oracle cloud infrastructure classic ネットワーク機能詳細
Post on 21-Jan-2018
239 views
TRANSCRIPT
![Page 1: Oracle Cloud Infrastructure Classic ネットワーク機能詳細](https://reader034.vdocuments.mx/reader034/viewer/2022051504/5a6479187f8b9a4c568b461b/html5/thumbnails/1.jpg)
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Oracle Cloud InfrastructureOCI Classic v2.7
2017 12
![Page 2: Oracle Cloud Infrastructure Classic ネットワーク機能詳細](https://reader034.vdocuments.mx/reader034/viewer/2022051504/5a6479187f8b9a4c568b461b/html5/thumbnails/2.jpg)
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Safe Harbor Statement
3
![Page 3: Oracle Cloud Infrastructure Classic ネットワーク機能詳細](https://reader034.vdocuments.mx/reader034/viewer/2022051504/5a6479187f8b9a4c568b461b/html5/thumbnails/3.jpg)
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
• Oracle Cloud Infrastructure (OCI)
• 2017 9 Bare Metal Cloud Service (BMC) Oracle Cloud Infrastructure (OCI) Oracle Public Cloud (OPC) Oracle Cloud Infrastructure Classic (OCI Classic)
• OCI Classic OCI Classic PaaSOracle Cloud Infrastructure( Bare Metal Cloud) Oracle Ravello
–
•Oracle Cloud
(http://cloud.oracle.com)
4
• Oracle Cloud Infrastructure Compute Classic• Oracle Database Cloud Service (on OCI Classic)
• Oracle Java Cloud Service (on OCI Classic)• OCI SOA Cloud Service (on OCI Classic)
![Page 4: Oracle Cloud Infrastructure Classic ネットワーク機能詳細](https://reader034.vdocuments.mx/reader034/viewer/2022051504/5a6479187f8b9a4c568b461b/html5/thumbnails/4.jpg)
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
OCI Classic
5
![Page 5: Oracle Cloud Infrastructure Classic ネットワーク機能詳細](https://reader034.vdocuments.mx/reader034/viewer/2022051504/5a6479187f8b9a4c568b461b/html5/thumbnails/5.jpg)
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 7
OCI Classic SDN (IP )
![Page 6: Oracle Cloud Infrastructure Classic ネットワーク機能詳細](https://reader034.vdocuments.mx/reader034/viewer/2022051504/5a6479187f8b9a4c568b461b/html5/thumbnails/6.jpg)
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
• Oracle Cloud 1
• OracleIP IP
• 30bit
L3
• PaaS
8
Oracle Cloud
Instance1
eth0
Instance2 Instance3 Instance4
eth0 eth0 eth0
: 10.168.0.0/16
Instance5
eth0
Internet / FastConnect
.22/30 .42/30
Identity Domain 1 Identity Domain 2
.50/30 .134/30 .6/30
NAT
129.152.148.131( IP)
129.152.148.130( IP)
![Page 7: Oracle Cloud Infrastructure Classic ネットワーク機能詳細](https://reader034.vdocuments.mx/reader034/viewer/2022051504/5a6479187f8b9a4c568b461b/html5/thumbnails/7.jpg)
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
• 2016 10( )
•
–
• IPNIC IP
10
Instance1
eth0 eth1
IP : 192.168.3.0/24
IP : 192.168.2.0/24
IP : 192.168.2.0/24
Instance2 Instance3 Instance4
eth1 eth2 eth1 eth2 eth0 eth1
: 10.32.1.0/24
Instance5
eth1 eth1
internet
.21 .42.2 .3
Identity Domain 1 Identity Domain 2
.4.2 .3 .2 .3
129.152.148.130( IP)
129.152.148.131( IP)
IP
NAT
![Page 8: Oracle Cloud Infrastructure Classic ネットワーク機能詳細](https://reader034.vdocuments.mx/reader034/viewer/2022051504/5a6479187f8b9a4c568b461b/html5/thumbnails/8.jpg)
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
IP
…1.
