ETCC

 1001  2025-06-25.14:32:16 ls -ltr *env

 1002  2025-06-25.14:32:21 . DRAM5I_EBSDE3.env

 1003  2025-06-25.14:32:31 mkdir -p $ORACLE_HOME/appsutil/ETCC

 1004  2025-06-25.14:32:40 cd $ORACLE_HOME/appsutil/ETCC

 1005  2025-06-25.14:32:49 unzip -o /ood_repository/RAM/Patches/CPU/Jan2025/p17537119_R12_GENERIC.zip

 1006  2025-06-25.14:33:06 source $ORACLE_HOME/DRAM5I_lufRAMfexanpq1-ram5g2.env

 1007  2025-06-25.14:33:18 ./checkDBpatch.sh

 1008  2025-06-25.14:34:07 more /u02/app/oracle/product/19.0.0.0/dbhome_2/appsutil/ETCC/log/checkDBpatch_118863.log

Terraform template to deploy a complete VCN setup in Oracle Cloud Infrastructure (OCI)

Terraform template to deploy a complete VCN setup in Oracle Cloud Infrastructure (OCI). It includes:

## VCN

### Public and Private Subnets

## Internet Gateway

### NAT Gateway

## Service Gateway

### Route Tables

## Security Lists

### Optional compute instance placeholders

provider "oci" {

  region       = var.region

  tenancy_ocid = var.tenancy_ocid

  user_ocid    = var.user_ocid

  fingerprint  = var.fingerprint

  private_key_path = var.private_key_path

}

# Create VCN

resource "oci_core_virtual_network" "vcn" {

  cidr_block     = "10.0.0.0/16"

  compartment_id = var.compartment_id

  display_name   = "my-vcn"

  dns_label      = "myvcn"

}

# Internet Gateway

resource "oci_core_internet_gateway" "ig" {

  compartment_id = var.compartment_id

  vcn_id         = oci_core_virtual_network.vcn.id

  display_name   = "my-igw"

  is_enabled     = true

}

# NAT Gateway

resource "oci_core_nat_gateway" "nat" {

  compartment_id = var.compartment_id

  vcn_id         = oci_core_virtual_network.vcn.id

  display_name   = "my-nat"

}

# Service Gateway

resource "oci_core_service_gateway" "svc_gateway" {

  compartment_id = var.compartment_id

  vcn_id         = oci_core_virtual_network.vcn.id

  services {

    service_id = data.oci_core_services.all_services.services[0].id

  }

  display_name = "my-service-gw"

}

data "oci_core_services" "all_services" {

  filter {

    name   = "name"

    values = ["All .* Services In Oracle Services Network"]

    regex  = true

  }

}

# Public Subnet

resource "oci_core_subnet" "public_subnet" {

  cidr_block        = "10.0.0.0/24"

  compartment_id    = var.compartment_id

  vcn_id            = oci_core_virtual_network.vcn.id

  display_name      = "public-subnet"

  dns_label         = "pubsubnet"

  route_table_id    = oci_core_route_table.public_rt.id

  security_list_ids = [oci_core_security_list.public_sl.id]

  prohibit_public_ip_on_vnic = false

}

# Private Subnet

resource "oci_core_subnet" "private_subnet" {

  cidr_block        = "10.0.1.0/24"

  compartment_id    = var.compartment_id

  vcn_id            = oci_core_virtual_network.vcn.id

  display_name      = "private-subnet"

  dns_label         = "privsubnet"

  route_table_id    = oci_core_route_table.private_rt.id

  security_list_ids = [oci_core_security_list.private_sl.id]

  prohibit_public_ip_on_vnic = true

}

# Route Table for Public Subnet

resource "oci_core_route_table" "public_rt" {

  compartment_id = var.compartment_id

  vcn_id         = oci_core_virtual_network.vcn.id

  display_name   = "public-rt"

  route_rules {

    destination       = "0.0.0.0/0"

    destination_type  = "CIDR_BLOCK"

    network_entity_id = oci_core_internet_gateway.ig.id

  }

}

# Route Table for Private Subnet

resource "oci_core_route_table" "private_rt" {

  compartment_id = var.compartment_id

  vcn_id         = oci_core_virtual_network.vcn.id

  display_name   = "private-rt"

  route_rules {

    destination       = "0.0.0.0/0"

    destination_type  = "CIDR_BLOCK"

    network_entity_id = oci_core_nat_gateway.nat.id

  }

  route_rules {

    destination       = data.oci_core_services.all_services.services[0].cidr_block

    destination_type  = "SERVICE_CIDR_BLOCK"

    network_entity_id = oci_core_service_gateway.svc_gateway.id

  }

}

# Security List for Public Subnet

resource "oci_core_security_list" "public_sl" {

  compartment_id = var.compartment_id

  vcn_id         = oci_core_virtual_network.vcn.id

  display_name   = "public-security-list"

  ingress_security_rules {

    protocol = "6"

    source   = "0.0.0.0/0"

    tcp_options {

      min = 22

      max = 22

    }

  }

  egress_security_rules {

    protocol = "all"

    destination = "0.0.0.0/0"

