Recently OCI announced small but VERY useful service, IP Address Insights. Why this matters? I’ve run into multiple issues where we have VCNs and subnets deployed and don’t have any visibility on how many IP addresses are currently allocated on given VCN/subnet and who’s also reserving those. Not too long ago, someone reached out to…
OCI Network Firewall – Real World problems
I recently hit an issue with OCI Network Firewall that we had configured with NAT GW (see previous posts on it). We expected only to use it for egress traffic from OCI to public internet from our private compute VMs but a new requirement came which required to access some privately exposed services on OCI,…
Installing OCI Network Firewall – Allowing traffic via policies
Now that we have designed and installed our OCI Network Firewall we’re ready to allow some traffic through the firewall. What you’ll end up doing is to modifying policies which are applied to the firewall. How it works is that there’s always a single policy attached to the firewall, if you need to update the…
Installing OCI Network Firewall – Provisioning and Configuration
Now we’re going to follow the initial design I laid out here. We already have networking provisioned, so next step will be to use OCI Console and provision our OCI Network Firewall. Once we’ve provisioned it, I’ll see what happens with traffic when it hits the firewall. Final post of this series will be then…
Installing OCI Network Firewall – Design
One of the cool things Oracle has brought to OCI is managed network firewall service which is based on Palo Alto. Before OCI Network Firewall I saw constant requirement to provision self-managed firewall such as Palo Alto, Fortinet, Check Point etc. This is still a requirement as OCI Network Firewall might not provide all the…
Helping to troubleshoot with OCI VCN Flow Logs
I’m a huge fan of using tools available to help troubleshoot any issues there are. Luckily OCI has many free tools available such as Network Path Analyzer, which I’ve touched in the past. This time we’re going to look on VCN Flow Logs, I think as a starting point we should be looking on enabling…
OCI Routing checklist when using 3rd party firewall
This post will be checklist for items you’ll need when you have Firewall (or Hub) VCN where you route traffic to and have 3rd party firewall appliance (such as Palo Alto) inspecting traffic. You have to understand different route tables which are associated and which routes you have to set to them. What this post…
OCI Private DNS Design for multiple Regions
I’ll start by saying that typically I still see private DNS setup in the customer domain rather than in OCI, but recently I had a case where customer wanted OCI to manage specific internal sub-domain which we then used in the OCI Load Balancers. For that, there was conditional forwarders setup on-premises with a rule…
OCI Dynamic Routing Gateway Attachments Part 2 – Dynamic Route Import Distributions
On part 1 of the DRG version 2 we looked on basics and how you can control which VCN can be accessed and how, regardless if the source is through FastConnect, VPN Connect, VCN or Remote Peering Connection (another DRG). This time we’re gonna look on dynamic route import distributions. Since each VCN attachment can…
OCI Dynamic Routing Gateway Attachments Part 1 – Basics
As you might have seen, few weeks ago Oracle announced improved Dynamic Routing Gateway functionality which I was super excited about. Why? Previously when you’ve designed Transit Networking on OCI you’ve always had to use Hub & Spoke model for your traffic to flow from on-premises to Spoke VCN. Also, setting up connectivity between VCNs…