Local VCN Peering (Using LPGs) vs Remote Peering

 

 Technical Architecture

1. Local VCN Peering (LPGs):

• Uses Local Peering Gateways to connect two VCNs within the same region - Think of two playgrounds in the same neighborhood

• Traffic stays inside Oracle’s regional backbone, not traversing the internet.

• Routes must be configured in each VCN’s route table to send traffic through its LPG.

• Security rules and Network Security Groups (NSGs) apply to control access.

Example Use Cases:

• A “hub-and-spoke” network model within one region.

• Centralized network services (DNS, NAT, firewalls) accessed by other VCNs.

Key Points:

• Cannot connect VCNs in different regions.

• Simple, cost-effective, and low-latency.

• Each LPG can peer with one VCN at a time (one-to-one).

2. Remote VCN Peering:

• Uses Remote Peering Gateways (RPGs) to connect VCNs across regions - two playgrounds in different cities

• Communication occurs via OCI’s private backbone, not over the public internet.

• You set up an RPG in each VCN and establish a remote peering connection between them.

Example Use Cases:

• Multi-region deployments for disaster recovery.

• Cross-region data replication or centralized monitoring.

Key Points:

• Traffic remains private (never goes over the public internet).

• Slightly higher latency than local peering (due to inter-region distance).

• Each RPG can peer with only one other RPG.

Feature	Local VCN Peering (LPG)	Remote VCN Peering
Purpose	Connect VCNs within the same region	Connect VCNs across regions
Connection Type	Via Local Peering Gateways (LPGs)	Via Remote Peering Gateways (RPGs)
Latency	Lower latency (same-region routing)	Higher latency (cross-region routing)
Bandwidth	Uses regional network — typically higher	Limited by inter-region connectivity
Use Case	For multi-VCN architectures in a single region (e.g., shared services, segmentation)	For multi-region architectures (e.g., DR, cross-region data access)

Aspect	Local Peering	Remote Peering
Security Lists/NSGs	Required for traffic control between VCNs	Required for traffic control between VCNs
Route Tables	Must add route to LPG	Must add route to RPG
Policies (IAM)	Required if peering VCNs in different compartments	Required if VCNs are in different tenancies or compartments

Criteria	Local Peering (LPG)	Remote Peering (RPG)
Regions	Same	Different
Gateway Type	Local Peering Gateway (LPG)	Remote Peering Gateway (RPG)
Traffic Path	Regional backbone	OCI inter-region backbone
Performance	High (low latency)	Moderate (depends on distance)
Cost	No egress cost within region	Inter-region data transfer charges may apply
Setup Complexity	Simple	Slightly more complex
Common Use Case	Hub-and-spoke within region	Multi-region DR or replication

Google, Mozilla, and Apple choosing to no longer support Entrust as a publicly trusted certificate authority

Google, Mozilla, and Apple have all decided to stop trusting Entrust’s publicly issued certificates after specific cutoff dates, due to long-standing compliance issues.

Why the Distrust?

Browsers depend on Certificate Authorities (CAs) to uphold stringent security and industry standards. Entrust repeatedly failed to comply—examples include delay in revoking misissued certificates, poor incident reporting, and administrative errors. This pattern of “compliance failures” led browsers to lose confidence in Entrust’s ability to act responsibly and transparently.

Organization	Affected Certificates	Cutoff Date	Notes
Google Chrome	TLS certificates with Signed Certificate Timestamp (SCT) post-issue date	November 11, 2024	Entrust roots not trusted in Chrome Root Program for certs issued after Oct 31, 2024 (Entrust, DigiCert, The Wall Street Journal, Cloudflare Docs, The Cloudflare Blog, Enterprise Security Tech)
Apple (Safari and Root Store)	TLS, S/MIME, Timestamping, VMCs issued after specific date	November 15, 2024	Doesn’t affect certs issued on or before that date; broader certificate types impacted (Entrust, DigiCert)
Mozilla Firefox	TLS certificates via Entrust roots	November 30, 2024	Distrust due to repeated compliance issues and insufficient corrective action (Google Groups, Encryption Consulting, DigiCert, Wikipedia)

What This Means for Users

• Old Entrust Certificates Still Valid – Certificates issued on or before the cutoff dates will remain trusted until their natural expiry.

• New Entrust Certificates Likely to Fail – Certificates issued after the specified cutoff dates will trigger browser warnings or outright blockage.

For example:

• Chrome rejects SCT-dated Entrust certificates after Nov 11, 2024.

• Apple’s platforms (like Safari) reject Entrust TLS/S‑MIME certs issued after Nov 15, 2024.

