SlideShare una empresa de Scribd logo

Konfigurace sítí v Oracle Cloudu

MarketingArrowECS_CZ
MarketingArrowECS_CZ

This document provides an overview of Oracle Cloud Infrastructure Virtual Cloud Networks. It begins with a safe harbor statement and objectives. It then defines CIDR notation and how IP addresses are allocated in VCNs. It describes different gateway types like internet, NAT, and dynamic routing gateways. It also covers concepts like routing, peering within and between regions, and putting the various VCN components together. The document is intended to outline Oracle's VCN product direction at a high-level for informational purposes.

Tecnología
1 de 46
Descargar para leer sin conexión
Rohit Rahi Oracle Cloud Infrastructure November, 2019 Virtual Cloud Network Level 100 © 2019 Oracle
Safe harbor statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, timing, and pricing of any features or functionality described for Oracle’s products may change and remains at the sole discretion of Oracle Corporation. 2 © 2019 Oracle
Objectives • Virtual Cloud Network (VCN) basics • IP addresses • Gateways and Routing • Peering • Transit Routing • Security • Putting it all together!
CIDR 4 © 2019 Oracle
• CIDR (classless inter-domain routing) notation • IP addresses are described as consisting of two groups of bits in the address: the most significant bits are the network prefix, which identifies a whole network (or subnet), and the least significant set forms the host identifier, which specifies a particular interface of a host on that network • An IP address has two components, the network address and the host address: <network> <host> • A subnet mask separates the IP address into the network and host addresses (<network><host>). Subnetting further divides the host part of an IP address into a subnet and host address (<network><subnet><host>) • Subnet Mask is made by setting network bits to all "1"s and setting host bits to all "0"s. Within a given network, two host addresses cannot be assigned to hosts. The "0" address is assigned a network address and "255" is assigned to a broadcast address • Notation is constructed from an IP address, a '/' character, and a decimal number. xxx.xxx.xxx.xxx/n, where n is the number of bits used for subnet mask. E.g. 192.168.1.0/24 • Examples of commonly used netmasks for classed networks are 8-bits (Class A), 16-bits (Class B) and 24-bits (Class C) CIDR Basics
192.168.1.0/24 would equate to IP range: 192.168.1.0 – 192.168.1.255 • 128 64 32 16 8 4 2 1 -> 27 26 25 24 23 22 21 20 • 192 is represented as 1 1 0 0 0 0 0 0 192.168.1.0/27 would equate to IP range: 192.168.1.0 – 192.168.1.31 • Now same network divided in 8 subnets with 32 hosts each due to the /27 mask (255.255.255.224) • Subnets – 2 x 2 x 2 = 8. Hosts – 2 x 2 x 2 x 2 x 2 = 32 • Subnetworks – 192.168.1.0/27, 192.168.1.32/27, 192.168.1.64/27… CIDR Basics 1 1 0 0 0 0 0 0 1 0 1 0 1 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 1 0 1 0 1 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 192.168.1.0 Logical AND /24 subnet mask 1 1 0 0 0 0 0 0 1 0 1 0 1 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 1 1 0 0 0 0 0 0 1 0 1 0 1 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 192.168.1.0 Logical AND /27 subnet mask
Virtual Cloud Network Intro 7 © 2019 Oracle
• A private network that you set up in the Oracle data centers, with firewall rules and specific types of communication gateways that you can choose to use • A VCN covers a single, contiguous IPv4 CIDR block of your choice • A VCN resides within a single region Virtual Cloud Network (VCN)
IP address range for your VCN 10.0.0.0/16 Recommended RFC 1918 Range Recommended /16 size (65,536 IP addresses) Avoid IP ranges that overlap with other on-premises or other cloud networks • Use private IP address ranges specified in RFC 1918 (10.0.0.0/8, 172.16/12, 192.168/16) • Allowable OCI VCN size range is from /16 to /30 • VCN reserves the first two IP addresses and the last one in each subnet's CIDR
ORACLE CLOUD DATA CENTER REGION AVAILABILITY DOMAIN-1 Subnet AVAILABILITY DOMAIN-3 AVAILABILITY DOMAIN-2 SUBNET D 10.0.4.0/24 SUBNET C, 10.0.3.0/24 Each VCN network is subdivided into subnets • Each subnet can be AD-specific or Regional (recommended) • AD specific subnet is contained within a single AD in a multi-AD region • Regional subnet spans all three ADs in a multi-AD region • Each subnet has a contiguous range of IPs, described in CIDR notation. Subnet IP ranges cannot overlap VCN, 10.0.0.0/16 SUBNET B, 10.0.2.0/24 SUBNET A, 10.0.1.0/24
ORACLE CLOUD DATA CENTER REGION AVAILABILITY DOMAIN-1 Subnet AVAILABILITY DOMAIN-3 AVAILABILITY DOMAIN-2 SUBNET D 10.0.4.0/24 SUBNET C, 10.0.3.0/24 VCN, 10.0.0.0/16 SUBNET B, 10.0.2.0/24 SUBNET A, 10.0.1.0/24 • Instances are placed in subnets and draw their internal IP address and network configuration from their subnet • Subnets can be designated as either • Private (instances contain private IP addresses assigned to VNICs) • Public (contain both private and public IP addresses assigned to VNICs) • VNIC is a component that enables a compute instance to connect to a VCN. The VNIC determines how the instance connects with endpoints inside and outside the VCN
IP Addresses 12 © 2019 Oracle
Private IP Addresses • Each instance in a subnet has at least one primary private IP address • Instances ≥ 2 VNICs (additional VNICs called secondary VNICs) • Each VNIC has one primary private IP; can have additional private IPs called secondary private IPs • A private IP can have an optional public IP assigned to it Instance Primary VNIC • Primary private IP address • Secondary private IP, #1, #2…#31 Secondary VNIC • Primary private IP address • Secondary private IP, #1, #2…#31SUBNET A, 10.0.1.0/24 VCN, 10.0.0.0/16
VNIC1 • Every VM has one primary VNIC created at launch, and a corresponding Ethernet device on the instance with the IP address configuration of the primary VNIC • When a secondary VNIC is added, new Ethernet device is added and is recognized by the instance OS VM1 - single VNIC instance VM2 - connected to two VNICs from two subnets within the same VCN. Used for virtual appliance scenarios VM3 - connected to two VNICs from two subnets from separate VCNs. Used to connect instances to a separate management network for isolated access Multiple VNICs on virtual machines ORACLE CLOUD INFRASTRUCTURE (REGION) Availability Domains AD1/AD2/AD3 Subnet A 10.0.0.0/24 VCN Subnet X 172.16.0.0/24 VM1 VM2 Subnet B 10.0.1.0/24 VNIC2 VNIC3 VNIC5 VM3 VNIC4 primaryprimaryprimary
Public IP • Public IP address is an IPv4 address that is reachable from the internet; assigned to a private IP object on the resource (Instance, load balancer) • Possible to assign a given resource multiple public IPs across one or more VNICs Instance Primary VNIC • Primary private IP address, public IP address • Secondary private IP, #1, public IP address Secondary VNIC • Primary private IP address • Secondary private IP, #1, #2…#31SUBNET A, 10.0.1.0/24 VCN, 10.0.0.0/16
Public IP Addresses • Public IP types: Ephemeral and Reserved • Ephemeral: temporary and existing for the lifetime of the instance • Reserved: Persistent and existing beyond the lifetime of the instance it's assigned to (can be unassigned and then reassigned to another instance) • Ephemeral IP can be assigned to primary private IP only (hence, only 1 per VNIC v/s a max 32 for Reserved IP) • No charge for using Public IP, including when the Reserved public IP addresses are unassociated • Public IP assigned to • Instance (not recommended in most cases) • Oracle provided; cannot choose/edit, but can view • OCI Public Load Balancer, NAT Gateway, DRG - IPSec tunnels, OKE master/worker • Oracle provided; cannot choose/edit/view • Internet Gateway, Autonomous Database
Gateways and Routing 17 © 2019 Oracle
ORACLE CLOUD DATA CENTER REGION Availability Domain – AD1 SUBNET A, 10.0.1.0/24 VCN, 10.0.0.0/16 Internet Gateway Internet gateway provides a path for network traffic between your VCN and the internet You can have only one internet gateway for a VCN After creating an internet gateway, you must add a route for the gateway in the VCN's Route Table to enable traffic flow Internet Instance with public IP Regional Public Subnet Internet Gateway
ORACLE CLOUD DATA CENTER REGION Availability Domains – AD1 SUBNET A, 10.0.1.0/24 VCN, 10.0.0.0/16 Route Table Internet Regional Public Subnet Internet Gateway Destination CIDR Route Target 0.0.0.0/0 Internet Gateway Route Table All traffic destined for Internet Gateway Consists of a set of route rules; each rule specifies • Destination CIDR block • Route Target (the next hop) for the traffic that matches that CIDR Route Table is used to send traffic out of the VCN
ORACLE CLOUD DATA CENTER REGION Availability Domains – AD1 SUBNET A, 10.0.1.0/24 VCN, 10.0.0.0/16 Route Table Regional Public Subnet Internet Gateway Route Table Destination CIDR Route Target 0.0.0.0/0 Internet Gateway 10.0.0.0/16 local • Each subnet uses a single route table specified at time of subnet creation, but can be edited later • Route table is used only if the destination IP address is not within the VCN's CIDR block • No route rules are required in order to enable traffic within the VCN itself • When you add an internet gateway, NAT gateway, service gateway, dynamic routing gateway or a peering connection, you must update the route table for any subnet that uses these gateways or connections
ORACLE CLOUD DATA CENTER REGION Availability Domains – AD1 SUBNET A, 10.0.1.0/24 VCN, 10.0.0.0/16 Regional Private Subnet NAT Gateway Hosts can initiate outbound connections to the internet and receive responses, but not receive inbound connections initiated from the internet. Use case: updates, patches) You can have more than one NAT gateway on a VCN, though a given subnet can route traffic to only a single NAT gateway Internet NAT gateway gives an entire private network access to the internet without assigning each host a public IP address Destination CIDR Route Target 0.0.0.0/0 NAT Gateway Instance with private IP NAT Gateway
ORACLE CLOUD DATA CENTER REGION Availability Domains – AD1 SUBNET A, 10.0.1.0/24 VCN, 10.0.0.0/16 Regional Private Subnet Service Gateway Service gateway lets resources in VCN access public OCI services such as Object Storage, but without using an internet or NAT gateway Any traffic from VCN that is destined for one of the supported OCI public services uses the instance's private IP address for routing, travels over OCI network fabric, and never traverses the internet. Use case: back up DB Systems in VCN to Object Storage) Object Storage Service Gateway Destination CIDR Route Target Service CIDR Label Service Gateway Service CIDR labels represent all the public CIDRs for a given Oracle service or a group of Oracle services. E.g. • OCI <region> Object Storage • All <region> Services
