VCN Stands for Virtual Cloud Network. Once a Cloud Infrastructure is provisioned by the cloud provider, Cloud architects need to configure virtual devices. VCN is one of them.
What is VCN Peering? Tell us some characteristics of VCN Peering.
VCN Peering is used to configure connectivity between resources in different VCNs. Some characteristics are Traffic never leaves the provider network Does not require public IP Faster connectivity and higher security In-region, peering is called Local while cross-region is called Remote Peering.
How do you do Local VCN Peering?
Create a connection between LPG (local peering Gateway) Update route table and security list Have IAM policies to establish a connection.
What is different with Remote Peering of VCN?
For Remote Pairing DRG ( Dynamic Routing Gateways) is used. RPCs of two DRGs from two different regions are connected to create a Peering Relationship. we will also need to update the route table and security list and have IAM policies defined.
How does Transit Routing happens between multiple VCNs?
One VCN acts as a hub and other VCN’s are locally peered with the hub VCN. The traffic goes through the hub. The route table that is associated with DRG have rules to target an LPG or private IP and the route table of LPG has rules to target DRG or private IP.
What is VPN Connect?
VPN Connect is a managed VPN service that connects securely from on-premise to Cloud (OCI) VCN through IPSec VPN Connection
What are the components involved in creating VPN connections?
DRG : Dynamic Routing Gateway. VPN end at OCI CPE: Customer premise Equipment. The VPN router in on-prem network A representation to be created in OCI call CPE object. IPSec Connection: Routing to be created after configuration of DRG and CPE
What are the routing options while creating VPN?
Static and Dynamic options are there. Default is Static.
How do you avoid downtime when you want to switch routing type of a tunnel?
Do One tunnel at a time.
What is FastConnect?
FastConnect is a dedicated private network connection from OCI to its network partners Provides high-speed elastic network in 1Gbps and 10 Gbps increments Can be used to connect remote data centers (private peering) or public resources (public peering).
What is the protocol used for FastConnect?
BGP- Border Gateway Protocol.
What is Virtual Circuit?
Virtual Circuit is an isolated network path that runs over the physical network to provide a single logical connection over a customer edge router and DRG.
What is Compute Quota?
Compute quota is the resources assigned at levels to controls the usage. for e.g At the compartment level It controls how many instances can be launched.
What is BYOI?
The BYOI feature allows customers to bring their own Operating system image to the cloud.
What is Horizontal Scaling Vs Vertical Scaling?
Horizontal Scaling is adding more Compute devices or nodes, Vertical Scaling is adding more resources to a single compute.
What is a Console Connection? what are the 2 types ?
Console connection provides the facility to troubleshoot instances remotely. The 2 types are Serial (SSH) console connections and VNC console connections.
What is BYOH?
BYOH is Bring your own Hypervisor. This allows extending customers’ environment to the cloud and provides the ability to install legacy OS and prepackaged VMs. Currently, 3 Hypervisors are supported OVM- Oracle virtual machine KVM Microsoft Hyper-V
What are the ways you can access your OCI resources?
CLI- Command line Interface SDK- software development kit can call OCI services- java , ruby python can be used Rest APIs- http Oracle cloud infrastructure IAM console
What is TerraForm and why it is used?
TerraForm is the virtualization of OCI resources and provisioning via Code. It can help in the automation of OCI environments.
What is Ansible?
Used for OCI provisioning , orchestration and Configuration management ofr OCI resources.
What is Availability Domain?
Data center region from where services can be provided
What is a Fault Domain?
Fault domain is similar to availablity domain where the load can shift in case of disastery recover
Can an availability domain have multiple data centers?
What is Region?
Geographical Region which can have multiple Avaliblity domains
Where are the user identities stored?
Identity and Access management service.
What is a Compartment?
Its the logical boundary within a tenancy and Grouping of resources (eg storage , network , user access) for a certain logical department ( eg. Finance)
What is user access Policy?
IAM policy is defined to give access to user and manage access control. users are added to groups and policy states for e.g which group can access what.
What is Tenancy?
Tenancy is a unique id for a Tenant ( a cloud infrastructure customer)
Can compartment level access can be implemented?
Yes, and to nested compartments as well.
Can compartment have resources from different Regions?
Yes. Resources from different regions are used when you need global presence.
How many compartments you get on a vanila OCI instance?
Only one – that is the root compartment
Can you create a resource without a compartment?
No . Compartment is manadatory.
What is Principal?
Principal is who can access the resources, It can be root User, or IAM user Example : User tied to group and given a access policy is a principal. Or Instance (eg. a VM instance).
