In this blog post, I am going to cover all the OCI Gateways Networking such as
A Gateway is a network component that allows data to flow from one network to another. Gateways serve as an entry and exit point for a network as all data going outside of a network must pass through it. As the name suggests it acts as a gate between two networks.
Before starting, let’s have a brief introduction about Networking in OCI.
Overview of Networking in OCI
Working with Oracle Cloud Infrastructure, the very first thing you setup is a Virtual Cloud Network (VCN). A typical OCI networking environment has the following components:
- Virtual Cloud Network (VCN): Software-defined version of a traditional physical network including subnet, route tables, and gateways – on which your instances run.
- Subnet: A subnet could be a public or private subnet.
- Route Table: Route tables are used to send traffic outside VCN (Internet, On-premise, other Peered VCN)
- Security List: Common Set of firewall rules associated with a subnet and applies to all compute instances in that subnet.
- Network Security Group: A virtual firewall to control the type of traffic allowed in and out of resources (like Compute, Database, Load Balancer) in VCN
- Internet Gateway: Internet Gateway provides a path for network traffic between VCN & Internet.
- Dynamic Routing Gateway: DRG provides private traffic between VCN and destinations other than the internet (On-Premise or other VCNs)
- Load Balancer: Load Balancer helps in automating traffic distribution from one entry point to multiple servers in VCN
Read our blog to know more about Networking In Oracle Cloud (OCI): VCN, Subnet, Gateways, Peering, Transit Routing
Now let’s discuss all the gateways one-by-one.
OCI Internet Gateway
Internet Gateway is used to access the internet from a VCN (say, network) in Oracle Cloud Infrastructure. It supports connections initiated from within the VCN (egress) and connections initiated from the internet (ingress).
Key points to note:
- Resources that need to connect to the Internet must be in a public subnet and have a public IP address.
- Each public subnet that needs to use the internet gateway must have a route table rule that specifying Internet Gateway as the target.
- Specify Security rules to control the types of traffic allowed in and out of resources in that subnet
- A VCN can be attached to only one Internet Gateway at a time.
Read this to get the details of what free Oracle Cloud certifications are available for FREE & how you can book them.
How to Create an Internet Gateway?
1. Go to Console, Click on the VCN for which you want to create the Internet Gateway. Click Internet Gateways.
2. Enter a Name and select the Compartment and then click on Create Internet Gateway.
Read More: About Oracle Command Line Interface. Click here
What is a OCI NAT Gateway
A NAT Gateway is used to provide resources without public IP addresses, access to the Internet without exposing these resources to the incoming internet connections.
Key points to note:
- NAT gateway is added to give instances in private subnet access to the internet.
- With the NAT gateway, these instances can initiate connections to the internet and receive responses, but they are not able to receive any incoming connections initiated from the internet.
- NAT gateways are highly available and support TCP, UDP, and ICMP ping traffic.
Check Out: Oracle Virtual Networking
How To Create A NAT Gateway?
1. Go to Console, Click on the VCN for which you want to create the NAT Gateway. Click NAT Gateways.
2. Enter a friendly name, a compartment, and specify whether the public IP address is reserved or ephemeral.
Read More: Oracle OCI Storage Gateway
OCI Service Gateway
A service gateway gives resources in your VCN and on-premises network, private access to multiple Oracle services within OCI without the traffic going over the internet. Any traffic from your VCN that is destined for one of the supported public services uses the instance’s private IP address for routing, travels over the Oracle Cloud Infrastructure network fabric, and never traverses the internet.
Key points to note:
- A Service Gateway is regional.
- Service Gateway provides the private subnet with private access to supported Oracle services within the region. Connections can be initiated only from the subnet.
- The service gateway allows access to supported Oracle services within the region to protect your data from the internet.
Read More: About Oracle Cloud Infrastructure Tagging. Click here
How to Create a OCI Service Gateway?
1. In the Console, click on the VCN for which you want to create the Service Gateway. Click on Service Gateway.
2. Enter a friendly name, select a compartment, and select appropriate services.
Dynamic Routing Gateway
A Dynamic Routing Gateway (DRG) is used to connect to your existing on-premises network to your VCN. A DRG provides a single point of entry for remote network paths coming into VCN. It provides a path for VCNs to communicate across regions or outside the region to On-premise. Each VCN can have a single DRG.
Use cases of DRG:
- A DRG is used while connecting from a non-prem environment to the VCN using any one or both of these:
- IPSec VPN
- FastConnect
- A DRG is also used while peering two VCNs in different regions: Remote VCN Peering
Read: IPSec VPN and FastConnect
How to Create DRG?
1. Open the navigation menu. Go to Networking and click Dynamic Routing Gateways. Click on Create Dynamic Routing Gateways.
2. Select a compartment and enter a friendly name. Then click on Create Dynamic Routing Gateways.
In our OCI Architect Associate[1Z0-1072] Certification training, we have covered all the gateways in detail along with the complete hands-on lab required to implements these in Oracle Cloud.
To know about all the hands-on labs required to implement these gateways and to clear the certification read our blog Oracle Cloud Infra Architect Certification 1Z0-1072: Step by Step Hands-On Guides To Clear Exam
Related/Further Readings
- Virtual Networking (VCN) Quickstart In Oracle Cloud (OCI)
- Network Security Groups (NSGs) Vs. Security List (SL): When to use What?
- Transit Routing: Access To Multiple VCNs From On-Premise
- [Video 3 of 5] Oracle Cloud: Create VCN, Subnet, Firewall (Security List), IGW, DRG: Step By Step
- [Video 4 of 5] What Is Load Balancer In Oracle Cloud (OCI) & How To Create: Step By Step
- [Q/A] Oracle Cloud Infrastructure Architect Training Day 3: Networking (VCN, Subnets, Gateways, Route Tables, Security List)
- OCI Regions & OCI Availability Domain
- IAM In OCI – User, Groups, Compartment, Policy, Tags, Federation & MFA
- Storage In Oracle Cloud (OCI)
- Oracle Cloud (OCI): How To Recover SSH Keys In Compute Instance
Begin Your Cloud Journey
Begin your journey towards becoming an Oracle Cloud Expert and earn a lot more in 2024 by joining our FREE CLASS. You will also know more about the Roles and Responsibilities, Job opportunities for OCI Architects and admins in the market, and what to study Including Hands-On labs you must perform to get the Higher Paying jobs.
Click on the below image to Register for Our FREE CLASS on MASTERING ORACLE CLOUD FOR DBAs, APPs DBAs, ARCHITECTS & SYS ADMINS
Jere Jr says
Excelente conteúdo!!!
Está de parabéns!!!!
Muito bom!
Sanjana Gupta says
Hi Jere,
We are glad you liked our blog.
Stay tuned for a more informative blogs like these.
Thanks and Regards
Sanjana
Team K21Academy