ORACLE CLOUD DATA CENTER REGION Availability Domains – AD1 Dynamic Routing Gateway CUSTOMER DATA CENTER A virtual router that provides a path for private traffic between your VCN and destinations other than the internet You can use it to establish a connection with your on-premises network via IPsec VPN or FastConnect (private, dedicated connectivity) After attaching a DRG, you must add a route for the DRG in the VCN's route table to enable traffic flow DRG is a standalone object. You must attach it to a VCN. VCN and DRG have a 1:1 relationship Customer Premises Equipment (CPE) SUBNET B, 10.0.2.0/24 VCN, 10.0.0.0/16 Regional Private Subnet Destination CIDR Route Target 0.0.0.0/0 DRG
Peering 24 © 2019 Oracle
Local Peering (within region) VCN peering is the process of connecting multiple VCNs Local VCN peering is the process of connecting two VCNs in the same region so that their resources can communicate using private IP addresses A local peering gateway (LPG) is a component on a VCN for routing traffic to a locally peered VCN The two VCNs in the peering relationship shouldn’t have overlapping CIDRs ORACLE CLOUD DATA CENTER REGION VCN-1, 10.0.0.0/16 VCN-2, 192.168.0.0/16 LPG-1 LPG-2 Destination CIDR Route Target 192.168.0.0/16 LPG-1 Destination CIDR Route Target 10.0.0.0/16 LPG-2
OCI REGION PHX Remote Peering (across region) Remote VCN peering is the process of connecting two VCNs in different regions so that their resources can communicate using private IP addresses Requires a remote peering connection (RPC) to be created on the DRGs. RPC's job is to act as a connection point for a remotely peered VCN The two VCNs in the peering relationship must not have overlapping CIDRs Oraclebackbone OCI REGION ASH VCN-1, 10.0.0.0/16 VCN-2, 192.168.0.0/16 Destination CIDR Route Target 192.168.0.0/16 DRG-1 Destination CIDR Route Target 10.0.0.0/16 DRG-2
Summary of OCI network connectivity options Scenario Solution Let instances connect to the Internet, and receive connections from it Internet Gateway Let instances reach the Internet without receiving connections from it NAT Gateway Let VCN hosts privately connect to object storage, bypassing the internet Service Gateway Make an OCI extend an on-premise network, with easy connectivity in both directions IPsec VPN FastConnect Privately connect two VCNs in a region Local Peering Gateway Privately connect two VCNs in different regions Remote Peering Connection (DRG)
Transit Routing 28 © 2019 Oracle
Transit Routing: Hub and Spoke Transit Routing refers to set up in which an on- premises network uses a connected VCN to reach Oracle resources or services beyond that VCN. Two scenarios: • Access to multiple VCNs in the same region • Private access to Oracle services On-premises Network HUB VCN SPOKE VCN-2 SPOKE VCN-1 SPOKE VCN-3 Local Peerin g One of the VCNs acts as the Hub and connects to on- premises network. The other VCNs are locally peered with the Hub VCN. The traffic between the on- premises network and the peered VCNs transits through the Hub VCN. The VCNs must be in the same region but can be in different tenancies.
Transit Routing: Hub and Spoke On-premises Network HUB VCN SPOKE VCN-1 Local Peering Destination CIDR Route Target 192.168.0.0/16 LPG-1 172.16.0.0/12 DRG Destination CIDR Route Target 10.0.0.0/16 LPG-2 172.16.0.0/12 LPG-2 LPG-1 LPG-2 10.0.0.0/16 192.168.0.0/16 Destination CIDR Route Target 192.168.0.0/16 LPG-1 Destination CIDR Route Target 172.16.0.0/12 DRG 172.16.0.0/12 • A route table that is associated with a DRG can have only rules that target an LPG or a private IP • A route table that is associated with an LPG can have only rules that target a DRG or a private IP • DRG or LPG can exist without route table associated with it
Service Gateway-1 Transit Routing: private access to Oracle services On-premises Network HUB VCN ORACLE SERVICES NETWORK SPOKE VCN-1 SPOKE VCN-2 Object Storage On-premises network has private access to Oracle services in the Oracle Services Network. The hosts in the on- premises network communicate with their private IP addresses The on-premises network can reach the Oracle services only through a single VCN's service gateway (the one dedicated for this purpose, SG-1) and not through the service gateways of the other VCNs (SG-2,3). For those other VCNs, only the resources inside those VCNs can reach Oracle services through their VCN's service gateway. Service Gateway-2 Service Gateway-3
Security 32 © 2019 Oracle
Security List (SL) A common set of firewall rules associated with a subnet and applied to all instances launched inside the subnet • Security list consists of rules that specify the types of traffic allowed in and out of the subnet • To use a given security list with a particular subnet, you associate the security list with the subnet either during subnet creation or later. • Security list apply to a given instance whether it's talking with another instance in the VCN or a host outside the VCN • You can choose whether a given rule is stateful or stateless SUBNET A, 10.0.1.0/24 SUBNET B, 10.0.2.0/24 VCN, 10.0.0.0/16 Security List Security List SUBNET C, 10.0.2.0/24 Security List Direction CIDR Protocol Source Port Dest Port Stateful Ingress 0.0.0.0/0 TCP All 80 Stateful Egress 10.0.2.0/24 TCP All 1521
Network Security Group (NSG) A network security group (NSG) provides a virtual firewall for a set of cloud resources that all have the same security posture • NSG consists of set of rules that apply only to a set of VNICs of your choice in a single VCN • Currently, compute instances, load balancers and DB instances support NSG • When writing rules for an NSG, you can specify an NSG as the source or destination. Contrast this with SL rules, where you specify a CIDR as the source or destination • Oracle recommends using NSGs instead of SLs because NSGs let you separate the VCN's subnet architecture from your application security requirements SUBNET A, 10.0.1.0/24 VCN, 10.0.0.0/16 SUBNET B, 10.0.1.0/24 NSG-A NSG-B NSG-A Directio n CIDR Protocol Source Port Dest Port NSG-A Stateful Ingress 0.0.0.0/0 TCP All 80 NSG-B Stateful Ingress 0.0.0.0/0 TCP All 22
SL + NSG • You can use security lists alone, network security groups alone, or both together • If you have security rules that you want to enforce for all VNICs in a VCN: the easiest solution is to put the rules in one security list, and then associate that security list with all subnets in the VCN • If you choose to use both SLs and NSGs, the set of rules that applies to a given VNIC is the union of these items: • The security rules in the SLs associated with the VNIC's subnet • The security rules in all NSGs that the VNIC is in • A packet in question is allowed if any rule in any of the relevant lists and groups allows the traffic SUBNET A, 10.0.1.0/24 Security List 1 Security List 2 NSG-A NSG-B
Stateful Security Rules • Connection Tracking: when an instance receives traffic matching the stateful ingress rule, the response is tracked and automatically allowed regardless of any egress rules; similarly for sending traffic from the host • Default Security List rules are stateful Hosts in this group are reachable from the internet on Port 80
Stateless Security Rules • With stateless rules, response traffic is not automatically allowed • To allow the response traffic for a stateless ingress rule, you must create a corresponding stateless egress rule • If you add a stateless rule to a security list, that indicates that you do NOT want to use connection tracking for any traffic that matches that rule • Stateless rules are better for scenarios with large numbers of connections (Load Balancing, Big Data)
Default VCN, Internal DNS 38 © 2019 Oracle
Default VCN components Your VCN automatically comes with some default components • Default Route Table • Default Security List • Default set of DHCP options You can’t delete these default components; however, you can change their contents (e.g. individual route rules). And you can create more of each kind of component in your cloud network (e.g. additional route tables). ORACLE CLOUD DATA CENTER REGION AVAILABILITY DOMAIN-2AVAILABILITY DOMAIN-1 SUBNET A, 10.0.1.0/24 SUBNET B, 10.0.2.0/24 VCN, 10.0.0.0/16 Public SubnetPrivate Subnet Default RT Custom RT Default SL Custom SL
Internal DNS • The VCN Private Domain Name System (DNS) enables instances to use hostnames instead of IP addresses to talk to each other • Options: • Internet and VCN Resolver: default choice for new VCNs • Custom Resolver: lets instances resolve the hostnames of hosts in your on-premises network through IPsec VPN/FastConnect • Optionally specify a DNS label when creating VCN/subnets/instances • VCN: <VCN DNS label>.oraclevcn.com • Subnet: <subnet DNS label>.<VCN DNS label>.oraclevcn.com • Instance FQDN: <hostname>.<subnet DNS label>.<VCN DNS label>.oraclevcn.com • Instance FQDN resolves to the instance's Private IP address • No automatic creation of FQDN for Public IP addresses (e.g. cannot SSH using <hostname>.<subnet DNS label>.<VCN DNS label>.oraclevcn.com)
Putting it all together 41 © 2019 Oracle
VCN Review • Subnets can have one Route Table and multiple (5*) Security Lists associated to it • Route table defines what can be routed out of VCN • Private subnets are recommended to have individual route tables to control the flow of traffic outside of VCN • All hosts within a VCN can route to all other hosts in a VCN (no local route rule required) • Security Lists manage connectivity north-south (incoming/outgoing VCN traffic) and east-west (internal VCN traffic between multiple subnets) • OCI follows a white-list model (you must manually specify white listed traffic flows); By default, things are locked down • Instances cannot communicate with other instances in the same subnet, until you permit them to! • Oracle recommends using NSGs instead of SLs because NSGs let you separate the VCN's subnet architecture from your application security requirements
VCN Review Destination CIDR Route Target 0.0.0.0/0 Internet Gateway Type CIDR Protocol Source Port Dest Port Stateful Ingress 0.0.0.0/0 TCP All 80 Stateful Egress NSG-B TCP All 1521 Type CIDR Protocol Source Port Dest Port Stateful Ingress NSG-A TCP All 1521 Stateful Egress All All OCI REGION AVAILABILITY DOMAIN-1 VCN, 10.0.0.0/16 Backend, 10.0.2.0/24 Internet Frontend, 10.0.1.0/24 NSG-A NSG-B RT - Frontend RT - Backend Destination CIDR Route Target 0.0.0.0/0 NAT/ Service gateway /DRG Internet Gateway
Summary • Key Virtual Cloud Network (VCN) concepts Subnets, Route Table, Private IP, Public IP, Internal DNS • Gateways and Routing Internet Gateway, NAT Gateway, Service Gateway, Local and Remote Peering Transit Routing VPN, FastConnect (next module) VCN Security Security List, Network Security Groups
45 © 2019 Oracle Oracle Cloud always free tier: oracle.com/cloud/free/ OCI training and certification: https://www.oracle.com/cloud/iaas/training/ https://www.oracle.com/cloud/iaas/training/certification.html education.oracle.com/oracle-certification-path/pFamily_647 OCI hands-on labs: ocitraining.qloudable.com/provider/oracle Oracle learning library videos on YouTube: youtube.com/user/OracleLearning
Thank you

