Disclaimer

Wednesday, 11 June 2025

Subnet Vs Route table in OCI

 


In Oracle Cloud Infrastructure (OCI), a subnet is a subdivision of a Virtual Cloud Network (VCN). It provides a range of IP addresses and defines the networking boundaries for your OCI resources like compute instances, databases, load balancers, etc.


🔹 Key Concepts of a Subnet in OCI:

FeatureDescription
Part of VCNSubnet resides inside a Virtual Cloud Network.
CIDR BlockSubnet has its own CIDR block (e.g., 10.0.1.0/24), a subset of the VCN CIDR.
Availability Domain (AD)Subnet can be AD-specific (regional subnets are also available).
Public or PrivateYou must specify whether the subnet is public or private:
- Public Subnet: Allows access to/from the internet using Internet Gateway.
- Private Subnet: No direct internet access; can use NAT Gateway or Service Gateway.
Security ControlsAssociated with Route Tables, Security Lists, and optionally Network Security Groups (NSGs).


🔸 Subnet Use Case Example:

Imagine a VCN 10.0.0.0/16, and you define:

  • A public subnet 10.0.1.0/24 – for a bastion host or load balancer.

  • A private subnet 10.0.2.0/24 – for backend application servers or databases.


🔸 Diagram:


VCN: 10.0.0.0/16
├── Public Subnet: 10.0.1.0/24 (Internet Gateway)
│   └── Compute Instance (Bastion Host)
│
└── Private Subnet: 10.0.2.0/24 (NAT Gateway / Service Gateway)
    └── Compute Instance (App Server)


🔹 Common Route Table Setup:

Destination CIDRTarget
0.0.0.0/0Internet Gateway (for public subnet)
0.0.0.0/0NAT Gateway (for private subnet outbound access)
OCI Services CIDRService Gateway (to access Oracle services privately)




🔹 What Is a Route Table?

A Route Table contains a set of Route Rules that tell traffic where to go — for example, whether it should stay within the VCN, go to the internet, to another VCN via a Dynamic Routing Gateway (DRG), or to Oracle Services via a Service Gateway.

Each subnet in a VCN is associated with exactly one route table, which governs the routing behavior for resources in that subnet.


🔸 Key Components:

ComponentDescription
Route TableA collection of route rules associated with a subnet.
Route RuleEach rule defines the destination CIDR block and the target to which the traffic should go.
Target TypesCan be Internet Gateway, NAT Gateway, DRG, Local Peering Gateway (LPG), Service Gateway, etc.


🔹 Common Targets in Route Rules:

Destination CIDRTarget GatewayPurpose
0.0.0.0/0Internet GatewayFor outbound internet access from public subnets.
0.0.0.0/0NAT GatewayFor private subnets to access the internet outbound only.
All Oracle Services CIDRService GatewayPrivate access to Oracle services like Object Storage.
Another VCN CIDRDRGTo route traffic to on-prem or other VCNs via VPN / FastConnect.
Peered VCN CIDRLPGTo route traffic to another VCN in the same region using Local Peering.


🔸 Example Route Table:

For a private subnet:


Route Table:
- 0.0.0.0/0 → NAT Gateway (for outbound internet)
- 10.0.0.0/16 → local (within the VCN)
- 192.168.0.0/16 → DRG (for on-prem communication)

For a public subnet:


Route Table:
- 0.0.0.0/0 → Internet Gateway (for full internet access)


🔹 Summary:

  • Attached to subnet.

  • Directs traffic based on destination CIDRs.

  • Targets can be gateways depending on use case (public internet, private access, peering, etc.).



at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Understanding SQL Plan Baselines in Oracle Database

  Understanding SQL Plan Baselines in Oracle Database SQL Plan Baseline is the feature in Oracle started from Database 11g that helps to pre...