2. IP
3. ( NIC)
4. VPN (Corente Cloud Gateway)WAN (GRE )
5. / (/ )
6. NIC MAC( MAC )
11
![Page 9: Oracle Cloud Infrastructure Classic ネットワーク機能詳細](https://reader034.vdocuments.mx/reader034/viewer/2022051504/5a6479187f8b9a4c568b461b/html5/thumbnails/9.jpg)
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 12
Web
VPN VPN
VPN
![Page 10: Oracle Cloud Infrastructure Classic ネットワーク機能詳細](https://reader034.vdocuments.mx/reader034/viewer/2022051504/5a6479187f8b9a4c568b461b/html5/thumbnails/10.jpg)
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 13
Oracle Cloud
OCI Classic
VPN-GW(CorenteServices
Gateway)
VPN-GW
VPN
Web(Compute Cloud Service)
(Java Cloud Service*)
(Database Cloud Service*)
* (2017 11 ) Java Cloud Service/Database Cloud Service IP
![Page 11: Oracle Cloud Infrastructure Classic ネットワーク機能詳細](https://reader034.vdocuments.mx/reader034/viewer/2022051504/5a6479187f8b9a4c568b461b/html5/thumbnails/11.jpg)
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
OCI Classic
14
![Page 12: Oracle Cloud Infrastructure Classic ネットワーク機能詳細](https://reader034.vdocuments.mx/reader034/viewer/2022051504/5a6479187f8b9a4c568b461b/html5/thumbnails/12.jpg)
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
• IP
– IP
– IP
– NIC
– NIC
– *
– *
– *
– IP *
– IP *
•
–
–
–
– IP
– IP
• VPN
– VPNaaS
– Corente**
– FastConnect
15
OCI Classic
* (2017 11 ) * ()
** Corente 2017 10 (17.4.2)
![Page 13: Oracle Cloud Infrastructure Classic ネットワーク機能詳細](https://reader034.vdocuments.mx/reader034/viewer/2022051504/5a6479187f8b9a4c568b461b/html5/thumbnails/13.jpg)
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
IP – IP
16
IP 1192.168.1.0/24
IP 2192.168.2.0/24
.2 .3 .2 .3
IP (IPNetworks)•
• 16bit( : 10.0.0.0 – 10.0.255.255)
• IP
•( )
• 1
( DHCP DNS )
•
•
![Page 14: Oracle Cloud Infrastructure Classic ネットワーク機能詳細](https://reader034.vdocuments.mx/reader034/viewer/2022051504/5a6479187f8b9a4c568b461b/html5/thumbnails/14.jpg)
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
IP – IP
17
IP 1192.168.1.0/24
IP 2192.168.2.0/24
IP
.2 .3 .2 .3
IP (IPNetworkExchanges)• IP IP
• IP
• IP :IP = 1:IP 1 IP
•
.1 .1
![Page 15: Oracle Cloud Infrastructure Classic ネットワーク機能詳細](https://reader034.vdocuments.mx/reader034/viewer/2022051504/5a6479187f8b9a4c568b461b/html5/thumbnails/15.jpg)
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
IP – NIC
18
eth0
: 10.32.1.0/24
.21
eth1 eth2 eth3 eth7
IP : 192.168.1.0/24
192.168.2.0/24
192.168.3.0/24
192.168.7.0/24
.2 .2 .2 .2
NIC (VirtualNICs)• 8
• IP 1 NIC
• (= )
• 8 IP
• IPIP
![Page 16: Oracle Cloud Infrastructure Classic ネットワーク機能詳細](https://reader034.vdocuments.mx/reader034/viewer/2022051504/5a6479187f8b9a4c568b461b/html5/thumbnails/16.jpg)
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
IP – NIC
19
eth0
.2
eth0
.3
IP (192.168.1.0/24)
VPN VPN
eth0 eth0
eth1 eth1
.8 .9
NIC (VirtualNICSets)• NIC ( OK)
• NIC OK
• ACL
internet192.168.101.0/24
(Routes)•
• IP (CIDR)NIC
• IP
ECMP
LAN
![Page 17: Oracle Cloud Infrastructure Classic ネットワーク機能詳細](https://reader034.vdocuments.mx/reader034/viewer/2022051504/5a6479187f8b9a4c568b461b/html5/thumbnails/17.jpg)
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
IP –
20
Instance1(AP)
