Previous part three on creating VCN can be found from here.
Now let’s start with basics. What are IGW and NAT GW.
Internet Gateway (IGW) in OCI is the connection point which routes your VCN traffic from and to public Internet depending on what traffic you allow through your security lists. If you use an IGW that means your subnet is a public one.
NAT Gateway (Network Address Translation) routes traffic outside to public internet from your private subnet. Let’s say you want to download patches or have a interface requiring data from public internet and you need to run your services on private subnet, then NAT GW is a good choice for you.
Both services are configured with high availability so you don’t need to do any further configuration except the usual setup. Both can be used only for traffic which originates from your VCN.
OCI documentation has also typical networking scenarios described which touches routing and other components I haven’t touched yet in this series but it gives good info on what you need on different cases. You can read it from here.
At this point we have Compartment and VCN deployed which are required to create these resources.
I will add following lines to main.tf.
//Create NAT GW so private subnet will have access to Internet
resource "oci_core_nat_gateway" "CreateNatGateway" {
compartment_id = "${oci_identity_compartment.CreateCompartment.id}"
vcn_id = "${oci_core_virtual_network.CreateVCN.id}"
block_traffic = "${var.nat_gateway_block_traffic}"
display_name = "${var.nat_gateway_display_name}"
}
//Create Internet Gateway for Public subnet
resource "oci_core_internet_gateway" "CreateIGW" {
compartment_id = "${oci_identity_compartment.CreateCompartment.id}"
enabled = "${var.internet_gateway_enabled}"
vcn_id = "${oci_core_virtual_network.CreateVCN.id}"
display_name = "${var.internet_gateway_display_name}"
}
I’ve highlighted the use of previously created resources and usage of their OCID’s. In addition to those both resources just need variable for their name and if they are enabled or not (or block traffic).
In variables.tf I have:
// NAT GW VARIABLES
variable "nat_gateway_display_name" {
default = "NatGateway"
} // Name for the NAT GW
variable "nat_gateway_block_traffic" {
default = "false"
} // Is NAT GW active or not
// INTERNET GW VARIABLES
variable "internet_gateway_display_name" {
default = "InternetGateway"
} // Name for the IGW
variable "internet_gateway_enabled" {
default = "true"
} // Is IGW enabled or not
Next step is to run terraform, I’ve already executed terraform plan and see it adds two resources on top of existing configuration.
PS C:\git\OCI\terraform-templates\examples\builddemo> terraform.exe apply
oci_identity_compartment.CreateCompartment: Refreshing state... (ID: ocid1.compartment.oc1..aaaaaaaav43jwd5o...xxxxx)
oci_core_virtual_network.CreateVCN: Refreshing state... (ID: ocid1.vcn.oc1.eu-frankfurt-1.aaaaaaaar2...xxxxx)
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
+ oci_core_internet_gateway.CreateIGW
id: <computed>
compartment_id: "ocid1.compartment.oc1..xxxxx"
display_name: "InternetGateway"
enabled: "true"
freeform_tags.%: <computed>
state: <computed>
time_created: <computed>
time_modified: <computed>
vcn_id: "ocid1.vcn.oc1.eu-frankfurt-1.xxxxx"
+ oci_core_nat_gateway.CreateNatGateway
id: <computed>
block_traffic: "false"
compartment_id: "ocid1.compartment.oc1..xxxxx"
display_name: "NatGateway"
freeform_tags.%: <computed>
nat_ip: <computed>
state: <computed>
time_created: <computed>
vcn_id: "ocid1.vcn.oc1.eu-frankfurt-1.xxxxx"
Plan: 2 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
oci_core_internet_gateway.CreateIGW: Creating...
compartment_id: "" => "ocid1.compartment.oc1..xxxxx"
display_name: "" => "InternetGateway"
enabled: "" => "true"
freeform_tags.%: "" => "<computed>"
state: "" => "<computed>"
time_created: "" => "<computed>"
time_modified: "" => "<computed>"
vcn_id: "" => "ocid1.vcn.oc1.eu-frankfurt-1.xxxxx"
oci_core_nat_gateway.CreateNatGateway: Creating...
block_traffic: "" => "false"
compartment_id: "" => "ocid1.compartment.oc1..xxxxx"
display_name: "" => "NatGateway"
freeform_tags.%: "" => "<computed>"
nat_ip: "" => "<computed>"
state: "" => "<computed>"
time_created: "" => "<computed>"
vcn_id: "" => "ocid1.vcn.oc1.eu-frankfurt-1.xxxxx"
oci_core_internet_gateway.CreateIGW: Creation complete after 1s (ID: ocid1.internetgateway.oc1.eu-frankfurt-...xxxxx)
oci_core_nat_gateway.CreateNatGateway: Creation complete after 2s (ID: ocid1.natgateway.oc1.eu-frankfurt-1.aaa...xxxxx)
Apply complete! Resources: 2 added, 0 changed, 0 destroyed.
I’ve highlighted the part where Terraform refreshes the state of already created resources. Rest is business as usual and it creates our two new resources in a matter of few seconds.
Now we have IGW and NAT GW available. Next we need to create route tables where we will assign these and finally the route tables will be assigned to subnets so traffic gets routed correctly.
This post will be checklist for items you'll need when you have Firewall (or Hub)…
This time I go over on how to create 19c Oracle Database on OCI (hint:…
This time I'm looking on OCI Network Path Analyzer, how you can use it to…
View Comments
HI ,
Thank you . This was very informative .
Would you have an idea of how Oracle prices these network components ?
Ive been doing some research and the pricing calculator always seems to consider only the network utilization but I dont see a cost for the usage for each individual components like NAT Gateways .
NAT and IGW gateways are not separately priced AFAIK so you only pay for the traffic (if any). So makes calculations lot easier!