Recomendados

Benefity Oracle Cloudu (3/4): Compute
Benefity Oracle Cloudu (3/4): ComputeBenefity Oracle Cloudu (3/4): Compute
Benefity Oracle Cloudu (3/4): ComputeMarketingArrowECS_CZ
 
Oracle Cloud Infrastructure – Storage
Oracle Cloud Infrastructure – StorageOracle Cloud Infrastructure – Storage
Oracle Cloud Infrastructure – StorageMarketingArrowECS_CZ
 
Mastering OpenStack - Episode 11 - Scaling Out
Mastering OpenStack - Episode 11 - Scaling OutMastering OpenStack - Episode 11 - Scaling Out
Mastering OpenStack - Episode 11 - Scaling OutRoozbeh Shafiee
 
VMworld 2013: IBM Solutions for VMware Virtual SAN
VMworld 2013: IBM Solutions for VMware Virtual SAN VMworld 2013: IBM Solutions for VMware Virtual SAN
VMworld 2013: IBM Solutions for VMware Virtual SAN VMworld
 
Oracle VM 3.3 Overview
Oracle VM 3.3 OverviewOracle VM 3.3 Overview
Oracle VM 3.3 OverviewAmonra IT
 
EVO-RAIL 2.0 Overview Deck
EVO-RAIL 2.0 Overview DeckEVO-RAIL 2.0 Overview Deck
EVO-RAIL 2.0 Overview DeckErik Bussink
 
Red Hat Storage Day Boston - Why Software-defined Storage Matters
Red Hat Storage Day Boston - Why Software-defined Storage MattersRed Hat Storage Day Boston - Why Software-defined Storage Matters
Red Hat Storage Day Boston - Why Software-defined Storage MattersRed_Hat_Storage
 
XPDS16: High-Performance Virtualization for HPC Cloud on Xen - Jun Nakajima &...
XPDS16: High-Performance Virtualization for HPC Cloud on Xen - Jun Nakajima &...XPDS16: High-Performance Virtualization for HPC Cloud on Xen - Jun Nakajima &...
XPDS16: High-Performance Virtualization for HPC Cloud on Xen - Jun Nakajima &...The Linux Foundation
 

Recomendados

Benefity Oracle Cloudu (3/4): Compute
Benefity Oracle Cloudu (3/4): ComputeBenefity Oracle Cloudu (3/4): Compute
Benefity Oracle Cloudu (3/4): ComputeMarketingArrowECS_CZ
 
Oracle Cloud Infrastructure – Storage
Oracle Cloud Infrastructure – StorageOracle Cloud Infrastructure – Storage
Oracle Cloud Infrastructure – StorageMarketingArrowECS_CZ
 
Mastering OpenStack - Episode 11 - Scaling Out
Mastering OpenStack - Episode 11 - Scaling OutMastering OpenStack - Episode 11 - Scaling Out
Mastering OpenStack - Episode 11 - Scaling OutRoozbeh Shafiee
 
VMworld 2013: IBM Solutions for VMware Virtual SAN
VMworld 2013: IBM Solutions for VMware Virtual SAN VMworld 2013: IBM Solutions for VMware Virtual SAN
VMworld 2013: IBM Solutions for VMware Virtual SAN VMworld
 
Oracle VM 3.3 Overview
Oracle VM 3.3 OverviewOracle VM 3.3 Overview
Oracle VM 3.3 OverviewAmonra IT
 
EVO-RAIL 2.0 Overview Deck
EVO-RAIL 2.0 Overview DeckEVO-RAIL 2.0 Overview Deck
EVO-RAIL 2.0 Overview DeckErik Bussink
 
Red Hat Storage Day Boston - Why Software-defined Storage Matters
Red Hat Storage Day Boston - Why Software-defined Storage MattersRed Hat Storage Day Boston - Why Software-defined Storage Matters
Red Hat Storage Day Boston - Why Software-defined Storage MattersRed_Hat_Storage
 
XPDS16: High-Performance Virtualization for HPC Cloud on Xen - Jun Nakajima &...
XPDS16: High-Performance Virtualization for HPC Cloud on Xen - Jun Nakajima &...XPDS16: High-Performance Virtualization for HPC Cloud on Xen - Jun Nakajima &...
XPDS16: High-Performance Virtualization for HPC Cloud on Xen - Jun Nakajima &...The Linux Foundation
 
ebk EVO-RAIL v104
ebk EVO-RAIL v104ebk EVO-RAIL v104
ebk EVO-RAIL v104Erik Bussink
 
VMware EVO - Fremtidens datarom er hyperkonvergert
VMware EVO - Fremtidens datarom er hyperkonvergertVMware EVO - Fremtidens datarom er hyperkonvergert
VMware EVO - Fremtidens datarom er hyperkonvergertKenneth de Brucq
 
Private IaaS Cloud Provider
Private IaaS Cloud ProviderPrivate IaaS Cloud Provider
Private IaaS Cloud ProviderDavid Pasek
 
StorPool Presents at Cloud Field Day 9
StorPool Presents at Cloud Field Day 9StorPool Presents at Cloud Field Day 9
StorPool Presents at Cloud Field Day 9StorPool Storage
 
[OpenStack Day in Korea 2015] Keynote 2 - Leveraging OpenStack to Realize the...
[OpenStack Day in Korea 2015] Keynote 2 - Leveraging OpenStack to Realize the...[OpenStack Day in Korea 2015] Keynote 2 - Leveraging OpenStack to Realize the...
[OpenStack Day in Korea 2015] Keynote 2 - Leveraging OpenStack to Realize the...OpenStack Korea Community
 
virtualization and hypervisors
virtualization and hypervisorsvirtualization and hypervisors
virtualization and hypervisorsGaurav Suri
 
vSAN architecture components
vSAN architecture componentsvSAN architecture components
vSAN architecture componentsDavid Pasek
 
GAB 2016 ASR
GAB 2016 ASRGAB 2016 ASR
GAB 2016 ASRCarlos Mayol
 
Lenovo Rack and Tower Server Portfolio
Lenovo Rack and Tower Server PortfolioLenovo Rack and Tower Server Portfolio
Lenovo Rack and Tower Server PortfolioLenovo Data Center
 
DevOps Supercharged with Docker on Exadata
DevOps Supercharged with Docker on ExadataDevOps Supercharged with Docker on Exadata
DevOps Supercharged with Docker on ExadataMarketingArrowECS_CZ
 
VMware HCI solutions - 2020-01-16
VMware HCI solutions - 2020-01-16VMware HCI solutions - 2020-01-16
VMware HCI solutions - 2020-01-16David Pasek
 
VMware Integrated OpenStack 2.0
VMware Integrated OpenStack 2.0VMware Integrated OpenStack 2.0
VMware Integrated OpenStack 2.0Erik Bussink
 
SQL Server 2017 on Linux Introduction
SQL Server 2017 on Linux IntroductionSQL Server 2017 on Linux Introduction
SQL Server 2017 on Linux IntroductionTravis Wright
 
VSAN – Architettura e Design
VSAN – Architettura e DesignVSAN – Architettura e Design
VSAN – Architettura e DesignVMUG IT
 
Ln family portfolio_customer_presentation
Ln family portfolio_customer_presentationLn family portfolio_customer_presentation
Ln family portfolio_customer_presentationLenovo Data Center
 