eth0
IP
Instance2(AP)
eth0
• NIC /
(ACL)•
NICInstance3
(DB)
eth0
NIC (AP) NIC (DB)
allow-ping
: icmp:
: icmp:
1521-egress-to-DB
1521-ingress-from-AP
: 1521: : DB
: 1521:
: AP
* (2017 11 ) ( )
![Page 18: Oracle Cloud Infrastructure Classic ネットワーク機能詳細](https://reader034.vdocuments.mx/reader034/viewer/2022051504/5a6479187f8b9a4c568b461b/html5/thumbnails/18.jpg)
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
IP – IP *
21
Instance1
eth0
IP
Instance2
eth0
IP (IPAddressReservations)
•IP 1 1NAT IP
NIC
• IP ( IP)NIC
GIP
NAT
.2 .3
GIP
internet
NAT
* (2017 11 ) ( )
•IP 1 1NAT IP
NIC
• IP
![Page 19: Oracle Cloud Infrastructure Classic ネットワーク機能詳細](https://reader034.vdocuments.mx/reader034/viewer/2022051504/5a6479187f8b9a4c568b461b/html5/thumbnails/19.jpg)
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
IP – DNS
22
web1
eth0
IP (192.168.1.0/24)
web2
eth0
DNS• IP 1 IP
DNS
• IP
• ( ) A
IP DNS
• DNS (IPVPN
)
.2 .3
DNS
.1
web1.ipnet1.abc.com. IN A 192.168.1.2web2.ipnet1.abc.com. IN A 192.168.1.3www.abc.com. IN A 192.168.1.2www.abc.com. IN A 192.168.1.3
![Page 20: Oracle Cloud Infrastructure Classic ネットワーク機能詳細](https://reader034.vdocuments.mx/reader034/viewer/2022051504/5a6479187f8b9a4c568b461b/html5/thumbnails/20.jpg)
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 23
Instance1
eth0 eth1
IP
Instance2
eth1
Data Center 1
Instance3
eth0
Data Center 2
WAN
internet
•
• IP PaaSIP
• IP
Storage Cloud
![Page 21: Oracle Cloud Infrastructure Classic ネットワーク機能詳細](https://reader034.vdocuments.mx/reader034/viewer/2022051504/5a6479187f8b9a4c568b461b/html5/thumbnails/21.jpg)
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
– IP
24
Instance1
eth0 eth1
IP
Instance2
eth1
internet
IP (IPReservations)•
IP NAT
•IP
• Database Cloud Service PaaS1 IP
IPNAT
NAT (IPAssociations)• IP ( IP)
IP 1 1
![Page 22: Oracle Cloud Infrastructure Classic ネットワーク機能詳細](https://reader034.vdocuments.mx/reader034/viewer/2022051504/5a6479187f8b9a4c568b461b/html5/thumbnails/22.jpg)
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
– DNS
25
web1
eth0
web2
eth0
DNS• DNS
DHCP
•IP
• ( )
•(Compute-
<domain>.oraclecloud.internal)
DNS
web1.compute-mydomain.oraclecloud.internal. IN A 10.168.x.yweb2.compute-mydomain.oraclecloud.internal. IN A 10.168.x.y
![Page 23: Oracle Cloud Infrastructure Classic ネットワーク機能詳細](https://reader034.vdocuments.mx/reader034/viewer/2022051504/5a6479187f8b9a4c568b461b/html5/thumbnails/23.jpg)
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
–
26
AP1
eth0
AP2
eth0
DB
eth0
seclist-ap seclist-db
: seclist-ap: seclist-db
: tcp/1521
: 0.0.0.0/0: seclist-ap
: tcp/443
: ( IP): seclist-db
: tcp/22
IP• Oracle Cloud IP
• IPv4 CIDR
•
•
• (from)(to)
•IP
![Page 24: Oracle Cloud Infrastructure Classic ネットワーク機能詳細](https://reader034.vdocuments.mx/reader034/viewer/2022051504/5a6479187f8b9a4c568b461b/html5/thumbnails/24.jpg)
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
IP
28
1. PaaS(DBCS, JCS ) IP
– : XXCOM (USCOM-CENTRAL-1, USCOM-EAST-1, GBCOM-SOUTH-1, AUCOM-EAST-1 ) DC(AP5_Z11)
– : AP5_Z11( DC) / US00n_Znn / EM00n_Znn• PaaS ComputeCS
PaaS GRE ( ) NAT
2. IP (=ACL) &IP NAT (IP )
– : XXCOM AP5_Z11( DC) US006_Znn
– : US00n_Znn / EM00n_Znn• ( IP )
New!