  }

}

# Security List for Private Subnet

resource "oci_core_security_list" "private_sl" {

  compartment_id = var.compartment_id

  vcn_id         = oci_core_virtual_network.vcn.id

  display_name   = "private-security-list"

  ingress_security_rules {

    protocol = "6"

    source   = oci_core_subnet.public_subnet.cidr_block

    tcp_options {

      min = 22

      max = 22

    }

  }

  egress_security_rules {

    protocol = "all"

    destination = "0.0.0.0/0"

  }

}

================

Save the files as main.tf and variables.tf.

Run:

bash

terraform init

terraform plan

terraform apply

You’ll be prompted for values (or set them via a terraform.tfvars file).

Virtual Cloud Network - Networking Constructs

 

Simple Architecture:

Oracle Cloud Infrastructure (OCI) – VCN Networking Constructs

In Oracle Cloud Infrastructure (OCI), a VCN (Virtual Cloud Network) is the foundational networking component that allows you to securely connect and isolate cloud resources like compute instances, databases, and load balancers.

What is a VCN in OCI?

A VCN (Virtual Cloud Network) is a software-defined private network that closely resembles a traditional on-premises network, including subnets, route tables, gateways, and firewall rules. It is region-specific and highly configurable.

Example Architecture:

OCI’s Virtual Cloud Network (VCN) allows you to build isolated, secure, and highly configurable networks in the cloud. Below are the key constructs used in OCI VCNs:

---

1. VCN (Virtual Cloud Network)

• A customizable, private network in a specific OCI region.

• CIDR block range: /16 to /30, e.g., 10.0.0.0/16.

• Supports multiple subnets and regional architecture.

---

2. Subnets

• Regional (not tied to availability domains).

• Two types:

  • Public Subnet: Associated with Internet Gateway; resources can be publicly accessible.

  • Private Subnet: No internet access; used for internal workloads.

---

3. Route Tables

• Define how traffic is routed from the subnet.

• Each subnet is associated with a single route table.

• Common targets:

  • Internet Gateway for public access

  • NAT Gateway for outbound access from private subnets

  • Service Gateway for OCI services (e.g., Object Storage)

  • Dynamic Routing Gateway (DRG) for on-premises or remote VCN connectivity

---

4. Internet Gateway (IG)

• Enables outbound and inbound internet traffic for public subnets.

• Must be added to the route table for use.

---

5. NAT Gateway

• Allows private subnet instances to access the internet for outbound-only communication.

• Keeps the resources not directly reachable from the internet.

---

6. Service Gateway

• Allows private subnets to access OCI services (like Object Storage) without using the internet.

• Traffic stays within the OCI network backbone.

---

7. Dynamic Routing Gateway (DRG)

• Connects a VCN with:

  • On-premises network over IPSec VPN

  • FastConnect (dedicated private connection)

  • Other VCNs (remote peering)

• Essential for hybrid and multi-region cloud setups.

---

8. Local and Remote Peering

• Local Peering: Connects two VCNs within the same region.

• Remote Peering: Connects VCNs across regions via DRG and RPC (Remote Peering Connection).

---

9. Security Lists

• Stateless or stateful firewall rules applied at the subnet level.

• Specify source/destination CIDRs, protocols, and ports.

• Less granular than NSGs.

---

10. Network Security Groups (NSGs)

• Apply firewall rules to individual resources (like compute instances or load balancers).

• Allow resource-level access control.

• Preferred over security lists for more precise configurations.

---

11. Public IPs

• Two types:

  • Ephemeral: Temporary, attached at instance launch.

  • Reserved: Static and can be attached/detached from resources.

