forwarder and domain rule
        1. From the Google Cloud Console, select Dedicated Infrastructure and then select the Exadata VM Clusters tab.
        2. From the list, select your Exadata VM Cluster that you are using.
        3. Select the Manage in OCI button to open your Exadata VM Cluster in OCI.
        4. Select the VM Cluster information tab and then navigate to Network section.
        5. Under the Network section, select the Virtual cloud network link which opens the Virtual cloud networks page.This screenshot shows how to navigate to VCN link.
        6. Select the Details tab, and then select the DNS Resolver link.This screenshot shows how to navigate to DNS Resolver link.
        7. From the Private resolvers page, you can view the details of your private resolver.
        8. Select the Endpoints tab, and then select the Create endpoint button.
          1. Enter a unique Name for the endpoint.
          2. Select the subnet compartment from the dropdown list.
          3. Select the Subnet of the VCN from the dropdown list.
          4. Choose a policy type as Forwarding.
          5. Enter a forwarding IP address in the subnet if required.
          6. Toggle the switch to enable the use of network security groups for traffic control.
          7. Select the Network security group compartment from the dropdown list.
          8. Select a Network security group from the dropdown list.
          9. After filling in all required fields, select the Create endpoint button to complete the process.
          This screenshot shows how to create endpoint.
        9. From the Virtual cloud networks page, select the Security rules tab to add an egress rule that allows outgoing traffic from the endpoint to the Google Cloud inbound forwarding IP. Select the Add rules button and complete the following substeps:
          1. Leave the Stateless checkbox is unselected.
          2. Select the Egress option as Direction.
          3. Set the Destination Type as CIDR.
          4. Set the Destination CIDR as 0.0.0.0/0.
          5. Select your IP Protocol as UDP.
          6. Select the Source Port Range as All.
          7. Enter the Destination Port Range as 53.
          8. Enter a description.
          This screenshot shows how to create security rules.
        10. From the left menu, select DNS management, select Private resolvers.
        11. Select the Rules tab. This screenshot shows how to create a rule.
        12. To create a rule, complete the following substeps:
          1. From the Rule condition dropdown list, select Domains.
          2. From the Domains dropdown list, select mydomain.local.
          3. The Rule action is set to Forward.
          4. Select the Source endpoint as FWD_to_GCP.
          5. Enter the Destination IP address. The Destination IP address is the inbound query forwarding IP created in the policy rule. See the step 1b.
          6. Choose the First rule in list option as Position.
          7. Select the Add rule button.
          This screenshot shows how to create a rule.
    2. Resolution to OCI DNS

      This topic explains how to create a custom zone and records to resolve resources hosted in Google Cloud or on-premises.

      These are the steps to resolve DNS within OCI DNS.
      1. From the Google Cloud Console, select Dedicated Infrastructure and then select the Exadata VM Clusters tab.
      2. From the list, select your Exadata VM Cluster that you are using.
      3. Select the Manage in OCI button to open your Exadata VM Cluster in OCI.
      4. Select the VM Cluster information tab, and then navigate to Network section to view your Virtual cloud networks details.This screenshot shows how to navigate to VCN link.
      5. From the OCI console, navigate to Networking and then select DNS management.
      6. From the left menu, select the Private views and then select the private DNS view form the list that you are using.This screenshot shows how to create private zone.
      7. Select the Private zones tab, and then select the Create zone button.
        1. Enter Primary as Zone type.
        2. Enter a zone name. For example: mycompany.local.
        3. Select the compartment.
        4. The Tags section is optional.
        5. Review your information and then select the Create button.
        This screenshot shows how to create private zone.
      8. Select the private zone that you are using and then select the Records tab. This screenshot shows how to create records.
      9. To edit your records, select the Manage records button and then select the Add record button.
        1. Enter a name for the record.
        2. Select the record type as A - IPv4 address from the dropdown list.
        3. Enter the TTL in seconds value.
        4. Choose the Basic option as RDATA mode.
        5. Enter the IPv4 address for the record.
        6. Select Save changes to complete the record creation or modification.
        This screenshot shows how to add or edit the record.

    The Oracle Database@Google Cloud resource can resolve custom resources.