![Page 25: Oracle Cloud Infrastructure Classic ネットワーク機能詳細](https://reader034.vdocuments.mx/reader034/viewer/2022051504/5a6479187f8b9a4c568b461b/html5/thumbnails/25.jpg)
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 29
![Page 26: Oracle Cloud Infrastructure Classic ネットワーク機能詳細](https://reader034.vdocuments.mx/reader034/viewer/2022051504/5a6479187f8b9a4c568b461b/html5/thumbnails/26.jpg)
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
IP
30
OCI Classic
(SecRules)
+ +
(SecurityRules)
NIC+
+ /
+/ IP
NICNICOracle Cloud →
Oracle Cloud → IP
Oracle Cloud →
Oracle Cloud → IP
NIC
![Page 27: Oracle Cloud Infrastructure Classic ネットワーク機能詳細](https://reader034.vdocuments.mx/reader034/viewer/2022051504/5a6479187f8b9a4c568b461b/html5/thumbnails/27.jpg)
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
• /
•/
()
– (Deny)
•
– (Reject)
•
– (Permit)
•( )
31
![Page 28: Oracle Cloud Infrastructure Classic ネットワーク機能詳細](https://reader034.vdocuments.mx/reader034/viewer/2022051504/5a6479187f8b9a4c568b461b/html5/thumbnails/28.jpg)
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
•
–
–
–
32
Ins Ins Ins
A B
※1 8
![Page 29: Oracle Cloud Infrastructure Classic ネットワーク機能詳細](https://reader034.vdocuments.mx/reader034/viewer/2022051504/5a6479187f8b9a4c568b461b/html5/thumbnails/29.jpg)
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
•
• ( or IP) ( or )
33
(SecRules)
?
?
OCI Classic → → IP
![Page 30: Oracle Cloud Infrastructure Classic ネットワーク機能詳細](https://reader034.vdocuments.mx/reader034/viewer/2022051504/5a6479187f8b9a4c568b461b/html5/thumbnails/30.jpg)
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
•
•
•
–
• TCP
• UDP
• ICMP
• GRE
• ESP
– ~
34
![Page 31: Oracle Cloud Infrastructure Classic ネットワーク機能詳細](https://reader034.vdocuments.mx/reader034/viewer/2022051504/5a6479187f8b9a4c568b461b/html5/thumbnails/31.jpg)
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
• IP
•
• IP
(IP )
•
35
IP
![Page 32: Oracle Cloud Infrastructure Classic ネットワーク機能詳細](https://reader034.vdocuments.mx/reader034/viewer/2022051504/5a6479187f8b9a4c568b461b/html5/thumbnails/32.jpg)
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 36
8
1
10
n n
1
IP
1
n
Oracle Cloud(PaaS / IaaS)
/
/
IPIP
IP
![Page 33: Oracle Cloud Infrastructure Classic ネットワーク機能詳細](https://reader034.vdocuments.mx/reader034/viewer/2022051504/5a6479187f8b9a4c568b461b/html5/thumbnails/33.jpg)
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 37
•
– →
:
– : •
•
• DBCS PaaS
– DBCS (DBCS )
– : DBCS
Compute DBCS
Seclist-AP
Compute DBCS
Seclist-DB
![Page 34: Oracle Cloud Infrastructure Classic ネットワーク機能詳細](https://reader034.vdocuments.mx/reader034/viewer/2022051504/5a6479187f8b9a4c568b461b/html5/thumbnails/34.jpg)
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
IP
•
–
–
–
•
• IP
• IP
38
(REST API SecurityRules)
ACL ?
( / )
IP
IP
![Page 35: Oracle Cloud Infrastructure Classic ネットワーク機能詳細](https://reader034.vdocuments.mx/reader034/viewer/2022051504/5a6479187f8b9a4c568b461b/html5/thumbnails/35.jpg)
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
OCI Classic
39
![Page 36: Oracle Cloud Infrastructure Classic ネットワーク機能詳細](https://reader034.vdocuments.mx/reader034/viewer/2022051504/5a6479187f8b9a4c568b461b/html5/thumbnails/36.jpg)
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 41
OCI Classic •• Oracle Cloud
SSL•
• VPN
• IPsec•
• Oracle Cloud DC• Oracle•
(1Gbps / 10Gbps)
• Oracle Cloud
•
+ SSL
VPN(IPsec)
Ora
cle
Fast
Co
nn
ect Standard
Edition
Partner Edition(NTT-
Com,Verizon,BT )
Oracle Cloud
Oracle Cloud
i
