OCI Networking Flashcards
What is CIDR
CIDR is Classless inter-domain routing
What is a subnet mask?
A subnet mask separates the IP address into the network and host addresses ().
Subnetting further devides the host part of an IP address into a subnet and host address ()
What is a Virtual Cloud Network?
A private network that you set up in the Oracle data centers, with firewall rules and specific types of communication gateways that you can choose to use.
A VCN resides within a single region.
Which are the allowed OCI VCN size ranges?
The allowed range is /16 to /30. /8 and /32 are not supported.
Which are the IP adresses reserved in a VCN?
Thre IP addresses are reserved in an OCI VCN
The first two and last one.
This is different from a classic network where the first and last are reserved.
What is a VNIC?
Virtual Network Interface Card
VNIC is a component that enables a compute instance to connect to a VCN.
The VNIC determines how the instance connects with endpoints inside and outside the VCN.
How many private IP addresses has an Instance?
At least ONE primary private IP address
How many VNICs can an Instance have?
Each Instance can have 2 or more Virtual Network Interface cards (one primary and one secondary).
What is a public IP?
Public IP is a IPv4 address that is reachable from the internet; assigned to a private IP object on the resource (Instance, load balancer).
You can assign a given resource multiple public IPs across one or more VNICs.
How many types of Public IP Addresses are in the OCI?
2 Types of Public IPs:
- Ephemeral
- Reserved
What is a Ephemeral Public IP Address
A Ephemeral Public IP Address is Temporary and exists only for the lifetime of the instance.
Can be assigned only to primary Private IP only.
What is a Reserved Public IP?
A Rserved Public IP is a persistent and existing beyond the lifetime of the Instance it’s assigned to (can be unassigned and then reassigned to another instance)
What is a route table?
Contains rules about how IP packets can travel to different IP addresses out of the VCN.
Of which a Route Table consists?
A rout table consists of a set of rules; each rule specifies:
- Destination CIDR block
- Route target (the next hop) for the traffic that matches that CIDR (classless inter-domain routing)
How many route tables a subnet has?
Each subnet has only One route table.
The route table is specified at the creation of the Subnet. But it can be edited later.
When is a route table used?
Route table is used only if the destination IP address is not in the VCN’s CIDR block.
What is a NAT gateway?
NAT Gateway - Network Address Translation - gives an entire private network access to the internet without assigning wach host a public IP.
Hosts can initiate outbound connections to the internet and receive responses, but not receive inbound connections initiated from the internet.
Use cases: patches, updates.
What is a Service Gateway?
The Service Gateway lets resources in VCN access public OCI services such as Object Storage, but without using internet or NAT gateway.
What is a CIDR Service
Service CIDR label represent all the public CIDRs for a given Oracle Service or a group of Oracle services
E.g.: OCI Object Storage
All Services
What is a Dynamic Routing Gateway?
A virtual router that provides a path for private traffic between your VCN and destinations other than the internet (example OCI - customer datacenters).
What are the types of Peering supported by the OCI?
Local Peering
Remote peering
What is Local Peering?
VCN peering is the process of connecting multiple VCNs
Local VCN peering is the process of connecting two VCNs in the same region so that their resources can communicate using private IP addresses.
What is a Local Peering Gateway (LPG)
A local peering gateway is a component on a VCN for routing traffic to a loccaly peered VCN.
Can two peered VCNs have overlapping CIDRs?
No
What is Remote VCN peering?
Remote VCN peering is the process of connecting two VCNs in different regions so that their resources can communicate using private IP addresses.
Requires a remote peering connection (RPC) to be created on the DRGs. RPC’s job is to act as a connection point for a remotely peered VCN.
What is a Security List
A Security List is a set of firewall rules associated with a subnet and applied to all instances launched inside the subnet.
Security lists consists of rules that specify the types of traffic allowed in and out of the subnet.
What is a Network Security Group (NSG)?
A Network Security Group (NSG) provides a virtual firewall for a set of cloud resources that all have the same security posture.
NSG consists of a set of rules that apply only to a set of VNICs of your choice in a single VCN.
What is a Stateful Security Rule?
A Statefull Security Rule allows automatically for any incomming traffic a response, regardless of any egress rule
What is a Stateless Security Rule?
A Stateless Security Rule does not allow outgoing traffic automattically based on the incoming traffic.
What are the Default Components with which the VCN comes?
Default Route Table
Default Security List
Default set of DHCP options
You cannot delete these resources, but you can modify them