What is the use of instance principal?
To avoid direct user credentials storage.
How does authentication happen in OCI?
User Password API signing Key- Public Private Key Authorization Token- A series of random text and numbers.
How does authorization happen?
After authentication is done authorization is done by the IAM policies defined at compartment level and tenancy level.
How does a policy structure look like?
Policies are defined with structure as below
Allow (Subject) to <verb) <resource-type) in (location) where <conditions) e.g.
Allow group (group_name) to (verb) (resource-type) in tenancy Allow group (group_name) to (verb) (resource-type) in compartment [where <conditions)]
What would be your policy for a super user who can mange everything in your cloud account?
AllOW GROUP Administrators to manage all-resources in TENANCY
What is a Subnet and VCN?
A subnet is sub network in an availability domain within a VCN VCN can span across multiple availability domain. Subnet divides your VCN into more sub networks. A Compute instance is assigned private IP inside subnet.
What are the types of subnet ?
Subnets are of Public and private type. Public- have apps for public-facing private for internal apps
What is a routing table?
A component that has an entry to route your network traffic to outside VCN (public) meaning the VCN does not have the IP range requested.
What is IGW ?
IGW is an internet Gateway that provides path for network traffic between VCN & internet.
What is a NAT Gateway?
NAT gateway is used for one way internet connection between a private subnet and external network. External network cannot access the resource within the private subnet. (External requests blocked). e.g to update a VM driver.
What entry routing table has ?
It has entry to addresses outside VCN . these can be public internet or onprem or other peered VCN Route entry rule has Destination CIDR Block Route Target for the traffic that matches that CIDR
How may IGWs can be present in a VCN?
How can you architect high availability in Oracle Cloud Infrastructure?
– We can attach block volume from availability domain 1 to a compute instance in availability domain 2 or vice versa. – Distribute application servers across all availability domains within a region – Have multiple Fault Domains across regions.
What is a Service Gateway (SGW) ?
SGW lets resources in VCN access public OCI service eg object storage without using internet ( IGW or NAT) Can be used for e.g taking backups.
What is a DRG?
DRG provides private traffic between VCN and destinations other than internet (e.g on-premise orother VCNs)
Where do you define ingress and Egress traffic rules?
In Firewall Security List where we need to provide the CIDR , Protocol , source port, and destination port
What is the difference between VPN and Fast Connect?
VPN : encrypted connection up to 400 Mbps speed Cheap for basic usage. Fast Connect: Dedicated Connection between premises and oracle data center upto 10 GbPS Costly and suitable for Enterprise
What is a Bare Metal Compute service?
It is a compute system without any virtualization layer. we can deploy our hypervisor and install VMs Key Control Characteristics Direct hardware access Bring your hypervisor Code App container language runtime Operating system Virtualization layer
What is a dedicated Compute virtual host?
A single tenant with the virtualization layer Control Characteristics : Code app container language runtime operating system
What are the characteristics of a OIC Virtual Machine?
a Multitenant dedicated virtual host machine Control characteristics: Code app container language runtime operating system
What are the characteristics of a container engine?
It’s a compute instance where we do not worry about virtualization and can run our code Control Characteristics : Code App container
What is Functions service?
Can allow running Code only Serverless option . Not provisioning any hardware A low-cost solution
What is a Hypervisor?
The hypervisor is a hardware virtualization technique that allows multiple deployed O.S to run on single host at the same time.
What is a Container?
The container is a bundle of app + dependencies app + dependencies + kernel / OS is a VM container with apps e.g App + binaries & Libraires + Guest OS App + binaries & Libraires .This can be run anywhere
What is Oracle Kubernetes Engine?
Kubernetes is an open-source system for automating deployment, scaling and management of containerized applications. OKE is a fully managed scalable and highly available service that you can use to Deploy your containerized applications in OCI.
Which OCI service is best suited for serverless Apps?
What is Block Storage Object storage and File storage?
Block storage: Storage connected to network Any data any type unrelated blocks Object Storage: can have any type of storage Flat structure modular unit, self contained repository File Storage: Network area storage organized as an array of unrelated blocks
Given Object Storage and File Storage For which storage do you need to attach a compute instance?
File storage. for object storage you do not need compute instance.
Affiliate Disclosure: Some of the links may be affiliates links which may earn us a commission without any extra cost to you. As an Amazon Associate, we may earn from qualifying purchases.
All the articles and views are of the author and do not necessarily be of Oracle or any other Cloud provider. All Logos and trademarks belong to respective owners. All articles are for educational purposes only.