In this installment of the series of OCI fundamentals, we shall understand with networking with OCI. And in this post, we shall look at what is virtual cloud network (VCN) in OCI. Let’s get started.
Virtual Cloud Network(VCN)
VCN is a software based private network. Now since it’s a software-only entity, it means that for the users/customers, access is only for managing this network. The underlying hardware access not available to the users. Logical or not, since VCN is a network architecture, it’s usage is just the same in the OCI as the usage of normal network – connect computers. In the case of OCI, it’s to connect OCI compute instances with each other and/or with the outer world. Needless to say that this communication is secure.
So where is this VCN is being used? To understand that, let’s do a recap of OCI fundamentals quickly. We have already discussed that in OCI, there is a region which is a geographical area. In a region we have an Activity Domain(AD) which contains data centers. And then in these data centers(which means in an AD), we have compute instances of different shapes(hardware attributes i.e. CPU/RAM etc.). So now a VCN is created is within a region encompassing an AD and giving connectivity to the computer instances. Here is how it may appear,
Here the outer rectangle is depicting the Region. Inner solid line Green rectangle is the AD. Within AD, there are two compute instances(solid filled) and connecting the compute instances is the VCN(dotted line rectangle in Black color).
Now VCN is a network, logically available but still it’s a network. Any network in computer world is based on the address that a computer can have, commonly known as IP address. Any IP address is assigned from a range of the IP addresses. The same is applicable and followed for VCN too and to the compute instances. Now a bit recap (I know, 2nd time but it’s important) about IP addresses. An IP address is assigned to a computer from a range and these ranges are assigned out of 5 classes- A,B, C & D. Yes there is also a class E but that’s reserved for research. Even D is not what is used in the real world much except for Multicasting. Normally IP addresses are assigned from the classes A, B and C.
But what purpose an IP address solves? Well an IP address is assigned to a computer so that it’s discoverable over the network. It can be a local network or from the internet. Now, depending on the work that this computer is assigned to do, may or may not one want the computer to be discoverable or better put, discoverable from the public internet. IP addresses are assigned from the IP classes. But a small issue is that these IP addresses are actually Public IP addresses. Yeah, there are also Private IP addresses and we shall discuss both just in a bit. But simply put, if an IP address is Public, that address is discoverable from anywhere, including the internet. Now, for a laptop of yours from where you are reading this blog post and mine, from where I posted it, we both do want our IP addresses to be able to connect to the internet, simply because if we couldn’t, neither this post could had been posted nor anyone could read it. But if your computer is hosting crucial, sensitive data, for example bank’s data, you won’t want it to be reachable through the internet or from the public domain.
Another important distinction between the Public and Private IP addresses is that former is supposed to be purchased and later are available for free. Interesting isn’t it? And that’s changes our above given example of laptop of yours and mine slightly. The IP that we both have is actually a private IP address. Confused? Well, let’s see an example. Let’s suppose you are setting up a University and you will have close to 5000 desktops over there. So now you need to have 5000 IP addresses purchased and used. Not only the purchase is going to be costly but also, if tomorrow you will add more computers, you need to do the same thing again. It will just add to the overall cost and complexity and moreover, it will also take away the total number of Public IP addresses available globally. So that’s where the Private IP addresses come into the picture. What is done is that from each class, some IP addresses are taken and they are going to be available to us free, private network addresses.
So why we did talk about Public, Private IP addresses etc.? To make the point clear that these compute instances within an OCI are assigned private IP addresses. Now the way these IP addresses are assigned is done using CIDR (Classless Inter Domain Routing) which is the replacement of the earlier used Class Full addressing scheme that was earlier used. Now before we can understand CIDR, we must understand that how an IP address is represented. Any IP address is represented by two parts, one part which represents the network ID and the 2nd part that represents the host ID. Any IP address is written something like this – 184.108.40.206. So what we have is that every IP address is represented by 4 octets and each octet is represented by 8 bits and hence, the IP address is called as a 32 Bit IP address. And this is done with the help of Subnetting , simply put-how many bits are masked and how many are not. So if we have an IP address like 220.127.116.11 which is of Class C, it’s subnet mask is going to be 255.255.255.0. And it means that we have 24 bits masked(represented by 1). Now in in CIDR, this address will be represented by putting the number of bits masked at the end of the subnet address. So now the same IP address of 18.104.22.168 will be written under CIDR representation as 22.214.171.124/24. So it means that now there are 24 bits which represent Network and the remaining one are meant for representing Host. So forward slash (/) is to tell that how many network bits are masked or are turned on. This CIDR representation of CIDR is usually used to assign the IP addresses to computers which are of a certain company or to a specific organization.
Now, the take away is that the IP addresses assigned to the compute instances are private IP addresses and they use the above mentioned CIDR addressing scheme. Each compute instance in a VCN gets its own private IP address from the assigned range or precisely put from a subnet range. Each compute instance will be inside its own subnet. Each of these subnets are secured and since an instance belongs to a subnet, inherently an instance is also secured.
Now, that’s pretty much is sufficient for this blog post. In the next post, we shall see some more aspects of networking within VCN.
Hope that helped.