• Firefox stops trusting Entrust-issued TLS certs from Nov 30, 2024. 

Entrust’s Reaction & Alternatives

Entrust publicly announced that certificates issued prior to the cutoff remain valid, and they’re working on fixing their internal processes—such as adding linting tools, establishing a change control board, and bolstering audit transparency.

Meanwhile, they’ve partnered with SSL.com to issue new certificates on Entrust’s behalf—that still rely on SSL.com roots to maintain browser trust. Cloudflare even enabled SSL.com certificates to ease migration.

--> Certificates issued before 31/10/2024 will remain valid. Certificate issued after 31/10/2024 will be no longer trusted by Google.

--> "Entrust made no moves to revoke or replace the affected certificates."

Summary

Google, Mozilla, and Apple have withdrawn trust in Entrust’s public roots, but each did so at slightly different times and with varying scopes:

• Chrome/Google — bye to Entrust-issued TLS certs after Nov 11, 2024.

• Apple/Safari — blocks wider certificate types (TLS, S/MIME, VMCs) after Nov 15, 2024.

• Firefox/Mozilla — distrust kicks in end-Nov 2024.

Entrust’s existing certificates issued before those dates remain valid. For new issuance, organizations should migrate to trusted alternatives—like SSL.com or DigiCert—to avoid browser compatibility issues.

Find rdf file name from EBS Concurrent Program

 

1) Go to system administrator > Concurrent > Program > Define.

Search for the program name and copy the executable name.

2) Use below query and paste the executable name.

SELECT APPLICATION_NAME,'$'||BASEPATH||'/'||'reports/US' Reports_Path,EXECUTION_FILE_NAME FROM APPS.FND_EXECUTABLES_VL A, APPS.FND_APPLICATION_VL B WHERE EXECUTION_METHOD_CODE='P' AND A.APPLICATION_ID=B.APPLICATION_ID AND EXECUTION_FILE_NAME like '%&RDF_NAME%';

General Queries

 SELECT 

    owner, 

    segment_name AS table_name,

    ROUND(SUM(bytes) / 1024 / 1024 / 1024, 2) AS size_gb

FROM 

    dba_segments

WHERE 

    segment_type = 'TABLE'

    AND segment_name in ('FV_GTAS1_PERIOD_BALANCES_V_BKPSK','FV_DACT_PERIOD_BALANCES_V_BKPSK','FV_DACT_ENDING_BALANCES_BKPSK','FV_GTAS_ENDING_BALANCES_BKPSK')

    AND owner = ('HHSBKP')

GROUP BY 

    owner, segment_name;

Size of the objects in Tablespace

SELECT

    owner,

    segment_name,

    segment_type,

    tablespace_name,

    ROUND(SUM(bytes) / 1024 / 1024/1024, 2) AS size_GB

FROM

    dba_segments

WHERE

    tablespace_name = 'UFMSD'

GROUP BY

    owner, segment_name, segment_type, tablespace_name

ORDER BY

    size_GB DESC;

Include Total and Used Space for That Tablespace:

SELECT

    df.tablespace_name,

    ROUND(df.total_space_mb, 2) AS total_space_mb,

    ROUND(NVL(fs.free_space_mb, 0), 2) AS free_space_mb,

    ROUND(df.total_space_mb - NVL(fs.free_space_mb, 0), 2) AS used_space_mb,

    ROUND((NVL(fs.free_space_mb, 0) / df.total_space_mb) * 100, 2) AS free_percent

FROM

    (SELECT

         tablespace_name,

         SUM(bytes) / 1024 / 1024 AS total_space_mb

     FROM

         dba_data_files

     WHERE

         tablespace_name = 'YOUR_TABLESPACE_NAME'

     GROUP BY

         tablespace_name) df

LEFT JOIN

    (SELECT

         tablespace_name,

         SUM(bytes) / 1024 / 1024 AS free_space_mb

     FROM

         dba_free_space

     WHERE

         tablespace_name = 'YOUR_TABLESPACE_NAME'

     GROUP BY

         tablespace_name) fs

ON

    df.tablespace_name = fs.tablespace_name;

SELECT name, total_mb/1024, free_mb/1024, usable_file_mb/1024, offline_disks 

FROM v$asm_diskgroup 

WHERE name = 'DATAC1';

SELECT type, SUM(bytes)/1024/1024/1024 AS size_gb

FROM v$asm_file

WHERE group_number = (SELECT group_number FROM v$asm_diskgroup WHERE name = 'DATAC1')

GROUP BY type;

