Important Terminology – BMH (Bare Metal Host),Regions, AD (Availability Domains)
REALM (logical collection of Regions),Tenancy (a private virtual zone when we sign up for OCI, where we can create and manage our infra which is Isolated to others)
Compartment - Compartments allow you to organize and control access to your cloud resources. A compartment is a collection of related resources (such as instances, virtual cloud networks, block volumes) that can be accessed only by certain groups that have been given permission by an administrator. A compartment should be thought of as a logical group and not a physical container. When you begin working with resources in the Console, the compartment acts as a filter for what you are viewing. When you sign up for Oracle Cloud Infrastructure, Oracle creates your tenancy, which is the root compartment that holds all your cloud resources. You then create additional compartments within the tenancy (root compartment) and corresponding policies to control access to the resources in each compartment. When you create a cloud resource such as an instance, block volume, or cloud network, you must specify to which compartment you want the resource to belong. Ultimately, the goal is to ensure that each person has access to only the resources they need. (source is Oracle Cloud docs website)Basic Networking
192.168.5.0/24 ---> 192.168.5.0(NID) - 192.168.5.255(BID)
/24 means the network bits which are logical 1's so if we expand - 11111111.11111111.11111111.00000000 0's are the host bits that can be accumulated in the given subnet
Network Bits Calculation -
128 64 32 16 8 4 2 1 --> 27 26 25 24 23 22 21 20
now lets assume a subnet 192.168.5.0/25 so to calculate the subnet mask we see the network bits, these are -
11111111.11111111.11111111.10000000
Now consider the values as per this range -
128 64 32 16 8 4 2 1 --> 27 26 25 24 23 22 21 20
So Subnet mask will be
255.255.255.128 (if we add all values we get 255, here we just borrowed one network bit so last octate will be 128 as per formula of 27)
As per RFC 1918 - valide local IP Ranges are
10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/24OCN VCI Range is from 16 to 30
VCN Spacs multiple ADs within an Region
VCN is subdivided into SUBNETS and Subnet is AD specific
Subnet can be private or public (public subnet has both public and private IP addresses)
There can be only one Internet Gateway per VCN that further require the defined route to allow the traffic flow
Route Table is used to send traffic to out side of the Subnet
Each Subnet uses a Single Route Table
No Route table are required within the VCN itself, that means traffic is allowed
Gateways -
NAT Gateways - without assigning public IP we can define a outbound connection to Internet but no inbound traffic is allowed
There can be multiple NAT Gateways within VCN but one subnet can route traffic to one NAT Gateway only
Service Gateway - is used to connect to OCI ineternal service like block storage so it does not go through the internet but through the Oracle's backend febric connection.
Dynamic Routing Gateway - DRG is a virtual router which helps t route traffic between VCN and remote network like custmoer primises on a private network i.e VPN Tunnel based on IPSEC or FASTCONNCET
There can be one DRG per VCN and can attach one DRG to VCN
DRG is further connected to Customer Premises Equipment (CPE)IPSEC
- create vcn --> drg --> attacg drg to vcn --> update vcn router to route traffic to drg --> create cpe object and add on-prem router ip --> from drg create an ipsec connection between cpe and drg and also add static route --> finally configure cpe router to allow the traffic
