This post will be checklist for items you’ll need when you have Firewall (or Hub) VCN where you route traffic to and have 3rd party firewall appliance (such as Palo Alto) inspecting traffic. You have to understand different route tables which are associated and which routes you have to set to them. What this post…
OCI Private DNS Design for multiple Regions
I’ll start by saying that typically I still see private DNS setup in the customer domain rather than in OCI, but recently I had a case where customer wanted OCI to manage specific internal sub-domain which we then used in the OCI Load Balancers. For that, there was conditional forwarders setup on-premises with a rule…
OCI Dynamic Routing Gateway Attachments Part 3 – Remote Peering Connections
Continuing use cases for new Dynamic Routing Gateway v2. This time I’ll look on Remote Peering Connections (RPC) and how that works together with DRG’s. Earlier posts on DRGv2 are here: Part1 & Part2 In short hardly anything changes, you obviously need VCN on some other Region which you want to connect to another VCN…
OCI Dynamic Routing Gateway Attachments Part 2 – Dynamic Route Import Distributions
On part 1 of the DRG version 2 we looked on basics and how you can control which VCN can be accessed and how, regardless if the source is through FastConnect, VPN Connect, VCN or Remote Peering Connection (another DRG). This time we’re gonna look on dynamic route import distributions. Since each VCN attachment can…
OCI Dynamic Routing Gateway Attachments Part 1 – Basics
As you might have seen, few weeks ago Oracle announced improved Dynamic Routing Gateway functionality which I was super excited about. Why? Previously when you’ve designed Transit Networking on OCI you’ve always had to use Hub & Spoke model for your traffic to flow from on-premises to Spoke VCN. Also, setting up connectivity between VCNs…
OCI Transit Networking DNS part 2 – Custom DNS options
We looked on setting up Oracle DNS on part 1, and how you could manage different DNS options with Private Views or DNS listeners & forwarders. In this post I’m gonna look on what options we might have with Custom DNS. Custom DNS is typically used when there’s a requirement to use already existing DNS…
OCI Transit Networking DNS part 1
First of all, big thanks for my colleagues Rob and Travis for giving me some good ideas on this post! I usually recommend Transit Networking for most of the implementations as it provides security and scalability for your OCI infrastructure. Transit networking means one of your VCN acts as a Hub and the other VCNs…
Get notified on unwanted network changes with OCI Cloud Guard
Oracle introduced Cloud Guard some time ago to OCI, in this post I’ll take a brief look what Cloud Guard is and how you can get notified on unwanted changes in your tenancy. As an example, I have a public VCN which is required for my project. I might have several admins managing the VCN…
OCI Private DNS part 2 – DNS forwarders and listeners
This is the second part of my OCI Private DNS posts. You can read the first part from here. In this post I will extend my configuration to have two VCN’s which will be connected via Local Peering Gateways together. Other VCN will have Private Zone for thatfinnishguy.com and the other VCN for somethingelse.com. Both…
OCI Private DNS part 1 – Configuration
I’ve wanted to write something about this topic for quite a while and finally OCI has released it’s first step of Private DNS capabilities! Why do I think this is a big thing? For example let’s say you need to have Hub & Spoke model with multiple VCNs, if you’ve wanted to resolve hostnames between…