00:00Welcome to this module on OCI networking. Let's start with an introduction.
00:09So what is a virtual cloud network? At its core, it's a private software-defined network
00:16you create in Oracle Cloud. It's used for secure communication, whether instances talking to each
00:22other, instances talking to on-premises environments, or instances talking to other
00:29instances in different regions. You would use a virtual cloud network. It lives in an OCI region.
00:34Like we said, it's a regional service. It's highly available, massively scalable, and secure.
00:42And we take care of these things for you. So before we dive deep into the VCN and all the
00:48characteristics and all the features it has, let's look at some of the basic stuff. So the first thing
00:53is VCN has an address space. In this case, you see this address space is denoted in a CIDR notation.
01:01CIDR stands for Classless Interdomain Routing. This is a foundation's course. So we are not getting
01:06into the details of how you create these CIDR notations, but you can read up more on the web
01:11or you could pull up a subnet calculator and you can get all the details. So you can see here
01:17the VCN has an IP addressing range. And what that means is you have an address range. You take that
01:25range and you can break it down into smaller networks which are called subnetworks. And these
01:32subnetworks are where you would instantiate your compute instances. So in this example, as you can
01:38see, the 10.0.0.0.0 slash 16 network is broken down into 256 smaller networks, couple of which are
01:48shown on the screen, the public subnet 10.0.1.0 slash 24 and the private subnet. And as I said, your
01:56instances get spun up in these subnets. So if you spin up a web instance, it gets an IP address as shown.
02:04If you spin up a DB instance, you get an IP address, private IP address as shown. And this IP address
02:11is used for all communication going forward. So talking about communication, what different
02:18mechanisms exist inside a VCN? So the first, there is a notion of internet gateway. This is a gateway
02:26which is massively scalable, highly available and is used for communication to anything on the internet.
02:33So if you have a web server which wants to talk to other websites on the web, being able to be accessed
02:40publicly, you would use an internet gateway. So going to the internet and coming back from the internet. You also
02:47have this highly available, massively scalable router called NAT gateway and it is used for providing NAT as a
02:56service. So what this means is the traffic is unidirectional. It can go from your private subnets
03:02to the internet but users from the internet cannot use the NAT gateway to reach your instances running
03:09in a private subnet. So the idea with the NAT gateway is to enable outbound communication to the internet
03:17but block inbound communications or connections initiated from the internet. Then we have another
03:24router which is called service gateway. And the idea is it lets resources in VCN access public OCI services
03:31such as object storage but without using an internet or NAT gateway. So these are the three scenarios,
03:37internet gateway for internet, NAT gateway also for internet but unidirectional and service gateway
03:43for accessing OCI public services which are available on the internet but accessing them in a secure
03:50manner. And then the other construct is called dynamic routing gateway. This is a virtual router that
03:57provides a path for private traffic between your VCN and destinations other than the internet. So what
04:04can these destinations be? Well, this can be your on-premises environments. Just to recap, VCN,
04:11your software-defined networking, highly scalable, secure, highly available and you have various
04:17mechanisms, various routers to enable the communication whether it's going to the internet
04:21or it's going to your on-premises environment.
04:25Thanks for watching.
Comments