Warning
This content has been generated by machine translation. The translations are automated and have not undergone human review or validation.
1.4 Virtual Cloud Network (VCN)
When you use OCI, one of the first things you need to do is create a Virtual Cloud Network (VCN) for other cloud resources. A virtual network environment that is used by server resources in Oracle data centers, such as network address allocation, firewalls, routing rules, gateways, and so on.
If you configure the auto-created method when you first create your VCN, the following default configuration will be created:
Virtual Cloud Network (VCN)
A virtual network environment for other cloud resources on OCI.
Specify the IP band to use in the VCN at creation time in CIDR format. Yes) You will configure the virtual network environment of your choice by configuring the following components in your VCN along with 10.0.0.0/16
VCN: There are many additional components in addition to the components below, but we’ll only talk about the most basic components here.
Internet Gateway
It is a gateway to connect with the Internet. Just give it a name and create it.
Subnet
A subgroup that is created on a VCN, within an Availability Domain. The IP band you will use will be a subset of the band in your VCN. Specify the IP band to use in CIDR format. Example) 10.0.0.0/24
It has a public subnet and a private subnet, and instances in a private subnet do not have a public IP. In contrast, instances in a public subnet are assigned a public IP.
An instance in a private subnet cannot come from an external system on the Internet because it does not have a public IP. Instead, you can set up Network Address Translate (NAT) GATEWAY to exit the external Internet.
Route Table
Route Table, a virtual route table for the VCN that specifies rules from subnet to external destinations The automatically created default route table is set up to route all destinations (0.0.0.0/0) to the Internet Gateway and connect to the Internet as shown. You can configure custom route tables to set up the rules you want.
Security Lists
A virtual firewall for your VCN, where you set ingress rules and egress rules for each incoming and outgoing traffic from your Subnet The image shows only ingress rules for convenience, and opens all requests to port 22 for SSH communication. omitted, but egress rule is set to allow all requests to go out.
If you install WebServer on your compute instance or if you need to open ports for a separate service, you can update this Security Lists. Of course, if the Security Lists are Subnet’s firewalls on the VCN and you are on a linux firewall or a window firewall on the Compute instance itself, you must keep those ports open in its own firewall.
As an individual, this article was written with my personal time. There may be errors in the content of the article, and the opinions in the article are personal opinions.