Oracle Cloud
NW
NW
Oracle
Oracle
![Page 37: Oracle Cloud Infrastructure Classic ネットワーク機能詳細](https://reader034.vdocuments.mx/reader034/viewer/2022051504/5a6479187f8b9a4c568b461b/html5/thumbnails/37.jpg)
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
VPN OCI Classic
Virtual Private Network(VPN)
VPN
Point-to-Point( )
42
On-Premise Oracle Cloud
VPN
![Page 38: Oracle Cloud Infrastructure Classic ネットワーク機能詳細](https://reader034.vdocuments.mx/reader034/viewer/2022051504/5a6479187f8b9a4c568b461b/html5/thumbnails/38.jpg)
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
VPN
43
![Page 39: Oracle Cloud Infrastructure Classic ネットワーク機能詳細](https://reader034.vdocuments.mx/reader034/viewer/2022051504/5a6479187f8b9a4c568b461b/html5/thumbnails/39.jpg)
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
• Corente
–
– Compute
– IP (GRE )
• VPNaaS
– VPN
–
– IP
Oracle Confidential – Internal 44
2 VPN
IP
LAN
GRE
internet
IPsec
CorenteService Gateway
CorenteService Gateway
IP
LAN
internet
IPsec
VPNaaS
Compute JCS DBCS
![Page 40: Oracle Cloud Infrastructure Classic ネットワーク機能詳細](https://reader034.vdocuments.mx/reader034/viewer/2022051504/5a6479187f8b9a4c568b461b/html5/thumbnails/40.jpg)
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
VPN
• 2017 10 20 ( ) Corente+ VPNaaS ( ) VPNaaS
– Corente VPNaaS (Corente)
• VPNaaS IP ( VPN)
– : RAC Data Guard Database Cloud Service (2017 12 ) IP VPNaaS
NAT
Confidential – Oracle Internal/Restricted/Highly Restricted 45
![Page 41: Oracle Cloud Infrastructure Classic ネットワーク機能詳細](https://reader034.vdocuments.mx/reader034/viewer/2022051504/5a6479187f8b9a4c568b461b/html5/thumbnails/41.jpg)
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
VPN (2017 10 )
DBCS/JCS?
YES
NO
IP+
2017 10 ?
YES
NO
Corente + NW(GRE)
RACData Guard ?
YES
NO
VPNaaS + IP
IPsec ?
NO
YES
![Page 42: Oracle Cloud Infrastructure Classic ネットワーク機能詳細](https://reader034.vdocuments.mx/reader034/viewer/2022051504/5a6479187f8b9a4c568b461b/html5/thumbnails/42.jpg)
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
VPN - VPNaaS
47
![Page 43: Oracle Cloud Infrastructure Classic ネットワーク機能詳細](https://reader034.vdocuments.mx/reader034/viewer/2022051504/5a6479187f8b9a4c568b461b/html5/thumbnails/43.jpg)
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
VPNaaS
Confidential – Oracle Internal/Restricted/Highly Restricted 48
VPNaaS(
DatabaseCompute
Compute
Gateway
Gateway
IP Network
Compute
IP Exchange
IP Network
Oracle Cloud
NAT
• VPN VPNaaS)
• VPN
•
NAT
•IP Network
• IP Network IP Exchange
![Page 44: Oracle Cloud Infrastructure Classic ネットワーク機能詳細](https://reader034.vdocuments.mx/reader034/viewer/2022051504/5a6479187f8b9a4c568b461b/html5/thumbnails/44.jpg)
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
VPNaaS
• VPNIPsec VPNaaS
Oracle
•
– Cicso 2921
– Cisco ISR 4331
– Cisco ASA5505
– Checkpoint 3200
– Palo Alto 3020
– FortiGate-200D
•
49
![Page 45: Oracle Cloud Infrastructure Classic ネットワーク機能詳細](https://reader034.vdocuments.mx/reader034/viewer/2022051504/5a6479187f8b9a4c568b461b/html5/thumbnails/45.jpg)
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
VPN (1)
•
–
• IP
– (IP)
– IP IP
• vNICset( )
•
– WAN IP(NAT )
•
– ()
• (PSK)
– ( )
• IKE ID( )
– IP_ADDR_V4 VPNaaS IP
50
![Page 46: Oracle Cloud Infrastructure Classic ネットワーク機能詳細](https://reader034.vdocuments.mx/reader034/viewer/2022051504/5a6479187f8b9a4c568b461b/html5/thumbnails/46.jpg)
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
VPN (2)
• 1 IKE
– 1(IKE) VPNaaS
• 2 ESP
– 2(ESP) VPNaaS
•
– 2 PFS : Perfect Forward Securecy