ETCC

 1001  2025-06-25.14:32:16 ls -ltr *env

 1002  2025-06-25.14:32:21 . DRAM5I_EBSDE3.env

 1003  2025-06-25.14:32:31 mkdir -p $ORACLE_HOME/appsutil/ETCC

 1004  2025-06-25.14:32:40 cd $ORACLE_HOME/appsutil/ETCC

 1005  2025-06-25.14:32:49 unzip -o /ood_repository/RAM/Patches/CPU/Jan2025/p17537119_R12_GENERIC.zip

 1006  2025-06-25.14:33:06 source $ORACLE_HOME/DRAM5I_lufRAMfexanpq1-ram5g2.env

 1007  2025-06-25.14:33:18 ./checkDBpatch.sh

 1008  2025-06-25.14:34:07 more /u02/app/oracle/product/19.0.0.0/dbhome_2/appsutil/ETCC/log/checkDBpatch_118863.log

Terraform template to deploy a complete VCN setup in Oracle Cloud Infrastructure (OCI)

Terraform template to deploy a complete VCN setup in Oracle Cloud Infrastructure (OCI). It includes:

## VCN

### Public and Private Subnets

## Internet Gateway

### NAT Gateway

## Service Gateway

### Route Tables

## Security Lists

### Optional compute instance placeholders

provider "oci" {

  region       = var.region

  tenancy_ocid = var.tenancy_ocid

  user_ocid    = var.user_ocid

  fingerprint  = var.fingerprint

  private_key_path = var.private_key_path

}

# Create VCN

resource "oci_core_virtual_network" "vcn" {

  cidr_block     = "10.0.0.0/16"

  compartment_id = var.compartment_id

  display_name   = "my-vcn"

  dns_label      = "myvcn"

}

# Internet Gateway

resource "oci_core_internet_gateway" "ig" {

  compartment_id = var.compartment_id

  vcn_id         = oci_core_virtual_network.vcn.id

  display_name   = "my-igw"

  is_enabled     = true

}

# NAT Gateway

resource "oci_core_nat_gateway" "nat" {

  compartment_id = var.compartment_id

  vcn_id         = oci_core_virtual_network.vcn.id

  display_name   = "my-nat"

}

# Service Gateway

resource "oci_core_service_gateway" "svc_gateway" {

  compartment_id = var.compartment_id

  vcn_id         = oci_core_virtual_network.vcn.id

  services {

    service_id = data.oci_core_services.all_services.services[0].id

  }

  display_name = "my-service-gw"

}

data "oci_core_services" "all_services" {

  filter {

    name   = "name"

    values = ["All .* Services In Oracle Services Network"]

    regex  = true

  }

}

# Public Subnet

resource "oci_core_subnet" "public_subnet" {

  cidr_block        = "10.0.0.0/24"

  compartment_id    = var.compartment_id

  vcn_id            = oci_core_virtual_network.vcn.id

  display_name      = "public-subnet"

  dns_label         = "pubsubnet"

  route_table_id    = oci_core_route_table.public_rt.id

  security_list_ids = [oci_core_security_list.public_sl.id]

  prohibit_public_ip_on_vnic = false

}

# Private Subnet

resource "oci_core_subnet" "private_subnet" {

  cidr_block        = "10.0.1.0/24"

  compartment_id    = var.compartment_id

  vcn_id            = oci_core_virtual_network.vcn.id

  display_name      = "private-subnet"

  dns_label         = "privsubnet"

  route_table_id    = oci_core_route_table.private_rt.id

  security_list_ids = [oci_core_security_list.private_sl.id]

  prohibit_public_ip_on_vnic = true

}

# Route Table for Public Subnet

resource "oci_core_route_table" "public_rt" {

  compartment_id = var.compartment_id

  vcn_id         = oci_core_virtual_network.vcn.id

  display_name   = "public-rt"

  route_rules {

    destination       = "0.0.0.0/0"

    destination_type  = "CIDR_BLOCK"

    network_entity_id = oci_core_internet_gateway.ig.id

  }

}

# Route Table for Private Subnet

resource "oci_core_route_table" "private_rt" {

  compartment_id = var.compartment_id

  vcn_id         = oci_core_virtual_network.vcn.id

  display_name   = "private-rt"

  route_rules {

    destination       = "0.0.0.0/0"

    destination_type  = "CIDR_BLOCK"

    network_entity_id = oci_core_nat_gateway.nat.id

  }

  route_rules {

    destination       = data.oci_core_services.all_services.services[0].cidr_block

    destination_type  = "SERVICE_CIDR_BLOCK"

    network_entity_id = oci_core_service_gateway.svc_gateway.id

  }

}

# Security List for Public Subnet

resource "oci_core_security_list" "public_sl" {

  compartment_id = var.compartment_id

  vcn_id         = oci_core_virtual_network.vcn.id

  display_name   = "public-security-list"

  ingress_security_rules {

    protocol = "6"

    source   = "0.0.0.0/0"

    tcp_options {

      min = 22

      max = 22

    }

  }

  egress_security_rules {

    protocol = "all"

    destination = "0.0.0.0/0"