[OpenStack Day in Korea 2015] Keynote 5 - The evolution of OpenStack Networking
[OpenStack Day in Korea 2015] Keynote 5 - The evolution of OpenStack Networking[OpenStack Day in Korea 2015] Keynote 5 - The evolution of OpenStack Networking
[OpenStack Day in Korea 2015] Keynote 5 - The evolution of OpenStack NetworkingOpenStack Korea Community
 
Mastering OpenStack - Episode 07 - Compute Nodes
Mastering OpenStack - Episode 07 - Compute NodesMastering OpenStack - Episode 07 - Compute Nodes
Mastering OpenStack - Episode 07 - Compute NodesRoozbeh Shafiee
 
Lenovo Mission Critical-Server-Speak 102
Lenovo Mission Critical-Server-Speak 102Lenovo Mission Critical-Server-Speak 102
Lenovo Mission Critical-Server-Speak 102Lenovo Data Center
 
[OpenStack Day in Korea 2015] Track 3-4 - Software Defined Storage (SDS) and ...
[OpenStack Day in Korea 2015] Track 3-4 - Software Defined Storage (SDS) and ...[OpenStack Day in Korea 2015] Track 3-4 - Software Defined Storage (SDS) and ...
[OpenStack Day in Korea 2015] Track 3-4 - Software Defined Storage (SDS) and ...OpenStack Korea Community
 
VMworld - sto7650 -Software defined storage @VMmware primer
VMworld - sto7650 -Software defined storage @VMmware primerVMworld - sto7650 -Software defined storage @VMmware primer
VMworld - sto7650 -Software defined storage @VMmware primerDuncan Epping
 
Amazon Virtual Private Cloud
Amazon Virtual Private CloudAmazon Virtual Private Cloud
Amazon Virtual Private CloudAmazon Web Services
 
Meetup milano #3 all you need to know before creating your vpc
Meetup milano #3 all you need to know before creating your vpcMeetup milano #3 all you need to know before creating your vpc
Meetup milano #3 all you need to know before creating your vpcGonzalo Marcos Ansoain
 

Más contenido relacionado

La actualidad más candente

VMware EVO - Fremtidens datarom er hyperkonvergert
VMware EVO - Fremtidens datarom er hyperkonvergertVMware EVO - Fremtidens datarom er hyperkonvergert
VMware EVO - Fremtidens datarom er hyperkonvergertKenneth de Brucq
 
Private IaaS Cloud Provider
Private IaaS Cloud ProviderPrivate IaaS Cloud Provider
Private IaaS Cloud ProviderDavid Pasek
 
StorPool Presents at Cloud Field Day 9
StorPool Presents at Cloud Field Day 9StorPool Presents at Cloud Field Day 9
StorPool Presents at Cloud Field Day 9StorPool Storage
 
[OpenStack Day in Korea 2015] Keynote 2 - Leveraging OpenStack to Realize the...
[OpenStack Day in Korea 2015] Keynote 2 - Leveraging OpenStack to Realize the...[OpenStack Day in Korea 2015] Keynote 2 - Leveraging OpenStack to Realize the...
[OpenStack Day in Korea 2015] Keynote 2 - Leveraging OpenStack to Realize the...OpenStack Korea Community
 
virtualization and hypervisors
virtualization and hypervisorsvirtualization and hypervisors
virtualization and hypervisorsGaurav Suri
 
vSAN architecture components
vSAN architecture componentsvSAN architecture components
vSAN architecture componentsDavid Pasek
 
Lenovo Rack and Tower Server Portfolio
Lenovo Rack and Tower Server PortfolioLenovo Rack and Tower Server Portfolio
Lenovo Rack and Tower Server PortfolioLenovo Data Center
 
DevOps Supercharged with Docker on Exadata
DevOps Supercharged with Docker on ExadataDevOps Supercharged with Docker on Exadata
DevOps Supercharged with Docker on ExadataMarketingArrowECS_CZ
 
VMware HCI solutions - 2020-01-16
VMware HCI solutions - 2020-01-16VMware HCI solutions - 2020-01-16
VMware HCI solutions - 2020-01-16David Pasek
 
VMware Integrated OpenStack 2.0
VMware Integrated OpenStack 2.0VMware Integrated OpenStack 2.0
VMware Integrated OpenStack 2.0Erik Bussink
 
SQL Server 2017 on Linux Introduction
SQL Server 2017 on Linux IntroductionSQL Server 2017 on Linux Introduction
SQL Server 2017 on Linux IntroductionTravis Wright
 
VSAN – Architettura e Design
VSAN – Architettura e DesignVSAN – Architettura e Design
VSAN – Architettura e DesignVMUG IT
 
Ln family portfolio_customer_presentation
Ln family portfolio_customer_presentationLn family portfolio_customer_presentation
Ln family portfolio_customer_presentationLenovo Data Center
 
[OpenStack Day in Korea 2015] Keynote 5 - The evolution of OpenStack Networking
[OpenStack Day in Korea 2015] Keynote 5 - The evolution of OpenStack Networking[OpenStack Day in Korea 2015] Keynote 5 - The evolution of OpenStack Networking
[OpenStack Day in Korea 2015] Keynote 5 - The evolution of OpenStack NetworkingOpenStack Korea Community
 
Mastering OpenStack - Episode 07 - Compute Nodes
Mastering OpenStack - Episode 07 - Compute NodesMastering OpenStack - Episode 07 - Compute Nodes
Mastering OpenStack - Episode 07 - Compute NodesRoozbeh Shafiee
 
Lenovo Mission Critical-Server-Speak 102
Lenovo Mission Critical-Server-Speak 102Lenovo Mission Critical-Server-Speak 102
Lenovo Mission Critical-Server-Speak 102Lenovo Data Center
 
[OpenStack Day in Korea 2015] Track 3-4 - Software Defined Storage (SDS) and ...
[OpenStack Day in Korea 2015] Track 3-4 - Software Defined Storage (SDS) and ...[OpenStack Day in Korea 2015] Track 3-4 - Software Defined Storage (SDS) and ...
[OpenStack Day in Korea 2015] Track 3-4 - Software Defined Storage (SDS) and ...OpenStack Korea Community
 
VMworld - sto7650 -Software defined storage @VMmware primer
VMworld - sto7650 -Software defined storage @VMmware primerVMworld - sto7650 -Software defined storage @VMmware primer
VMworld - sto7650 -Software defined storage @VMmware primerDuncan Epping
 

La actualidad más candente (20)

ebk EVO-RAIL v104
ebk EVO-RAIL v104ebk EVO-RAIL v104
ebk EVO-RAIL v104
 
VMware EVO - Fremtidens datarom er hyperkonvergert
VMware EVO - Fremtidens datarom er hyperkonvergertVMware EVO - Fremtidens datarom er hyperkonvergert
VMware EVO - Fremtidens datarom er hyperkonvergert
 
Private IaaS Cloud Provider
Private IaaS Cloud ProviderPrivate IaaS Cloud Provider
Private IaaS Cloud Provider
 
StorPool Presents at Cloud Field Day 9
StorPool Presents at Cloud Field Day 9StorPool Presents at Cloud Field Day 9
StorPool Presents at Cloud Field Day 9
 
[OpenStack Day in Korea 2015] Keynote 2 - Leveraging OpenStack to Realize the...
[OpenStack Day in Korea 2015] Keynote 2 - Leveraging OpenStack to Realize the...[OpenStack Day in Korea 2015] Keynote 2 - Leveraging OpenStack to Realize the...
[OpenStack Day in Korea 2015] Keynote 2 - Leveraging OpenStack to Realize the...
 
virtualization and hypervisors
virtualization and hypervisorsvirtualization and hypervisors
virtualization and hypervisors
 
vSAN architecture components
vSAN architecture componentsvSAN architecture components
vSAN architecture components
 
GAB 2016 ASR
GAB 2016 ASRGAB 2016 ASR
GAB 2016 ASR
 
Lenovo Rack and Tower Server Portfolio
Lenovo Rack and Tower Server PortfolioLenovo Rack and Tower Server Portfolio
Lenovo Rack and Tower Server Portfolio
 
DevOps Supercharged with Docker on Exadata
DevOps Supercharged with Docker on ExadataDevOps Supercharged with Docker on Exadata
DevOps Supercharged with Docker on Exadata
 
VMware HCI solutions - 2020-01-16
VMware HCI solutions - 2020-01-16VMware HCI solutions - 2020-01-16
VMware HCI solutions - 2020-01-16
 
VMware Integrated OpenStack 2.0
VMware Integrated OpenStack 2.0VMware Integrated OpenStack 2.0
VMware Integrated OpenStack 2.0
 
SQL Server 2017 on Linux Introduction
SQL Server 2017 on Linux IntroductionSQL Server 2017 on Linux Introduction
SQL Server 2017 on Linux Introduction
 
VSAN – Architettura e Design
VSAN – Architettura e DesignVSAN – Architettura e Design
VSAN – Architettura e Design
 
Ln family portfolio_customer_presentation
Ln family portfolio_customer_presentationLn family portfolio_customer_presentation
Ln family portfolio_customer_presentation
 
[OpenStack Day in Korea 2015] Keynote 5 - The evolution of OpenStack Networking
[OpenStack Day in Korea 2015] Keynote 5 - The evolution of OpenStack Networking[OpenStack Day in Korea 2015] Keynote 5 - The evolution of OpenStack Networking
[OpenStack Day in Korea 2015] Keynote 5 - The evolution of OpenStack Networking
 
Mastering OpenStack - Episode 07 - Compute Nodes
Mastering OpenStack - Episode 07 - Compute NodesMastering OpenStack - Episode 07 - Compute Nodes
Mastering OpenStack - Episode 07 - Compute Nodes
 
Lenovo Mission Critical-Server-Speak 102
Lenovo Mission Critical-Server-Speak 102Lenovo Mission Critical-Server-Speak 102
Lenovo Mission Critical-Server-Speak 102
 
[OpenStack Day in Korea 2015] Track 3-4 - Software Defined Storage (SDS) and ...
[OpenStack Day in Korea 2015] Track 3-4 - Software Defined Storage (SDS) and ...[OpenStack Day in Korea 2015] Track 3-4 - Software Defined Storage (SDS) and ...
[OpenStack Day in Korea 2015] Track 3-4 - Software Defined Storage (SDS) and ...
 
