Which VCN gateway will you use to connect to an on

A virtual network interface card (VNIC), which attaches to an instance and resides in a subnet to enable a connection to the subnet’s VCN

• Each instance has a primary VNIC that’s created during instance launch and cannot be removed
• You can add secondary VNICs to an existing instance (in the same availability domain as the primary VNIC). Secondary VNIC can be in a different subnet and different VCN, but the same AD

Public Ip

• ephemeral IP : assigned to the resource till termination of the resource
• Reserved Ip : this exist even after the resource is terminated and you can use that with another resource
• You can Bring your own Ip

DRG [Dynamic Routing Gateway]

• It provides a path for private network traffic between your VCN and on-premises network
• DRG and vcn relationship is 1-to-1, max 5 DRG per region

Service Gateway

• It provides a path for private network traffic between your VCN and supported services in OCI.
• It is used to avoid traffic through internet for OCI service.

Internet Gateway

• you can add to your VCN for direct internet access

LPG [Loca Perring Gateway]

• To peer one VCN with another VCN in the same region

Local VCN Peering

• Two VCNs with non-overlapping CIDRs, in the same region
  A local peering gateway (LPG) on each VCN in the peering relationship.
• A connection between those two LPGs.
• Supporting route rules to enable traffic to flow over the connection, and only to and from select subnets in the respective VCNs (if desired).
• Supporting security rules to control the types of traffic allowed to and from the instances in the subnets that need to communicate with the other VCN.
• You can now use a single DRG (regional object) for local peering. You can attach multiple VCNs (within region) directly to the same DRG.

RPC [Remote Peering Gateway]

• To peer one VCN with another VCN in a different region.

Remote Peering VCN

• Two VCNs with non-overlapping CIDRs, in different regions that support remote peering. The VCNs must be in the same tenancy.
• A dynamic routing gateway (DRG) attached to each VCN in the peering relationship. Your VCN already has a DRG if you’re using an IPSec VPN or an Oracle Cloud Infrastructure FastConnect private virtual circuit.
• A remote peering connection (RPC) on each DRG in the peering relationship. A connection between those two RPCs.
• Supporting route rules to enable traffic to flow over the connection, and only to and from select subnets in the respective VCNs (if desired).
• Supporting security rules to control the types of traffic allowed to and from the instances in the subnets that need to communicate with the other VCN.
• support up to 300 DRG attachments. Attachments can be of type: VCN, IPSEC VPN

NAT Gateway

• For resources without public IP addresses that need to initiate connections to the internet

Site-to-Site VPN

• Offers multiple IPSec tunnels between your existing network’s edge and your VCN, by way of a DRG that you create and attach to your VCN
• Both tunnels should be Up, as it created two tunnels

Fast Connect

• Creates dedicated, private connections between your data center and OCI
• Traffic does not traverse the internet
• Offer both type of peering
  • Private peering: To extend your existing infrastructure into a virtual cloud network (VCN) in Oracle Cloud Infrastructure 
  • Public peering: To access public services in Oracle Cloud Infrastructure without using the internet
• No Charge for Inbound and Outbound data transfer
• Use BGP protocol
• Used for Latency sensitive application in Hybrid Cloud, Data Migration, Sensitive Data transfer

Private End Point

• Only for Autonomous database, Oracle Analytics Cloud, Oracle Data Safe, Streaming, and Data Catalog are the only services that can be accessed through service private endpoint.

Network Visualizer

• OCI service to provide a visual representation of the network in a selected region or tenancy.
• Shows Regional Network topology
• Shows cloud network topology

Best Practice

When to use what

Connection from OnPremise To OCI

Fast Connect vs IPsec VPN

Stateless vs Stateful

Stateless: They remember nothing and check packets that cross the subnet border each way: inbound and outbound.  Need to define incoming and outgoing for a port separately

Stateful : They remember previous decisions made for incoming packets. For a port, if incoming allowed then outgoing also allowed

Which VCN gateway can be used to connect to the public OCI services?

Which gateway will you use to allow resources from within a VCN to communicate with the internet but prevent any inbound traffic?

What are two uses cases to use FastConnect when connecting to a VCN from on

What is internet gateway in OCI?