OCI: Gateway Types and Network Routing Fundamentals Part-4

By -

Internet Gateway (IGW)

An Internet Gateway acts as the door between your VCN (Virtual Cloud Network) and the public internet.

The Internet Gateway supports both inbound and outbound internet traffic.

By default, a compute instance deployed in a public subnet cannot access the internet unless:

  • An Internet Gateway is created and attached to the VCN.

  • The route table is configured to direct internet traffic through the Internet Gateway.

  • The instance has a public IP address assigned.

Oracle manages the availability, redundancy, and maintenance of the Internet Gateway internally.

Key Points

  • Used primarily for public subnets.

  • Enables inbound and outbound internet connectivity.

  • Requires proper route table configuration.

  • Instances typically need a public IP address to communicate through the Internet Gateway.

Network Address Translation (NAT) Gateway

A NAT Gateway provides internet access to private resources without making them publicly accessible.

If a server is deployed in a private subnet and needs to download operating system updates, RPM packages, application patches, or access external repositories, a NAT Gateway can be used.

The private subnet itself does not have direct internet connectivity. The NAT Gateway provides outbound internet access while keeping the instances private.

Key Points

  • Used by resources in private subnets.

  • Supports outbound internet traffic only.

  • Allows patch downloads, OS updates, and access to external repositories.

  • Public IP addresses are not required on private instances.

  • OCI automatically assigns a public IP address to the NAT Gateway itself.

Common Use Cases

  • Downloading operating system updates.

  • Downloading RPM packages.

  • Downloading Oracle patches.

  • Accessing external repositories and APIs.

Service Gateway (SGW)

A Service Gateway allows resources in a private subnet to access Oracle Cloud services without using the internet.

Service Gateways are created at the VCN level. During creation, you can choose whether the gateway should provide access only to Object Storage or to all supported Oracle services.

Examples of Services Accessed Through Service Gateway

  • Oracle Cloud Object Storage

  • Oracle Autonomous Database

Common Use Cases

  • Backing up databases to Object Storage.

  • Connecting to Autonomous Database.

  • Accessing Oracle-managed cloud services privately.

Before Service Gateway

  • Private instances access Object Storage through the Internet Gateway.

  • Traffic leaves the VCN and uses public endpoints.

  • NAT Gateway or public internet access may be required.

  • Security exposure is higher.

After Service Gateway

  • Private instances access Object Storage through the Service Gateway.

  • Traffic remains within Oracle's private backbone network.

  • No public IP address is required.

  • Security is improved, and network exposure is reduced.

Dynamic Routing Gateway (DRG)

A Dynamic Routing Gateway (DRG) is a virtual router that connects your OCI VCN to networks outside OCI.

DRG is commonly used to establish private connectivity between OCI and external environments.

Supported Connections

  • On-premises data centers

  • Another OCI region through Remote Peering

  • Other cloud providers such as AWS, Azure, and Google Cloud

  • Site-to-Site VPN connections

Key Points

  • Acts as a virtual router between OCI and external networks.

  • Enables private communication between OCI and on-premises environments.

  • Supports VPN and FastConnect connectivity.

  • Used for hybrid cloud architectures and multi-cloud deployments.

Common Use Cases

  • Connecting an on-premises data center to OCI.

  • Accessing Oracle E-Business Suite hosted in OCI from a corporate network.

  • Building hybrid cloud solutions.

  • Establishing connectivity between OCI regions.

Local Peering Gateway (LPG)

A Local Peering Gateway (LPG) is used to connect two Virtual Cloud Networks (VCNs) within the same OCI region so that resources in both VCNs can communicate using private IP addresses.

Types of VCN Peering

Local VCN Peering

Connects two VCNs within the same OCI region.

Remote VCN Peering

Connects two VCNs located in different OCI regions.

Example: For a Disaster Recovery (DR) setup, your primary database may be running in Region 1 while the DR database runs in Region 2. In such cases, Remote Peering is used.

Configuration

  • Create LPGs at the VCN level.

  • Local Peering Gateways (LPGs) work together with route tables.

  • Configure route tables in the respective subnets.

  • Allow the required ports in the corresponding Security Lists or Network Security Groups (NSGs).