VMworld - sto7650 -Software defined storage @VMmware primer
VMworld - sto7650 -Software defined storage @VMmware primerVMworld - sto7650 -Software defined storage @VMmware primer
VMworld - sto7650 -Software defined storage @VMmware primer
 

Similar a Konfigurace sítí v Oracle Cloudu

Meetup milano #3 all you need to know before creating your vpc
Meetup milano #3 all you need to know before creating your vpcMeetup milano #3 all you need to know before creating your vpc
Meetup milano #3 all you need to know before creating your vpcGonzalo Marcos Ansoain
 
From One to Many: Evolving VPC Design (ARC401) | AWS re:Invent 2013
From One to Many: Evolving VPC Design (ARC401) | AWS re:Invent 2013From One to Many: Evolving VPC Design (ARC401) | AWS re:Invent 2013
From One to Many: Evolving VPC Design (ARC401) | AWS re:Invent 2013Amazon Web Services
 
(ARC205) Creating Your Virtual Data Center: VPC Fundamentals and Connectivity...
(ARC205) Creating Your Virtual Data Center: VPC Fundamentals and Connectivity...(ARC205) Creating Your Virtual Data Center: VPC Fundamentals and Connectivity...
(ARC205) Creating Your Virtual Data Center: VPC Fundamentals and Connectivity...Amazon Web Services
 
AWS VPC NOTES _ LEARN AWS EFFECTIVELY and Easily
AWS VPC NOTES _ LEARN AWS EFFECTIVELY and EasilyAWS VPC NOTES _ LEARN AWS EFFECTIVELY and Easily
AWS VPC NOTES _ LEARN AWS EFFECTIVELY and Easilyakramemohemat
 
AWS re:Invent 2016: From One to Many: Evolving VPC Design (ARC302)
AWS re:Invent 2016: From One to Many: Evolving VPC Design (ARC302)AWS re:Invent 2016: From One to Many: Evolving VPC Design (ARC302)
AWS re:Invent 2016: From One to Many: Evolving VPC Design (ARC302)Amazon Web Services
 
70-410_r2_lecture_slides_lehjhjkhjkhjhkjhjkhkjsson_10.pptx
70-410_r2_lecture_slides_lehjhjkhjkhjhkjhjkhkjsson_10.pptx70-410_r2_lecture_slides_lehjhjkhjkhjhkjhjkhkjsson_10.pptx
70-410_r2_lecture_slides_lehjhjkhjkhjhkjhjkhkjsson_10.pptxkmjanjua19
 
Configuring IPv4 and IPv6 Addressing to STEM
Configuring IPv4 and IPv6 Addressing to STEMConfiguring IPv4 and IPv6 Addressing to STEM
Configuring IPv4 and IPv6 Addressing to STEMJohnny Jean Tigas
 
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 8
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 8CCNA (R & S) Module 01 - Introduction to Networks - Chapter 8
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 8Waqas Ahmed Nawaz
 
AWS re:Invent 2016: NextGen Networking: New Capabilities for Amazon’s Virtual...
AWS re:Invent 2016: NextGen Networking: New Capabilities for Amazon’s Virtual...AWS re:Invent 2016: NextGen Networking: New Capabilities for Amazon’s Virtual...
AWS re:Invent 2016: NextGen Networking: New Capabilities for Amazon’s Virtual...Amazon Web Services
 
Introduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best PracticesIntroduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best PracticesGary Silverman
 
Junos routing overview from Juniper
Junos routing overview from JuniperJunos routing overview from Juniper
Junos routing overview from JuniperNam Nguyen
 
CCNA SUMMER TRAINNING PPT
CCNA SUMMER TRAINNING PPTCCNA SUMMER TRAINNING PPT
CCNA SUMMER TRAINNING PPTNishant Goel
 
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...Amazon Web Services
 
Advance Applied Networking with classes.
Advance Applied Networking with classes.Advance Applied Networking with classes.
Advance Applied Networking with classes.ArcyJeromeGallardo2
 
AWS Summit London 2014 | From One to Many - Evolving VPC Design (400)
AWS Summit London 2014 | From One to Many - Evolving VPC Design (400)AWS Summit London 2014 | From One to Many - Evolving VPC Design (400)
AWS Summit London 2014 | From One to Many - Evolving VPC Design (400)Amazon Web Services
 

Similar a Konfigurace sítí v Oracle Cloudu (20)

Amazon Virtual Private Cloud
Amazon Virtual Private CloudAmazon Virtual Private Cloud
Amazon Virtual Private Cloud
 
Meetup milano #3 all you need to know before creating your vpc
Meetup milano #3 all you need to know before creating your vpcMeetup milano #3 all you need to know before creating your vpc
Meetup milano #3 all you need to know before creating your vpc
 
From One to Many: Evolving VPC Design (ARC401) | AWS re:Invent 2013
From One to Many: Evolving VPC Design (ARC401) | AWS re:Invent 2013From One to Many: Evolving VPC Design (ARC401) | AWS re:Invent 2013
From One to Many: Evolving VPC Design (ARC401) | AWS re:Invent 2013
 
OCIFo_I_S2.pdf
OCIFo_I_S2.pdfOCIFo_I_S2.pdf
OCIFo_I_S2.pdf
 
(ARC205) Creating Your Virtual Data Center: VPC Fundamentals and Connectivity...
(ARC205) Creating Your Virtual Data Center: VPC Fundamentals and Connectivity...(ARC205) Creating Your Virtual Data Center: VPC Fundamentals and Connectivity...
(ARC205) Creating Your Virtual Data Center: VPC Fundamentals and Connectivity...
 
AWS VPC NOTES _ LEARN AWS EFFECTIVELY and Easily
AWS VPC NOTES _ LEARN AWS EFFECTIVELY and EasilyAWS VPC NOTES _ LEARN AWS EFFECTIVELY and Easily
AWS VPC NOTES _ LEARN AWS EFFECTIVELY and Easily
 
AWS VPC
AWS VPCAWS VPC
AWS VPC
 
CCNA Icnd110 s04l03
CCNA Icnd110 s04l03CCNA Icnd110 s04l03
CCNA Icnd110 s04l03
 
AWS re:Invent 2016: From One to Many: Evolving VPC Design (ARC302)
AWS re:Invent 2016: From One to Many: Evolving VPC Design (ARC302)AWS re:Invent 2016: From One to Many: Evolving VPC Design (ARC302)
AWS re:Invent 2016: From One to Many: Evolving VPC Design (ARC302)
 
70-410_r2_lecture_slides_lehjhjkhjkhjhkjhjkhkjsson_10.pptx
70-410_r2_lecture_slides_lehjhjkhjkhjhkjhjkhkjsson_10.pptx70-410_r2_lecture_slides_lehjhjkhjkhjhkjhjkhkjsson_10.pptx
70-410_r2_lecture_slides_lehjhjkhjkhjhkjhjkhkjsson_10.pptx
 
Configuring IPv4 and IPv6 Addressing to STEM
Configuring IPv4 and IPv6 Addressing to STEMConfiguring IPv4 and IPv6 Addressing to STEM
Configuring IPv4 and IPv6 Addressing to STEM
 
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 8
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 8CCNA (R & S) Module 01 - Introduction to Networks - Chapter 8
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 8
 
AWS re:Invent 2016: NextGen Networking: New Capabilities for Amazon’s Virtual...
AWS re:Invent 2016: NextGen Networking: New Capabilities for Amazon’s Virtual...AWS re:Invent 2016: NextGen Networking: New Capabilities for Amazon’s Virtual...
AWS re:Invent 2016: NextGen Networking: New Capabilities for Amazon’s Virtual...
 
Introduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best PracticesIntroduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best Practices
 
Junos routing overview from Juniper
Junos routing overview from JuniperJunos routing overview from Juniper
Junos routing overview from Juniper
 
CCNA SUMMER TRAINNING PPT
CCNA SUMMER TRAINNING PPTCCNA SUMMER TRAINNING PPT
CCNA SUMMER TRAINNING PPT
 
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
 
Advance Applied Networking with classes.
Advance Applied Networking with classes.Advance Applied Networking with classes.
Advance Applied Networking with classes.
 
