Understand Oracle Virtual Cloud Network (VCN) step by step with simple examples and easy explanations. This blogpost covers all important OCI networking components required for beginners, what VCN is, why it is needed and components of VCN.
A virtual cloud network (VCN) is a virtual, private network that closely resembles a traditional network, with firewall rules and specific types of communication gateways that you can choose. A VCN resides in a single OCI region and covers one or more CIDR blocks (IPv4 and IPv6, if enabled). Each subnet consists of one or more contiguous ranges of IP addresses that do not overlap with other subnets in the VCN.
A VCN is your private network inside Oracle Cloud.
It works almost like the network inside your office, home, or company building — but instead of physical cables and routers, everything is virtual and created in the cloud.
Imagine you buy land and build a private society.
Inside the society you create:
- Roads
- Security gates
- Different blocks
- Houses
- Visitor entry rules
Similarly, in OCI:
This is exactly how VCN works.
Main Components of Oracle VCN
1. CIDR Block – Address Range of Your Network
When creating a VCN, we define a CIDR block like:
10.0.0.0/16
This means your VCN can contain IP Addresses from 10.0.0.1 to 10.0.255.255.
2. Subnets
Inside the VCN, we create smaller sections called Subnets. Think of subnets like different blocks inside a society.
Public Subnet
Resources inside public subnet can access internet directly. Example:
Private Subnet
Resources inside private subnet cannot be accessed directly from internet. Example:
- Databases
- Internal applications
This is important for security.
10.0.0.0/16 network contains:
- IP range from 10.0.0.0 to 10.0.255.255
- Total around 65,536 IP addresses
This large network can be split into many smaller subnet networks.
Common examples include small /24 subnets:
An Internet Gateway allows resources inside VCN to communicate with the internet. Without Internet Gateway:
- Server cannot download packages
- Users cannot open website hosted on server
Think of it as:
Main gate connecting your colony to the outside world.
Internet Gateway supports connections from within the VCN (egress) and connections from the internet (ingress). Each public subnet that needs to use the internet gateway must have a route table rule that specifies the gateway as the target.
An internet gateway as an optional virtual router that connects the edge of the VCN with the internet. To use the gateway, the hosts on both ends of the connection must have public IP addresses for routing. Connections that originate in a VCN and are destined for a public IP address (either inside or outside the VCN) go through the internet gateway. Connections that originate outside the VCN and are destined for a public IP address inside the VCN go through the internet gateway.
Route tables tell network traffic where to go. Example:
0.0.0.0/0 → Internet Gateway
Meaning:
Any internet traffic should go through Internet Gateway.
A VCN uses route tables to send traffic out of the VCN (for example, to the internet, to an on-premises network, or to a peered VCN). These route tables have rules that look and act similar to traditional network route rules you might already be familiar with. Each rule specifies a destination CIDR block and the target (the next hop) for any traffic that matches that CIDR.
5. Security Lists
Meaning:
6. Network Security Groups
Meaning:
7. DRG – Dynamic Routing Gateway
Meaning:
8. NAT Gateway
Meaning:
Meaning:
s
s
s
s
s
s
s
s
Comments
Post a Comment