Example

  • VCN-A → Application Servers (10.0.0.0/16)

  • VCN-B → Database Servers (192.168.0.0/16)

Without LPG, these VCNs cannot communicate directly.

By creating:

  • LPG-A in VCN-A

  • LPG-B in VCN-B

and establishing a peering connection, the application servers can securely access the database servers over Oracle's private network.

Key Features

  • Connects VCNs within the same OCI region.

  • Traffic stays on Oracle's private network.

  • No Internet Gateway is required.

  • No NAT Gateway is required.

  • Provides low-latency and secure communication.

Common Use Cases

  • Separate application and database VCNs.

  • Production and shared-services VCNs.

  • Hub-and-spoke network architectures.

  • Centralized monitoring or backup VCNs.


Gateway Type

Purpose

Internet Gateway (IGW)Provides inbound and outbound internet access for public subnet resources
NAT GatewayProvides outbound internet access for private subnet resources
Service GatewayProvides private access to OCI services without using the internet
Dynamic Routing Gateway (DRG)Provides private connectivity between OCI and external networks such as on-premises data centers, other OCI regions, and other cloud providers
Local Peering Gateway (LPG)Provides private connectivity between two VCNs within the same OCI region
Remote Peering Connection (RPC)Provides private connectivity between VCNs located in different OCI regions


Related posts:

Comments

Post a Comment

Popular posts from this blog

How to troubleshoot long running concurrent request in R12.2

By -
We frequently encounter issues with concurrent programs running long and concurrent requests not picking up jobs. These problems are often expected from the development and functional team we need to address this issue To solve this, we should take the following steps: Collect below basis level of information to development team 1 Oracle seeded program/Custom program? 2 How much time it used earlier? 3 Is there any recent code change done in concurrent program? 4 Is this program fetching higher data compare to last run? 5 Does this job running any specific time/ It can be run any time? 6 Does this job fetching data using DB link? 7 Does the problem happen on both the test and production instance?   Troubleshooting Steps for Concurrent Requests Check for Locks and Blocking sessions Identify if the request is running but blocked by database locks/Blocking sessions. Use DBA tools or queries to identify and release locks if necessary. Review Parameters and Data ...
Read more

How to find EBS URL in R12.2

By -
There are different way to find the EBS URL Method 1 Login the R12.2 application server Source the Env File [oracle@san ~]$ grep login $CONTEXT_FILE          <login_page oa_var="s_login_page">http://dev1.apps.com:8001/OA_HTML/AppsLogin</login_page> [oracle@san~]$ Method 2: Connect sqlplus apps user SQL> SELECT home_url  FROM icx_parameters; HOME_URL -------------------------------------------------------------------------------- http://<Hostname>:8007/OA_HTML/AppsLogin How to find Weblogic URL and PORT number: Login the R12.2 application server Source the Env File [oracle@sanprod ~]$ grep s_wls_adminport $CONTEXT_FILE          <wls_adminport oa_var="s_wls_adminport" oa_type="PORT" base="7001" step="1" range="-1" label="WLS Admin Server Port"> 7002 </wls_adminport> [oracle@sanprod ~]$ Weblogic Port Number:7002  Weblogic URL:http://<...
Read more

JSP Compilation in R12.2

By -
Sometime after upgrade, cloning and patching front end login page is not opening showing blank page or showing “ java.lang.StringIndexOutOfBoundsException ” error. This issue was occurring due to cache is not cleared after upgrade/Cloning JSP Compilation steps Step 1: Shutdown the application services Step 2: Take backup for the _Page(class file) folders $ cd $OA_HTML/WEB-INF/classes $ ls -lrt $ mv _pages _pages_bkup<date> a $ cd $OA_HTML/WEB-INF/classes $ ls -lrt $ mv _pages _pages_bkup<date> $ mkdir _pages $ ls -lrt Step 3: Run the below command $ perl $FND_TOP/patch/115/bin/ojspCompile.pl --compile --flush -p 99 Step 4: Start the application and clear browser cache. After completed the JSP compilation home page not coming please clear the image and style sheet cache also Cabo Images and style sheets can be corrupted or out of sync in the cabo caches, you may need to clear the related directories after backup: Step1: Shutdown the services...
Read more