A Gateway is a network component that allows data to flow from one network to another. Gateways serve as an entry and exit point for a network as all data going outside of a network must pass through it. As the name suggests it acts as a gate between two networks.
In this blog post, I am going to cover all the gateways used in OCI Networking such as
Before starting, let’s have a brief introduction about Networking in OCI.
Overview of Networking in OCI
Working with Oracle Cloud Infrastructure, the very first thing you setup is a Virtual Cloud Network (VCN). A typical OCI networking environment has the following components:
- Virtual Cloud Network (VCN): Software-defined version of a traditional physical network including subnet, route tables, and gateways – on which your instances run.
- Subnet: A subnet could be a public or private subnet.
- Route Table: Route tables are used to send traffic outside VCN (Internet, On-premise, other Peered VCN)
- Security List: Common Set of firewall rules associated with a subnet and applies to all compute instances in that subnet.
- Network Security Group: A virtual firewall to control the type of traffic allowed in and out of resources (like Compute, Database, Load Balancer) in VCN
- Internet Gateway: Internet Gateway provides a path for network traffic between VCN & Internet.
- Dynamic Routing Gateway: DRG provides private traffic between VCN and destinations other than the internet (On-Premise or other VCNs)
- Load Balancer: Load Balancer helps in automating traffic distribution from one entry point to multiple servers in VCN
Read our blog to know more about Networking In Oracle Cloud (OCI): VCN, Subnet, Gateways, Peering, Transit Routing
Now let’s discuss all the gateways one-by-one.
Internet Gateway
Internet Gateway is used to access the internet from a VCN (say, network) in Oracle Cloud Infrastructure. It supports connections initiated from within the VCN (egress) and connections initiated from the internet (ingress).
Key points to note:
- Resources that need to connect to the Internet must be in a public subnet and have a public IP address.
- Each public subnet that needs to use the internet gateway must have a route table rule that specifying Internet Gateway as the target.
- Specify Security rules to control the types of traffic allowed in and out of resources in that subnet
- A VCN can be attached to only one Internet Gateway at a time.
How To Create An Internet Gateway?
1. Go to Console, Click on the VCN for which you want to create the Internet Gateway. Click Internet Gateways.
2. Enter a Name and select the Compartment and then click on Create Internet Gateway.
NAT Gateway
A NAT Gateway is used to provide resources without public IP addresses, access to the Internet without exposing these resources to the incoming internet connections.
Key points to note:
- NAT gateway is added to give instances in private subnet access to the internet.
- With the NAT gateway, these instances can initiate connections to the internet and receive responses, but they are not able to receive any incoming connections initiated from the internet.
- NAT gateways are highly available and support TCP, UDP, and ICMP ping traffic.
How To Create A NAT Gateway?
1. Go to Console, Click on the VCN for which you want to create the NAT Gateway. Click NAT Gateways.
2. Enter a friendly name, a compartment, and specify whether the public IP address is reserved or ephemeral.
Service Gateway
A service gateway gives resources in your VCN and on-premises network, private access to multiple Oracle services within OCI without the traffic going over the internet. Any traffic from your VCN that is destined for one of the supported public services uses the instance’s private IP address for routing, travels over the Oracle Cloud Infrastructure network fabric, and never traverses the internet.
Key points to note:
- A Service Gateway is regional.
- Service Gateway provides the private subnet with private access to supported Oracle services within the region. Connections can be initiated only from the subnet.
- The service gateway allows access to supported Oracle services within the region to protect your data from the internet.
How To Create A Service Gateway?
1. In the Console, click on the VCN for which you want to create the Service Gateway. Click on Service Gateway.
2. Enter a friendly name, select a compartment, and select appropriate services.
Dynamic Routing Gateway
A Dynamic Routing Gateway (DRG) is used to connect to your existing on-premises network to your VCN. A DRG provides a single point of entry for remote network paths coming into VCN. It provides a path for VCNs to communicate across regions or outside the region to On-premise. Each VCN can have a single DRG.
Use cases of DRG:
- A DRG is used while connecting from a non-prem environment to the VCN using any one or both of these:
- IPSec VPN
- FastConnect
- A DRG is also used while peering two VCNs in different regions: Remote VCN Peering
Read our blog to know more about IPSec VPN and FastConnect
How To Create DRG?
1. Open the navigation menu. Go to Networking and click Dynamic Routing Gateways. Click on Create Dynamic Routing Gateways.
2. Select a compartment and enter a friendly name. Then click on Create Dynamic Routing Gateways.
In our OCI Architect Associate[1Z0-1072] Certification training, we have covered all the gateways in detail along with the complete hands-on lab required to implements these in Oracle Cloud.
To know about all the hands-on labs required to implement these gateways and to clear the certification read our blog Oracle Cloud Infra Architect Certification 1Z0-1072: Step by Step Hands-On Guides To Clear Exam
Related/Further Readings
- Virtual Networking (VCN) Quickstart In Oracle Cloud (OCI)
- Network Security Groups (NSGs) Vs. Security List (SL): When to use What?
- Transit Routing: Access To Multiple VCNs From On-Premise
- [Video 3 of 5] Oracle Cloud: Create VCN, Subnet, Firewall (Security List), IGW, DRG: Step By Step
- [Video 4 of 5] What Is Load Balancer In Oracle Cloud (OCI) & How To Create: Step By Step
- [Q/A] Oracle Cloud Infrastructure Architect Training Day 3: Networking (VCN, Subnets, Gateways, Route Tables, Security List)
Next Task For You
In our OCI Architect Associate [1Z0-1072] Certification training, we cover Networking in Module 3 where we have covered Basic and Advanced networking with topics such as IPSec VPN, FastConnect, Local & Remote VCN Peering, Dynamic Routing Gateway in OCI. Begin your journey towards becoming an Oracle Cloud Architect by Joining the FREE Masterclass on How To Become Oracle Cloud Architect in 8 Weeks.
Click on the image below to Register for the FREE Masterclass NOW!
The post Gateways In OCI: Internet Gateway, NAT Gateway, Service Gateway, Dynamic Routing Gateway appeared first on Cloud Training Program.