51
![Page 47: Oracle Cloud Infrastructure Classic ネットワーク機能詳細](https://reader034.vdocuments.mx/reader034/viewer/2022051504/5a6479187f8b9a4c568b461b/html5/thumbnails/47.jpg)
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
VPNaaS TIPS
• IKEv1 (IKEv1 IKEv2 )
• VPN ( VPN )
– IP N
• VPN VPNaaS IP IP
• VPN VPN (=IP )
– (= IP)
– (= )
– (PSK)
– IP (= IP )
• 1 VPN 1
• VPNaaS
52
![Page 48: Oracle Cloud Infrastructure Classic ネットワーク機能詳細](https://reader034.vdocuments.mx/reader034/viewer/2022051504/5a6479187f8b9a4c568b461b/html5/thumbnails/48.jpg)
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
VPN
•
– VPN > VPNaaS > VPN >
• VPNaaS (=Corente Services Gateway) Openswan
– Openswan
– strongSwan
– Libreswan
53
![Page 49: Oracle Cloud Infrastructure Classic ネットワーク機能詳細](https://reader034.vdocuments.mx/reader034/viewer/2022051504/5a6479187f8b9a4c568b461b/html5/thumbnails/49.jpg)
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
VPN - Corente
54
![Page 50: Oracle Cloud Infrastructure Classic ネットワーク機能詳細](https://reader034.vdocuments.mx/reader034/viewer/2022051504/5a6479187f8b9a4c568b461b/html5/thumbnails/50.jpg)
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
VPN – Corente
55
Corente Services Gateway
• Corente Services Gateway– IPsec
– OCI Classic
– VPN
– OSOracle Compute Cloud Cloud
App Net Manager
– VPNCorente Services Gateway
![Page 51: Oracle Cloud Infrastructure Classic ネットワーク機能詳細](https://reader034.vdocuments.mx/reader034/viewer/2022051504/5a6479187f8b9a4c568b461b/html5/thumbnails/51.jpg)
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
VPN – Corente
56
DC VPN
• 1. Corente Services Gateway – Oracle Technology Network Corente Services Gateway
–
–
– Oracle (Oracle Cloud )
• 2. IPsec– IPsec
![Page 52: Oracle Cloud Infrastructure Classic ネットワーク機能詳細](https://reader034.vdocuments.mx/reader034/viewer/2022051504/5a6479187f8b9a4c568b461b/html5/thumbnails/52.jpg)
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
VPN – Corente
57
DC GW Corente Services Gateway
•
A)
• ( )
– Oracle VM 3.4.1
– Xen 4.4, VMWare ESX5.5
– Citrix XenServer 6.2
– Microsoft Windows Server 2012 R2 Hyper-V
B) Corente
•
• (Corente AppNetManager)
→
Oracle Cloud
![Page 53: Oracle Cloud Infrastructure Classic ネットワーク機能詳細](https://reader034.vdocuments.mx/reader034/viewer/2022051504/5a6479187f8b9a4c568b461b/html5/thumbnails/53.jpg)
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
VPN – Corente
• DC Corente
–
• Corente → IP (ANY) 443/TCP ( )
• Corente → IP (ANY) 53/UDP ( )
• Corente 1025-65535/TCP → IP (ANY) 551/TCP (Corente Service Port)
• Corente 551/UDP → IP (ANY) 551/UDP (Corente Service Port)
–
• IP (ANY) 1025-65535/TCP → Corente 551/TCP (Corente Service Port)
• IP (ANY) 551/UDP → Corente 551/UDP (Corente Service Port)
58
DC GW Corente Services Gateway
Corente Services Gateway Deployment Guide - 2.2 Network Requirementshttp://docs.oracle.com/cd/E74662_01/E80339/html/install-plan-lan.html#install-plan-lan-fw
![Page 54: Oracle Cloud Infrastructure Classic ネットワーク機能詳細](https://reader034.vdocuments.mx/reader034/viewer/2022051504/5a6479187f8b9a4c568b461b/html5/thumbnails/54.jpg)
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
VPN – CorenteDC GW Corente Services Gateway
59
: 1.5 GHz Intel-based x86 compatible server: 1 GB RAM
: 40 GB IDE/SATA: Integrated 10/100/1000M Ethernet Interfaces
Oracle VM Server for x86 Release 3.4.1 or laterXen 4.4VMware ESX 5.5Citrix XenServer 6.2Microsoft Windows Server 2012 R2 Hyper-V
※Corente Services Gateway Deployment Guide(http://docs.oracle.com/cd/E74662_01/E80339/E80339.pdf)