AWS Summit London 2014 | From One to Many - Evolving VPC Design (400)
AWS Summit London 2014 | From One to Many - Evolving VPC Design (400)AWS Summit London 2014 | From One to Many - Evolving VPC Design (400)
AWS Summit London 2014 | From One to Many - Evolving VPC Design (400)
 
A consolidated virtualization approach to deploying distributed cloud networks
A consolidated virtualization approach to deploying distributed cloud networksA consolidated virtualization approach to deploying distributed cloud networks
A consolidated virtualization approach to deploying distributed cloud networks
 

Más de MarketingArrowECS_CZ

INFINIDAT InfiniGuard - 20220330.pdf
INFINIDAT InfiniGuard - 20220330.pdfINFINIDAT InfiniGuard - 20220330.pdf
INFINIDAT InfiniGuard - 20220330.pdfMarketingArrowECS_CZ
 
Využijte svou Oracle databázi na maximum!
Využijte svou Oracle databázi na maximum!Využijte svou Oracle databázi na maximum!
Využijte svou Oracle databázi na maximum!MarketingArrowECS_CZ
 
Jak konsolidovat Vaše databáze s využitím Cloud služeb?
Jak konsolidovat Vaše databáze s využitím Cloud služeb?Jak konsolidovat Vaše databáze s využitím Cloud služeb?
Jak konsolidovat Vaše databáze s využitím Cloud služeb?MarketingArrowECS_CZ
 
Oracle databáze – Konsolidovaná Data Management Platforma
Oracle databáze – Konsolidovaná Data Management PlatformaOracle databáze – Konsolidovaná Data Management Platforma
Oracle databáze – Konsolidovaná Data Management PlatformaMarketingArrowECS_CZ
 
Nové vlastnosti Oracle Database Appliance
Nové vlastnosti Oracle Database ApplianceNové vlastnosti Oracle Database Appliance
Nové vlastnosti Oracle Database ApplianceMarketingArrowECS_CZ
 
Novinky ve světě Oracle DB a koncept konvergované databáze
Novinky ve světě Oracle DB a koncept konvergované databázeNovinky ve světě Oracle DB a koncept konvergované databáze
Novinky ve světě Oracle DB a koncept konvergované databázeMarketingArrowECS_CZ
 
Základy licencování Oracle software
Základy licencování Oracle softwareZáklady licencování Oracle software
Základy licencování Oracle softwareMarketingArrowECS_CZ
 
Garance 100% dostupnosti dat! Kdo z vás to má?
Garance 100% dostupnosti dat! Kdo z vás to má?Garance 100% dostupnosti dat! Kdo z vás to má?
Garance 100% dostupnosti dat! Kdo z vás to má?MarketingArrowECS_CZ
 
Využijte svou Oracle databázi naplno
Využijte svou Oracle databázi naplnoVyužijte svou Oracle databázi naplno
Využijte svou Oracle databázi naplnoMarketingArrowECS_CZ
 
Oracle Data Protection - 2. část
Oracle Data Protection - 2. částOracle Data Protection - 2. část
Oracle Data Protection - 2. částMarketingArrowECS_CZ
 
Oracle Data Protection - 1. část
Oracle Data Protection - 1. částOracle Data Protection - 1. část
Oracle Data Protection - 1. částMarketingArrowECS_CZ
 
Benefity Oracle Cloudu (4/4): Storage
Benefity Oracle Cloudu (4/4): StorageBenefity Oracle Cloudu (4/4): Storage
Benefity Oracle Cloudu (4/4): StorageMarketingArrowECS_CZ
 
Exadata z pohledu zákazníka a novinky generace X8M - 2. část
Exadata z pohledu zákazníka a novinky generace X8M - 2. částExadata z pohledu zákazníka a novinky generace X8M - 2. část
Exadata z pohledu zákazníka a novinky generace X8M - 2. částMarketingArrowECS_CZ
 
Exadata z pohledu zákazníka a novinky generace X8M - 1. část
Exadata z pohledu zákazníka a novinky generace X8M - 1. částExadata z pohledu zákazníka a novinky generace X8M - 1. část
Exadata z pohledu zákazníka a novinky generace X8M - 1. částMarketingArrowECS_CZ
 
Úvod do Oracle Cloud infrastruktury
Úvod do Oracle Cloud infrastrukturyÚvod do Oracle Cloud infrastruktury
Úvod do Oracle Cloud infrastrukturyMarketingArrowECS_CZ
 
Check Point automatizace a orchestrace
Check Point automatizace a orchestraceCheck Point automatizace a orchestrace
Check Point automatizace a orchestraceMarketingArrowECS_CZ
 

Más de MarketingArrowECS_CZ (20)

INFINIDAT InfiniGuard - 20220330.pdf
INFINIDAT InfiniGuard - 20220330.pdfINFINIDAT InfiniGuard - 20220330.pdf
INFINIDAT InfiniGuard - 20220330.pdf
 
Využijte svou Oracle databázi na maximum!
Využijte svou Oracle databázi na maximum!Využijte svou Oracle databázi na maximum!
Využijte svou Oracle databázi na maximum!
 
Jak konsolidovat Vaše databáze s využitím Cloud služeb?
Jak konsolidovat Vaše databáze s využitím Cloud služeb?Jak konsolidovat Vaše databáze s využitím Cloud služeb?
Jak konsolidovat Vaše databáze s využitím Cloud služeb?
 
Chráníte správně svoje data?
Chráníte správně svoje data?Chráníte správně svoje data?
Chráníte správně svoje data?
 
Oracle databáze – Konsolidovaná Data Management Platforma
Oracle databáze – Konsolidovaná Data Management PlatformaOracle databáze – Konsolidovaná Data Management Platforma
Oracle databáze – Konsolidovaná Data Management Platforma
 
Nové vlastnosti Oracle Database Appliance
Nové vlastnosti Oracle Database ApplianceNové vlastnosti Oracle Database Appliance
Nové vlastnosti Oracle Database Appliance
 
Infinidat InfiniGuard
Infinidat InfiniGuardInfinidat InfiniGuard
Infinidat InfiniGuard
 
Infinidat InfiniBox
Infinidat InfiniBoxInfinidat InfiniBox
Infinidat InfiniBox
 
Novinky ve světě Oracle DB a koncept konvergované databáze
Novinky ve světě Oracle DB a koncept konvergované databázeNovinky ve světě Oracle DB a koncept konvergované databáze
Novinky ve světě Oracle DB a koncept konvergované databáze
 
Základy licencování Oracle software
Základy licencování Oracle softwareZáklady licencování Oracle software
Základy licencování Oracle software
 
Garance 100% dostupnosti dat! Kdo z vás to má?
Garance 100% dostupnosti dat! Kdo z vás to má?Garance 100% dostupnosti dat! Kdo z vás to má?
Garance 100% dostupnosti dat! Kdo z vás to má?
 
Využijte svou Oracle databázi naplno
Využijte svou Oracle databázi naplnoVyužijte svou Oracle databázi naplno
Využijte svou Oracle databázi naplno
 
Oracle Data Protection - 2. část
Oracle Data Protection - 2. částOracle Data Protection - 2. část
Oracle Data Protection - 2. část
 
Oracle Data Protection - 1. část
Oracle Data Protection - 1. částOracle Data Protection - 1. část
Oracle Data Protection - 1. část
 
Benefity Oracle Cloudu (4/4): Storage
Benefity Oracle Cloudu (4/4): StorageBenefity Oracle Cloudu (4/4): Storage
Benefity Oracle Cloudu (4/4): Storage
 
InfiniBox z pohledu zákazníka
InfiniBox z pohledu zákazníkaInfiniBox z pohledu zákazníka
InfiniBox z pohledu zákazníka
 
Exadata z pohledu zákazníka a novinky generace X8M - 2. část
Exadata z pohledu zákazníka a novinky generace X8M - 2. částExadata z pohledu zákazníka a novinky generace X8M - 2. část
Exadata z pohledu zákazníka a novinky generace X8M - 2. část
 
Exadata z pohledu zákazníka a novinky generace X8M - 1. část
Exadata z pohledu zákazníka a novinky generace X8M - 1. částExadata z pohledu zákazníka a novinky generace X8M - 1. část
Exadata z pohledu zákazníka a novinky generace X8M - 1. část
 
Úvod do Oracle Cloud infrastruktury
Úvod do Oracle Cloud infrastrukturyÚvod do Oracle Cloud infrastruktury
Úvod do Oracle Cloud infrastruktury
 
Check Point automatizace a orchestrace
Check Point automatizace a orchestraceCheck Point automatizace a orchestrace
Check Point automatizace a orchestrace
 

Último

What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 

Último (20)