  }

}

# Security List for Private Subnet

resource "oci_core_security_list" "private_sl" {

  compartment_id = var.compartment_id

  vcn_id         = oci_core_virtual_network.vcn.id

  display_name   = "private-security-list"

  ingress_security_rules {

    protocol = "6"

    source   = oci_core_subnet.public_subnet.cidr_block

    tcp_options {

      min = 22

      max = 22

    }

  }

  egress_security_rules {

    protocol = "all"

    destination = "0.0.0.0/0"

  }

}

================

Save the files as main.tf and variables.tf.

Run:

bash

terraform init

terraform plan

terraform apply

You’ll be prompted for values (or set them via a terraform.tfvars file).

Virtual Cloud Network - Networking Constructs

 

Simple Architecture:

Oracle Cloud Infrastructure (OCI) – VCN Networking Constructs

In Oracle Cloud Infrastructure (OCI), a VCN (Virtual Cloud Network) is the foundational networking component that allows you to securely connect and isolate cloud resources like compute instances, databases, and load balancers.

What is a VCN in OCI?

A VCN (Virtual Cloud Network) is a software-defined private network that closely resembles a traditional on-premises network, including subnets, route tables, gateways, and firewall rules. It is region-specific and highly configurable.

Example Architecture:

OCI’s Virtual Cloud Network (VCN) allows you to build isolated, secure, and highly configurable networks in the cloud. Below are the key constructs used in OCI VCNs:

---

1. VCN (Virtual Cloud Network)

• A customizable, private network in a specific OCI region.

• CIDR block range: /16 to /30, e.g., 10.0.0.0/16.

• Supports multiple subnets and regional architecture.

---

2. Subnets

• Regional (not tied to availability domains).

• Two types:

  • Public Subnet: Associated with Internet Gateway; resources can be publicly accessible.

  • Private Subnet: No internet access; used for internal workloads.

---

3. Route Tables

• Define how traffic is routed from the subnet.

• Each subnet is associated with a single route table.

• Common targets:

  • Internet Gateway for public access

  • NAT Gateway for outbound access from private subnets

  • Service Gateway for OCI services (e.g., Object Storage)

  • Dynamic Routing Gateway (DRG) for on-premises or remote VCN connectivity

---

4. Internet Gateway (IG)

• Enables outbound and inbound internet traffic for public subnets.

• Must be added to the route table for use.

---

5. NAT Gateway

• Allows private subnet instances to access the internet for outbound-only communication.

• Keeps the resources not directly reachable from the internet.

---

6. Service Gateway

• Allows private subnets to access OCI services (like Object Storage) without using the internet.

• Traffic stays within the OCI network backbone.

---

7. Dynamic Routing Gateway (DRG)

• Connects a VCN with:

  • On-premises network over IPSec VPN

  • FastConnect (dedicated private connection)

  • Other VCNs (remote peering)

• Essential for hybrid and multi-region cloud setups.

---

8. Local and Remote Peering

• Local Peering: Connects two VCNs within the same region.

• Remote Peering: Connects VCNs across regions via DRG and RPC (Remote Peering Connection).

---

9. Security Lists

• Stateless or stateful firewall rules applied at the subnet level.

• Specify source/destination CIDRs, protocols, and ports.

• Less granular than NSGs.

---

10. Network Security Groups (NSGs)

• Apply firewall rules to individual resources (like compute instances or load balancers).

• Allow resource-level access control.

• Preferred over security lists for more precise configurations.

---

11. Public IPs

• Two types:

  • Ephemeral: Temporary, attached at instance launch.

  • Reserved: Static and can be attached/detached from resources.