2.1 Corente Services Gateway Installation Requirements
![Page 55: Oracle Cloud Infrastructure Classic ネットワーク機能詳細](https://reader034.vdocuments.mx/reader034/viewer/2022051504/5a6479187f8b9a4c568b461b/html5/thumbnails/55.jpg)
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
VPN – Corente
60
DC GW IPsec
•(Certified Configuration) IPsec
Corente Services Gateway
• My Oracle Support
– Cisco ASA 5505 (Doc ID 2153452.1)
– SonicWall TZ190 (Doc ID 2153603.1)
– Juniper JuneOS15 (Doc ID 2164001.1)
•
– Cisco CSR1000v (How to connect an application on Ravelloto Oracle IaaS/PaaS services (e.g. DBCS etc.) over VPN)
Oracle Cloud
![Page 56: Oracle Cloud Infrastructure Classic ネットワーク機能詳細](https://reader034.vdocuments.mx/reader034/viewer/2022051504/5a6479187f8b9a4c568b461b/html5/thumbnails/56.jpg)
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
VPN – Corente
• Oracle Compute CloudIP
Oracle Cloud IP
IPGRE
61
NW IP
![Page 57: Oracle Cloud Infrastructure Classic ネットワーク機能詳細](https://reader034.vdocuments.mx/reader034/viewer/2022051504/5a6479187f8b9a4c568b461b/html5/thumbnails/57.jpg)
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
VPN – Corente
• Corente Services GatewayCompute / PaaS
GRE
• Oracle Technology Network (Linux, Windows )
• : 10.0.0.0/8
62
NW GRE
![Page 58: Oracle Cloud Infrastructure Classic ネットワーク機能詳細](https://reader034.vdocuments.mx/reader034/viewer/2022051504/5a6479187f8b9a4c568b461b/html5/thumbnails/58.jpg)
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 63
Corente Active / Active HA ( IPsec )
VPN
IPsec
IPsec
CSG01(Active)
CSG02(Active)
eth0
IP192.168.55.0/24
.8
.9
VMvNIC Set:A
Name IP Address Next Hop vNIC Distance
Outbound 192.168.0.0 A 0
Routes:
route add -net 192.168.0.0/24 gw 192.168.55.1
IPsec
DC
192.168.0.0/24
(VRRP, HSRP, MHSRP, etc) .100
Static Route
Cloud Failover
eth0eth1
eth1
OCI Classic
VM.2
IPsec
F/W
![Page 59: Oracle Cloud Infrastructure Classic ネットワーク機能詳細](https://reader034.vdocuments.mx/reader034/viewer/2022051504/5a6479187f8b9a4c568b461b/html5/thumbnails/59.jpg)
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Corente Services Gateway IPsec
• /
• Corente Services Gateway
64
VPN
• Oracle Cloud
• ( ) NAT / NAPT
• IPsec VPN
• ( )NAT / NAPT• AppNet Manager
•
• IP( 1 )
• IPsec
• IPsec
• VPN IP (IP )
•
• VPN IPsec
•
• AppNet Manager IPsec
• Oracle Cloud
•
VPN
Oracle Cloud
LAN
![Page 60: Oracle Cloud Infrastructure Classic ネットワーク機能詳細](https://reader034.vdocuments.mx/reader034/viewer/2022051504/5a6479187f8b9a4c568b461b/html5/thumbnails/60.jpg)
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
VPN
65
※ (2017 12 ) Database Cloud Service (RAC Data Guard) IPIP VPN IPGRE
NW VPNGW
IP
VPNaaS IPsec & Oracle Cloud Infrastructure Compute Classic - 16 VPNaaS VPN
CorenteIPsec
Oracle Cloud Infrastructure Compute Classic - VPN
(Active-Active HA) - HA
CorenteCorente Services Gateway IP
VPN
+GRE ※
CorenteIPsec
Oracle Cloud Infrastructure Compute Classic - VPN
(Active-Active HA) - HA
Corente Corente Services Gateway VPN
![Page 61: Oracle Cloud Infrastructure Classic ネットワーク機能詳細](https://reader034.vdocuments.mx/reader034/viewer/2022051504/5a6479187f8b9a4c568b461b/html5/thumbnails/61.jpg)
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 66
![Page 62: Oracle Cloud Infrastructure Classic ネットワーク機能詳細](https://reader034.vdocuments.mx/reader034/viewer/2022051504/5a6479187f8b9a4c568b461b/html5/thumbnails/62.jpg)
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
• Oracle CloudVPN
•
• Oracle Cloud IP
1.
