My previous post on IP Address Insights I mentioned it wasn’t yet available with CLI but I was wrong! It was there, just my Cloud Shell CLI version wasn’t the latest so didn’t have the command yet available. If you have 3.40.2 and above, the following commands are now available: oci network ipam list-ip-inventory oci…
OCI IP Address Insights
Recently OCI announced small but VERY useful service, IP Address Insights. Why this matters? I’ve run into multiple issues where we have VCNs and subnets deployed and don’t have any visibility on how many IP addresses are currently allocated on given VCN/subnet and who’s also reserving those. Not too long ago, someone reached out to…
OCI Network Firewall – Real World problems
I recently hit an issue with OCI Network Firewall that we had configured with NAT GW (see previous posts on it). We expected only to use it for egress traffic from OCI to public internet from our private compute VMs but a new requirement came which required to access some privately exposed services on OCI,…
Installing OCI Network Firewall – Allowing traffic via policies
Now that we have designed and installed our OCI Network Firewall we’re ready to allow some traffic through the firewall. What you’ll end up doing is to modifying policies which are applied to the firewall. How it works is that there’s always a single policy attached to the firewall, if you need to update the…
Installing OCI Network Firewall – Provisioning and Configuration
Now we’re going to follow the initial design I laid out here. We already have networking provisioned, so next step will be to use OCI Console and provision our OCI Network Firewall. Once we’ve provisioned it, I’ll see what happens with traffic when it hits the firewall. Final post of this series will be then…
Installing OCI Network Firewall – Design
One of the cool things Oracle has brought to OCI is managed network firewall service which is based on Palo Alto. Before OCI Network Firewall I saw constant requirement to provision self-managed firewall such as Palo Alto, Fortinet, Check Point etc. This is still a requirement as OCI Network Firewall might not provide all the…
Helping to troubleshoot with OCI VCN Flow Logs
I’m a huge fan of using tools available to help troubleshoot any issues there are. Luckily OCI has many free tools available such as Network Path Analyzer, which I’ve touched in the past. This time we’re going to look on VCN Flow Logs, I think as a starting point we should be looking on enabling…
OCI Routing checklist when using 3rd party firewall
This post will be checklist for items you’ll need when you have Firewall (or Hub) VCN where you route traffic to and have 3rd party firewall appliance (such as Palo Alto) inspecting traffic. You have to understand different route tables which are associated and which routes you have to set to them. What this post…
OCI Private DNS Design for multiple Regions
I’ll start by saying that typically I still see private DNS setup in the customer domain rather than in OCI, but recently I had a case where customer wanted OCI to manage specific internal sub-domain which we then used in the OCI Load Balancers. For that, there was conditional forwarders setup on-premises with a rule…
OCI Dynamic Routing Gateway Attachments Part 3 – Remote Peering Connections
Continuing use cases for new Dynamic Routing Gateway v2. This time I’ll look on Remote Peering Connections (RPC) and how that works together with DRG’s. Earlier posts on DRGv2 are here: Part1 & Part2 In short hardly anything changes, you obviously need VCN on some other Region which you want to connect to another VCN…