---

Example: Simple OCI VCN Setup

Components:

• VCN: 10.0.0.0/16

• Public Subnet: 10.0.0.0/24 with IGW

• Private Subnet: 10.0.1.0/24 with NAT Gateway

• Internet Gateway

• NAT Gateway

• Route Tables (2): One for public, one for private subnet

• Security Lists or NSGs to control access

• Service Gateway for private access to OCI services

---

 Terraform Snippet (Example)

resource "oci_core_virtual_network" "vcn" {
  cidr_block = "10.0.0.0/16"
  compartment_id = var.compartment_id
  display_name = "my-vcn"
}

resource "oci_core_internet_gateway" "igw" {
  compartment_id = var.compartment_id
  display_name = "my-internet-gateway"
  vcn_id = oci_core_virtual_network.vcn.id
  is_enabled = true
}

Script to generate PNG image:

import matplotlib.pyplot as plt

import matplotlib.patches as patches

fig, ax = plt.subplots(figsize=(14, 10))

ax.set_xlim(0, 120)

ax.set_ylim(0, 110)

ax.axis('off')

# VCN

vcn = patches.Rectangle((5, 15), 90, 85, linewidth=2, edgecolor='blue', facecolor='lightblue')

ax.add_patch(vcn)

ax.text(50, 105, "VCN: 10.0.0.0/16", fontsize=14, ha='center', weight='bold')

# Public Subnet

public_subnet = patches.Rectangle((10, 75), 35, 20, linewidth=1.5, edgecolor='green', facecolor='lightgreen')

ax.add_patch(public_subnet)

ax.text(27.5, 93, "Public Subnet\n10.0.0.0/24", ha='center', fontsize=10)

# Private Subnet

private_subnet = patches.Rectangle((55, 75), 35, 20, linewidth=1.5, edgecolor='orange', facecolor='moccasin')

ax.add_patch(private_subnet)

ax.text(72.5, 93, "Private Subnet\n10.0.1.0/24", ha='center', fontsize=10)

# Instances

ax.text(20, 85, "Web Server\n(Public IP)", fontsize=9, ha='center')

ax.plot(20, 82, marker='s', markersize=10, color='darkgreen')

ax.text(30, 85, "Bastion Host", fontsize=9, ha='center')

ax.plot(30, 82, marker='s', markersize=10, color='darkgreen')

ax.text(65, 85, "App Server", fontsize=9, ha='center')

ax.plot(65, 82, marker='s', markersize=10, color='darkorange')

ax.text(80, 85, "DB Server", fontsize=9, ha='center')

ax.plot(80, 82, marker='s', markersize=10, color='darkorange')

# Gateways

ax.text(20, 55, "Internet Gateway", fontsize=9, ha='center')

ax.plot(20, 52, marker='o', markersize=10, color='blue')

ax.text(80, 55, "NAT Gateway", fontsize=9, ha='center')

ax.plot(80, 52, marker='o', markersize=10, color='purple')

ax.text(50, 30, "Service Gateway", fontsize=9, ha='center')

ax.plot(50, 27, marker='o', markersize=10, color='gray')

# DRG, VPN, FastConnect, On-Prem

ax.text(100, 80, "DRG", fontsize=10, ha='center', weight='bold')

ax.plot(100, 77, marker='o', markersize=12, color='black')

ax.text(100, 65, "IPSec VPN", fontsize=9, ha='center')

ax.plot(100, 62, marker='D', markersize=8, color='teal')

ax.text(100, 50, "FastConnect", fontsize=9, ha='center')

ax.plot(100, 47, marker='D', markersize=8, color='gold')

ax.text(115, 70, "On-Premises\nNetwork", fontsize=9, ha='center')

ax.plot(115, 67, marker='s', markersize=12, color='brown')

# Arrows

ax.annotate("", xy=(20, 75), xytext=(20, 52), arrowprops=dict(arrowstyle="->"))

ax.annotate("", xy=(80, 75), xytext=(80, 52), arrowprops=dict(arrowstyle="->"))

ax.annotate("", xy=(65, 75), xytext=(50, 27), arrowprops=dict(arrowstyle="->"))

# DRG arrows

ax.annotate("", xy=(90, 80), xytext=(100, 77), arrowprops=dict(arrowstyle="->"))

ax.annotate("", xy=(100, 77), xytext=(100, 62), arrowprops=dict(arrowstyle="->", color='teal'))

ax.annotate("", xy=(100, 77), xytext=(100, 47), arrowprops=dict(arrowstyle="->", color='gold'))

ax.annotate("", xy=(100, 62), xytext=(115, 67), arrowprops=dict(arrowstyle="->", color='brown'))

ax.annotate("", xy=(100, 47), xytext=(115, 67), arrowprops=dict(arrowstyle="->", color='brown'))

# Save to file

plt.tight_layout()

plt.savefig("oci_vcn_architecture.png", dpi=300)

plt.show()