---

Example: Simple OCI VCN Setup

Components:

• VCN: 10.0.0.0/16

• Public Subnet: 10.0.0.0/24 with IGW

• Private Subnet: 10.0.1.0/24 with NAT Gateway

• Internet Gateway

• NAT Gateway

• Route Tables (2): One for public, one for private subnet

• Security Lists or NSGs to control access

• Service Gateway for private access to OCI services

---

 Terraform Snippet (Example)

resource "oci_core_virtual_network" "vcn" {
  cidr_block = "10.0.0.0/16"
  compartment_id = var.compartment_id
  display_name = "my-vcn"
}

resource "oci_core_internet_gateway" "igw" {
  compartment_id = var.compartment_id
  display_name = "my-internet-gateway"
  vcn_id = oci_core_virtual_network.vcn.id
  is_enabled = true
}

Script to generate PNG image:

import matplotlib.pyplot as plt

import matplotlib.patches as patches

fig, ax = plt.subplots(figsize=(14, 10))

ax.set_xlim(0, 120)

ax.set_ylim(0, 110)

ax.axis('off')

# VCN

vcn = patches.Rectangle((5, 15), 90, 85, linewidth=2, edgecolor='blue', facecolor='lightblue')

ax.add_patch(vcn)

ax.text(50, 105, "VCN: 10.0.0.0/16", fontsize=14, ha='center', weight='bold')

# Public Subnet

public_subnet = patches.Rectangle((10, 75), 35, 20, linewidth=1.5, edgecolor='green', facecolor='lightgreen')

ax.add_patch(public_subnet)

ax.text(27.5, 93, "Public Subnet\n10.0.0.0/24", ha='center', fontsize=10)

# Private Subnet

private_subnet = patches.Rectangle((55, 75), 35, 20, linewidth=1.5, edgecolor='orange', facecolor='moccasin')

ax.add_patch(private_subnet)

ax.text(72.5, 93, "Private Subnet\n10.0.1.0/24", ha='center', fontsize=10)

# Instances

ax.text(20, 85, "Web Server\n(Public IP)", fontsize=9, ha='center')

ax.plot(20, 82, marker='s', markersize=10, color='darkgreen')

ax.text(30, 85, "Bastion Host", fontsize=9, ha='center')

ax.plot(30, 82, marker='s', markersize=10, color='darkgreen')

ax.text(65, 85, "App Server", fontsize=9, ha='center')

ax.plot(65, 82, marker='s', markersize=10, color='darkorange')

ax.text(80, 85, "DB Server", fontsize=9, ha='center')

ax.plot(80, 82, marker='s', markersize=10, color='darkorange')

# Gateways

ax.text(20, 55, "Internet Gateway", fontsize=9, ha='center')

ax.plot(20, 52, marker='o', markersize=10, color='blue')

ax.text(80, 55, "NAT Gateway", fontsize=9, ha='center')

ax.plot(80, 52, marker='o', markersize=10, color='purple')

ax.text(50, 30, "Service Gateway", fontsize=9, ha='center')

ax.plot(50, 27, marker='o', markersize=10, color='gray')

# DRG, VPN, FastConnect, On-Prem

ax.text(100, 80, "DRG", fontsize=10, ha='center', weight='bold')

ax.plot(100, 77, marker='o', markersize=12, color='black')

ax.text(100, 65, "IPSec VPN", fontsize=9, ha='center')

ax.plot(100, 62, marker='D', markersize=8, color='teal')

ax.text(100, 50, "FastConnect", fontsize=9, ha='center')

ax.plot(100, 47, marker='D', markersize=8, color='gold')

ax.text(115, 70, "On-Premises\nNetwork", fontsize=9, ha='center')

ax.plot(115, 67, marker='s', markersize=12, color='brown')

# Arrows

ax.annotate("", xy=(20, 75), xytext=(20, 52), arrowprops=dict(arrowstyle="->"))

ax.annotate("", xy=(80, 75), xytext=(80, 52), arrowprops=dict(arrowstyle="->"))

ax.annotate("", xy=(65, 75), xytext=(50, 27), arrowprops=dict(arrowstyle="->"))

# DRG arrows

ax.annotate("", xy=(90, 80), xytext=(100, 77), arrowprops=dict(arrowstyle="->"))

ax.annotate("", xy=(100, 77), xytext=(100, 62), arrowprops=dict(arrowstyle="->", color='teal'))

ax.annotate("", xy=(100, 77), xytext=(100, 47), arrowprops=dict(arrowstyle="->", color='gold'))

ax.annotate("", xy=(100, 62), xytext=(115, 67), arrowprops=dict(arrowstyle="->", color='brown'))

ax.annotate("", xy=(100, 47), xytext=(115, 67), arrowprops=dict(arrowstyle="->", color='brown'))

# Save to file

plt.tight_layout()

plt.savefig("oci_vcn_architecture.png", dpi=300)

plt.show()