What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 

Konfigurace sítí v Oracle Cloudu

  • 1. Rohit Rahi Oracle Cloud Infrastructure November, 2019 Virtual Cloud Network Level 100 © 2019 Oracle
  • 2. Safe harbor statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, timing, and pricing of any features or functionality described for Oracle’s products may change and remains at the sole discretion of Oracle Corporation. 2 © 2019 Oracle
  • 3. Objectives • Virtual Cloud Network (VCN) basics • IP addresses • Gateways and Routing • Peering • Transit Routing • Security • Putting it all together!
  • 4. CIDR 4 © 2019 Oracle
  • 5. • CIDR (classless inter-domain routing) notation • IP addresses are described as consisting of two groups of bits in the address: the most significant bits are the network prefix, which identifies a whole network (or subnet), and the least significant set forms the host identifier, which specifies a particular interface of a host on that network • An IP address has two components, the network address and the host address: <network> <host> • A subnet mask separates the IP address into the network and host addresses (<network><host>). Subnetting further divides the host part of an IP address into a subnet and host address (<network><subnet><host>) • Subnet Mask is made by setting network bits to all "1"s and setting host bits to all "0"s. Within a given network, two host addresses cannot be assigned to hosts. The "0" address is assigned a network address and "255" is assigned to a broadcast address • Notation is constructed from an IP address, a '/' character, and a decimal number. xxx.xxx.xxx.xxx/n, where n is the number of bits used for subnet mask. E.g. 192.168.1.0/24 • Examples of commonly used netmasks for classed networks are 8-bits (Class A), 16-bits (Class B) and 24-bits (Class C) CIDR Basics
  • 6. 192.168.1.0/24 would equate to IP range: 192.168.1.0 – 192.168.1.255 • 128 64 32 16 8 4 2 1 -> 27 26 25 24 23 22 21 20 • 192 is represented as 1 1 0 0 0 0 0 0 192.168.1.0/27 would equate to IP range: 192.168.1.0 – 192.168.1.31 • Now same network divided in 8 subnets with 32 hosts each due to the /27 mask (255.255.255.224) • Subnets – 2 x 2 x 2 = 8. Hosts – 2 x 2 x 2 x 2 x 2 = 32 • Subnetworks – 192.168.1.0/27, 192.168.1.32/27, 192.168.1.64/27… CIDR Basics 1 1 0 0 0 0 0 0 1 0 1 0 1 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 1 0 1 0 1 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 192.168.1.0 Logical AND /24 subnet mask 1 1 0 0 0 0 0 0 1 0 1 0 1 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 1 1 0 0 0 0 0 0 1 0 1 0 1 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 192.168.1.0 Logical AND /27 subnet mask
  • 7. Virtual Cloud Network Intro 7 © 2019 Oracle
  • 8. • A private network that you set up in the Oracle data centers, with firewall rules and specific types of communication gateways that you can choose to use • A VCN covers a single, contiguous IPv4 CIDR block of your choice • A VCN resides within a single region Virtual Cloud Network (VCN)
  • 9. IP address range for your VCN 10.0.0.0/16 Recommended RFC 1918 Range Recommended /16 size (65,536 IP addresses) Avoid IP ranges that overlap with other on-premises or other cloud networks • Use private IP address ranges specified in RFC 1918 (10.0.0.0/8, 172.16/12, 192.168/16) • Allowable OCI VCN size range is from /16 to /30 • VCN reserves the first two IP addresses and the last one in each subnet's CIDR
  • 10. ORACLE CLOUD DATA CENTER REGION AVAILABILITY DOMAIN-1 Subnet AVAILABILITY DOMAIN-3 AVAILABILITY DOMAIN-2 SUBNET D 10.0.4.0/24 SUBNET C, 10.0.3.0/24 Each VCN network is subdivided into subnets • Each subnet can be AD-specific or Regional (recommended) • AD specific subnet is contained within a single AD in a multi-AD region • Regional subnet spans all three ADs in a multi-AD region • Each subnet has a contiguous range of IPs, described in CIDR notation. Subnet IP ranges cannot overlap VCN, 10.0.0.0/16 SUBNET B, 10.0.2.0/24 SUBNET A, 10.0.1.0/24
  • 11. ORACLE CLOUD DATA CENTER REGION AVAILABILITY DOMAIN-1 Subnet AVAILABILITY DOMAIN-3 AVAILABILITY DOMAIN-2 SUBNET D 10.0.4.0/24 SUBNET C, 10.0.3.0/24 VCN, 10.0.0.0/16 SUBNET B, 10.0.2.0/24 SUBNET A, 10.0.1.0/24 • Instances are placed in subnets and draw their internal IP address and network configuration from their subnet • Subnets can be designated as either • Private (instances contain private IP addresses assigned to VNICs) • Public (contain both private and public IP addresses assigned to VNICs) • VNIC is a component that enables a compute instance to connect to a VCN. The VNIC determines how the instance connects with endpoints inside and outside the VCN
  • 12. IP Addresses 12 © 2019 Oracle
  • 13. Private IP Addresses • Each instance in a subnet has at least one primary private IP address • Instances ≥ 2 VNICs (additional VNICs called secondary VNICs) • Each VNIC has one primary private IP; can have additional private IPs called secondary private IPs • A private IP can have an optional public IP assigned to it Instance Primary VNIC • Primary private IP address • Secondary private IP, #1, #2…#31 Secondary VNIC • Primary private IP address • Secondary private IP, #1, #2…#31SUBNET A, 10.0.1.0/24 VCN, 10.0.0.0/16
  • 14. VNIC1 • Every VM has one primary VNIC created at launch, and a corresponding Ethernet device on the instance with the IP address configuration of the primary VNIC • When a secondary VNIC is added, new Ethernet device is added and is recognized by the instance OS VM1 - single VNIC instance VM2 - connected to two VNICs from two subnets within the same VCN. Used for virtual appliance scenarios VM3 - connected to two VNICs from two subnets from separate VCNs. Used to connect instances to a separate management network for isolated access Multiple VNICs on virtual machines ORACLE CLOUD INFRASTRUCTURE (REGION) Availability Domains AD1/AD2/AD3 Subnet A 10.0.0.0/24 VCN Subnet X 172.16.0.0/24 VM1 VM2 Subnet B 10.0.1.0/24 VNIC2 VNIC3 VNIC5 VM3 VNIC4 primaryprimaryprimary
  • 15. Public IP • Public IP address is an IPv4 address that is reachable from the internet; assigned to a private IP object on the resource (Instance, load balancer) • Possible to assign a given resource multiple public IPs across one or more VNICs Instance Primary VNIC • Primary private IP address, public IP address • Secondary private IP, #1, public IP address Secondary VNIC • Primary private IP address • Secondary private IP, #1, #2…#31SUBNET A, 10.0.1.0/24 VCN, 10.0.0.0/16
  • 16. Public IP Addresses • Public IP types: Ephemeral and Reserved • Ephemeral: temporary and existing for the lifetime of the instance • Reserved: Persistent and existing beyond the lifetime of the instance it's assigned to (can be unassigned and then reassigned to another instance) • Ephemeral IP can be assigned to primary private IP only (hence, only 1 per VNIC v/s a max 32 for Reserved IP) • No charge for using Public IP, including when the Reserved public IP addresses are unassociated • Public IP assigned to • Instance (not recommended in most cases) • Oracle provided; cannot choose/edit, but can view • OCI Public Load Balancer, NAT Gateway, DRG - IPSec tunnels, OKE master/worker • Oracle provided; cannot choose/edit/view • Internet Gateway, Autonomous Database
  • 17. Gateways and Routing 17 © 2019 Oracle
  • 18. ORACLE CLOUD DATA CENTER REGION Availability Domain – AD1 SUBNET A, 10.0.1.0/24 VCN, 10.0.0.0/16 Internet Gateway Internet gateway provides a path for network traffic between your VCN and the internet You can have only one internet gateway for a VCN After creating an internet gateway, you must add a route for the gateway in the VCN's Route Table to enable traffic flow Internet Instance with public IP Regional Public Subnet Internet Gateway
  • 19. ORACLE CLOUD DATA CENTER REGION Availability Domains – AD1 SUBNET A, 10.0.1.0/24 VCN, 10.0.0.0/16 Route Table Internet Regional Public Subnet Internet Gateway Destination CIDR Route Target 0.0.0.0/0 Internet Gateway Route Table All traffic destined for Internet Gateway Consists of a set of route rules; each rule specifies • Destination CIDR block • Route Target (the next hop) for the traffic that matches that CIDR Route Table is used to send traffic out of the VCN
  • 20. ORACLE CLOUD DATA CENTER REGION Availability Domains – AD1 SUBNET A, 10.0.1.0/24 VCN, 10.0.0.0/16 Route Table Regional Public Subnet Internet Gateway Route Table Destination CIDR Route Target 0.0.0.0/0 Internet Gateway 10.0.0.0/16 local • Each subnet uses a single route table specified at time of subnet creation, but can be edited later • Route table is used only if the destination IP address is not within the VCN's CIDR block • No route rules are required in order to enable traffic within the VCN itself • When you add an internet gateway, NAT gateway, service gateway, dynamic routing gateway or a peering connection, you must update the route table for any subnet that uses these gateways or connections
  • 21. ORACLE CLOUD DATA CENTER REGION Availability Domains – AD1 SUBNET A, 10.0.1.0/24 VCN, 10.0.0.0/16 Regional Private Subnet NAT Gateway Hosts can initiate outbound connections to the internet and receive responses, but not receive inbound connections initiated from the internet. Use case: updates, patches) You can have more than one NAT gateway on a VCN, though a given subnet can route traffic to only a single NAT gateway Internet NAT gateway gives an entire private network access to the internet without assigning each host a public IP address Destination CIDR Route Target 0.0.0.0/0 NAT Gateway Instance with private IP NAT Gateway
  • 22. ORACLE CLOUD DATA CENTER REGION Availability Domains – AD1 SUBNET A, 10.0.1.0/24 VCN, 10.0.0.0/16 Regional Private Subnet Service Gateway Service gateway lets resources in VCN access public OCI services such as Object Storage, but without using an internet or NAT gateway Any traffic from VCN that is destined for one of the supported OCI public services uses the instance's private IP address for routing, travels over OCI network fabric, and never traverses the internet. Use case: back up DB Systems in VCN to Object Storage) Object Storage Service Gateway Destination CIDR Route Target Service CIDR Label Service Gateway Service CIDR labels represent all the public CIDRs for a given Oracle service or a group of Oracle services. E.g. • OCI <region> Object Storage • All <region> Services
  • 23. ORACLE CLOUD DATA CENTER REGION Availability Domains – AD1 Dynamic Routing Gateway CUSTOMER DATA CENTER A virtual router that provides a path for private traffic between your VCN and destinations other than the internet You can use it to establish a connection with your on-premises network via IPsec VPN or FastConnect (private, dedicated connectivity) After attaching a DRG, you must add a route for the DRG in the VCN's route table to enable traffic flow DRG is a standalone object. You must attach it to a VCN. VCN and DRG have a 1:1 relationship Customer Premises Equipment (CPE) SUBNET B, 10.0.2.0/24 VCN, 10.0.0.0/16 Regional Private Subnet Destination CIDR Route Target 0.0.0.0/0 DRG
