OCI Networking Deep Dive: VCNs, Subnets, and Connectivity Options

The Virtual Cloud Network (VCN) is the software-defined network that underpins every OCI deployment. A well-designed VCN architecture is critical for security, performance, and operational efficiency.

VCN Design Principles

A VCN is a private, isolated network within an OCI region. Best practice is to use a CIDR block that does not overlap with your on-premises networks, anticipating future hybrid connectivity. A typical enterprise VCN uses /16 or /20 CIDR blocks.

Subnets divide the VCN into segments. Public subnets contain resources with internet-facing public IP addresses, while private subnets host backend resources accessible only within the network. Regional subnets span all availability domains, simplifying design for most workloads.

Connectivity Options

OCI provides multiple connectivity options for hybrid architectures:

FastConnect provides dedicated, private connectivity between your on-premises data center and OCI, with bandwidth options from 1 Gbps to 100 Gbps. It offers lower latency and more consistent performance than internet-based connectivity.

Site-to-Site VPN provides encrypted IPsec tunnels over the internet. OCI supports redundant VPN connections for high availability, with BGP dynamic routing for automatic failover.

Service Gateway and Private Access

The Service Gateway enables private access to Oracle services (Object Storage, Autonomous Database, etc.) without traffic traversing the internet. This is essential for security-conscious architectures.

The NAT Gateway provides outbound internet access for resources in private subnets without exposing them to inbound internet traffic.

Load Balancing

OCI offers two load balancer types. The Load Balancer (Layer 7) supports HTTP/HTTPS with SSL termination, path-based routing, and health checks. The Network Load Balancer (Layer 4) provides ultra-low latency for TCP/UDP traffic and preserves the source IP address.