  • 25. Local Peering (within region) VCN peering is the process of connecting multiple VCNs Local VCN peering is the process of connecting two VCNs in the same region so that their resources can communicate using private IP addresses A local peering gateway (LPG) is a component on a VCN for routing traffic to a locally peered VCN The two VCNs in the peering relationship shouldn’t have overlapping CIDRs ORACLE CLOUD DATA CENTER REGION VCN-1, 10.0.0.0/16 VCN-2, 192.168.0.0/16 LPG-1 LPG-2 Destination CIDR Route Target 192.168.0.0/16 LPG-1 Destination CIDR Route Target 10.0.0.0/16 LPG-2
  • 26. OCI REGION PHX Remote Peering (across region) Remote VCN peering is the process of connecting two VCNs in different regions so that their resources can communicate using private IP addresses Requires a remote peering connection (RPC) to be created on the DRGs. RPC's job is to act as a connection point for a remotely peered VCN The two VCNs in the peering relationship must not have overlapping CIDRs Oraclebackbone OCI REGION ASH VCN-1, 10.0.0.0/16 VCN-2, 192.168.0.0/16 Destination CIDR Route Target 192.168.0.0/16 DRG-1 Destination CIDR Route Target 10.0.0.0/16 DRG-2
  • 27. Summary of OCI network connectivity options Scenario Solution Let instances connect to the Internet, and receive connections from it Internet Gateway Let instances reach the Internet without receiving connections from it NAT Gateway Let VCN hosts privately connect to object storage, bypassing the internet Service Gateway Make an OCI extend an on-premise network, with easy connectivity in both directions IPsec VPN FastConnect Privately connect two VCNs in a region Local Peering Gateway Privately connect two VCNs in different regions Remote Peering Connection (DRG)
  • 28. Transit Routing 28 © 2019 Oracle
  • 29. Transit Routing: Hub and Spoke Transit Routing refers to set up in which an on- premises network uses a connected VCN to reach Oracle resources or services beyond that VCN. Two scenarios: • Access to multiple VCNs in the same region • Private access to Oracle services On-premises Network HUB VCN SPOKE VCN-2 SPOKE VCN-1 SPOKE VCN-3 Local Peerin g One of the VCNs acts as the Hub and connects to on- premises network. The other VCNs are locally peered with the Hub VCN. The traffic between the on- premises network and the peered VCNs transits through the Hub VCN. The VCNs must be in the same region but can be in different tenancies.
  • 30. Transit Routing: Hub and Spoke On-premises Network HUB VCN SPOKE VCN-1 Local Peering Destination CIDR Route Target 192.168.0.0/16 LPG-1 172.16.0.0/12 DRG Destination CIDR Route Target 10.0.0.0/16 LPG-2 172.16.0.0/12 LPG-2 LPG-1 LPG-2 10.0.0.0/16 192.168.0.0/16 Destination CIDR Route Target 192.168.0.0/16 LPG-1 Destination CIDR Route Target 172.16.0.0/12 DRG 172.16.0.0/12 • A route table that is associated with a DRG can have only rules that target an LPG or a private IP • A route table that is associated with an LPG can have only rules that target a DRG or a private IP • DRG or LPG can exist without route table associated with it
  • 31. Service Gateway-1 Transit Routing: private access to Oracle services On-premises Network HUB VCN ORACLE SERVICES NETWORK SPOKE VCN-1 SPOKE VCN-2 Object Storage On-premises network has private access to Oracle services in the Oracle Services Network. The hosts in the on- premises network communicate with their private IP addresses The on-premises network can reach the Oracle services only through a single VCN's service gateway (the one dedicated for this purpose, SG-1) and not through the service gateways of the other VCNs (SG-2,3). For those other VCNs, only the resources inside those VCNs can reach Oracle services through their VCN's service gateway. Service Gateway-2 Service Gateway-3
  • 33. Security List (SL) A common set of firewall rules associated with a subnet and applied to all instances launched inside the subnet • Security list consists of rules that specify the types of traffic allowed in and out of the subnet • To use a given security list with a particular subnet, you associate the security list with the subnet either during subnet creation or later. • Security list apply to a given instance whether it's talking with another instance in the VCN or a host outside the VCN • You can choose whether a given rule is stateful or stateless SUBNET A, 10.0.1.0/24 SUBNET B, 10.0.2.0/24 VCN, 10.0.0.0/16 Security List Security List SUBNET C, 10.0.2.0/24 Security List Direction CIDR Protocol Source Port Dest Port Stateful Ingress 0.0.0.0/0 TCP All 80 Stateful Egress 10.0.2.0/24 TCP All 1521
  • 34. Network Security Group (NSG) A network security group (NSG) provides a virtual firewall for a set of cloud resources that all have the same security posture • NSG consists of set of rules that apply only to a set of VNICs of your choice in a single VCN • Currently, compute instances, load balancers and DB instances support NSG • When writing rules for an NSG, you can specify an NSG as the source or destination. Contrast this with SL rules, where you specify a CIDR as the source or destination • Oracle recommends using NSGs instead of SLs because NSGs let you separate the VCN's subnet architecture from your application security requirements SUBNET A, 10.0.1.0/24 VCN, 10.0.0.0/16 SUBNET B, 10.0.1.0/24 NSG-A NSG-B NSG-A Directio n CIDR Protocol Source Port Dest Port NSG-A Stateful Ingress 0.0.0.0/0 TCP All 80 NSG-B Stateful Ingress 0.0.0.0/0 TCP All 22
  • 35. SL + NSG • You can use security lists alone, network security groups alone, or both together • If you have security rules that you want to enforce for all VNICs in a VCN: the easiest solution is to put the rules in one security list, and then associate that security list with all subnets in the VCN • If you choose to use both SLs and NSGs, the set of rules that applies to a given VNIC is the union of these items: • The security rules in the SLs associated with the VNIC's subnet • The security rules in all NSGs that the VNIC is in • A packet in question is allowed if any rule in any of the relevant lists and groups allows the traffic SUBNET A, 10.0.1.0/24 Security List 1 Security List 2 NSG-A NSG-B
  • 36. Stateful Security Rules • Connection Tracking: when an instance receives traffic matching the stateful ingress rule, the response is tracked and automatically allowed regardless of any egress rules; similarly for sending traffic from the host • Default Security List rules are stateful Hosts in this group are reachable from the internet on Port 80
  • 37. Stateless Security Rules • With stateless rules, response traffic is not automatically allowed • To allow the response traffic for a stateless ingress rule, you must create a corresponding stateless egress rule • If you add a stateless rule to a security list, that indicates that you do NOT want to use connection tracking for any traffic that matches that rule • Stateless rules are better for scenarios with large numbers of connections (Load Balancing, Big Data)
  • 38. Default VCN, Internal DNS 38 © 2019 Oracle
  • 39. Default VCN components Your VCN automatically comes with some default components • Default Route Table • Default Security List • Default set of DHCP options You can’t delete these default components; however, you can change their contents (e.g. individual route rules). And you can create more of each kind of component in your cloud network (e.g. additional route tables). ORACLE CLOUD DATA CENTER REGION AVAILABILITY DOMAIN-2AVAILABILITY DOMAIN-1 SUBNET A, 10.0.1.0/24 SUBNET B, 10.0.2.0/24 VCN, 10.0.0.0/16 Public SubnetPrivate Subnet Default RT Custom RT Default SL Custom SL
  • 40. Internal DNS • The VCN Private Domain Name System (DNS) enables instances to use hostnames instead of IP addresses to talk to each other • Options: • Internet and VCN Resolver: default choice for new VCNs • Custom Resolver: lets instances resolve the hostnames of hosts in your on-premises network through IPsec VPN/FastConnect • Optionally specify a DNS label when creating VCN/subnets/instances • VCN: <VCN DNS label>.oraclevcn.com • Subnet: <subnet DNS label>.<VCN DNS label>.oraclevcn.com • Instance FQDN: <hostname>.<subnet DNS label>.<VCN DNS label>.oraclevcn.com • Instance FQDN resolves to the instance's Private IP address • No automatic creation of FQDN for Public IP addresses (e.g. cannot SSH using <hostname>.<subnet DNS label>.<VCN DNS label>.oraclevcn.com)
  • 41. Putting it all together 41 © 2019 Oracle
  • 42. VCN Review • Subnets can have one Route Table and multiple (5*) Security Lists associated to it • Route table defines what can be routed out of VCN • Private subnets are recommended to have individual route tables to control the flow of traffic outside of VCN • All hosts within a VCN can route to all other hosts in a VCN (no local route rule required) • Security Lists manage connectivity north-south (incoming/outgoing VCN traffic) and east-west (internal VCN traffic between multiple subnets) • OCI follows a white-list model (you must manually specify white listed traffic flows); By default, things are locked down • Instances cannot communicate with other instances in the same subnet, until you permit them to! • Oracle recommends using NSGs instead of SLs because NSGs let you separate the VCN's subnet architecture from your application security requirements
  • 43. VCN Review Destination CIDR Route Target 0.0.0.0/0 Internet Gateway Type CIDR Protocol Source Port Dest Port Stateful Ingress 0.0.0.0/0 TCP All 80 Stateful Egress NSG-B TCP All 1521 Type CIDR Protocol Source Port Dest Port Stateful Ingress NSG-A TCP All 1521 Stateful Egress All All OCI REGION AVAILABILITY DOMAIN-1 VCN, 10.0.0.0/16 Backend, 10.0.2.0/24 Internet Frontend, 10.0.1.0/24 NSG-A NSG-B RT - Frontend RT - Backend Destination CIDR Route Target 0.0.0.0/0 NAT/ Service gateway /DRG Internet Gateway
  • 44. Summary • Key Virtual Cloud Network (VCN) concepts Subnets, Route Table, Private IP, Public IP, Internal DNS • Gateways and Routing Internet Gateway, NAT Gateway, Service Gateway, Local and Remote Peering Transit Routing VPN, FastConnect (next module) VCN Security Security List, Network Security Groups
  • 45. 45 © 2019 Oracle Oracle Cloud always free tier: oracle.com/cloud/free/ OCI training and certification: https://www.oracle.com/cloud/iaas/training/ https://www.oracle.com/cloud/iaas/training/certification.html education.oracle.com/oracle-certification-path/pFamily_647 OCI hands-on labs: ocitraining.qloudable.com/provider/oracle Oracle learning library videos on YouTube: youtube.com/user/OracleLearning