Compute
eth0
IP192.168.1.0/24
Compute Java AP
eth0 eth0
internet
.2 .3 .4
IP
Oracle Cloud VPN IPIP
67
VPNaaS
.253
Database
eth0.5
![Page 63: Oracle Cloud Infrastructure Classic ネットワーク機能詳細](https://reader034.vdocuments.mx/reader034/viewer/2022051504/5a6479187f8b9a4c568b461b/html5/thumbnails/63.jpg)
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
• Web
•
• VPN
• (Bastion)
2.
Web
eth1
Back: 192.168.2.0/24
AP* DB* Bastion
eth0 eth0eth1.2.3 .5 .2
IP
Oracle Cloud
eth0.2
internet
IP
Web
VPNIP
69
eth0.4
NAT
NATFront: 192.168.0.0/24
IP
VPNaaS.253
Mgmt:192.168.1.0/24
![Page 64: Oracle Cloud Infrastructure Classic ネットワーク機能詳細](https://reader034.vdocuments.mx/reader034/viewer/2022051504/5a6479187f8b9a4c568b461b/html5/thumbnails/64.jpg)
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
TIPS
70
![Page 65: Oracle Cloud Infrastructure Classic ネットワーク機能詳細](https://reader034.vdocuments.mx/reader034/viewer/2022051504/5a6479187f8b9a4c568b461b/html5/thumbnails/65.jpg)
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
OCI Classic
• IP IP ( )IP( )IP
– DHCPIP
• IP ( )IP
– DHCP( DNS )
• IP IP– IP Site-to-site VPN
71
![Page 66: Oracle Cloud Infrastructure Classic ネットワーク機能詳細](https://reader034.vdocuments.mx/reader034/viewer/2022051504/5a6479187f8b9a4c568b461b/html5/thumbnails/66.jpg)
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
• OCI Classic DHCP
OS
– Oracle Linux (eth0 )
72
OracleLinux1
eth2
IP 1
IP 2
eth0 eth1
✓
DNS✓
IP OracleLinux2
eth0
eth1 eth2
✓ IP 2DNS
✓ IP 2
IP 1
![Page 67: Oracle Cloud Infrastructure Classic ネットワーク機能詳細](https://reader034.vdocuments.mx/reader034/viewer/2022051504/5a6479187f8b9a4c568b461b/html5/thumbnails/67.jpg)
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
• IP
• IP(IP ) IP
73
IP
IP
internet
NAT
GW
![Page 68: Oracle Cloud Infrastructure Classic ネットワーク機能詳細](https://reader034.vdocuments.mx/reader034/viewer/2022051504/5a6479187f8b9a4c568b461b/html5/thumbnails/68.jpg)
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
( )
• : IP
– (Linux)
• sudo ip route add 10.196.0.0/16 via $(ip route | awk '/default/ {print $3}’) dev eth0
• sudo ip route change default via 192.168.1.1 dev eth1
– IP ssh( ssh )
74
![Page 69: Oracle Cloud Infrastructure Classic ネットワーク機能詳細](https://reader034.vdocuments.mx/reader034/viewer/2022051504/5a6479187f8b9a4c568b461b/html5/thumbnails/69.jpg)
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
( )
•”instance” ( )
• ”userdata” ( {} )
75
"instances": [{"attributes": {"userdata": {
"pre-bootstrap": {"script": [
"ip route add 10.196.0.0/16 via $(ip route | awk '/default/ {print $3}') dev eth0","ip route change default via 192.168.1.1 dev eth1"
]}
}},xxxxxx
}]
※10.196.0.0/16 -> IPEth0 -> NIC192.168.1.1 -> IP (1 )
![Page 70: Oracle Cloud Infrastructure Classic ネットワーク機能詳細](https://reader034.vdocuments.mx/reader034/viewer/2022051504/5a6479187f8b9a4c568b461b/html5/thumbnails/70.jpg)
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
NIC IP
76
• IP 1IP
• 1
→ IPeth0
(10.x.x.x)eth1
(192.168.1.2)eth2
(192.168.2.2)
internet
NAT
GIP2GIP1 GIP3
IPnet1 IPnet2
sudo ip rule add from 192.168.1.2 table 100 prio 1000sudo ip rule add from 192.168.2.2 table 200 prio 1000sudo ip route add default via 192.168.1.1 dev eth1 table 100sudo ip route add default via 192.168.2.1 dev eth2 table 200
IPDefault GW
IP
※ IP
![Page 71: Oracle Cloud Infrastructure Classic ネットワーク機能詳細](https://reader034.vdocuments.mx/reader034/viewer/2022051504/5a6479187f8b9a4c568b461b/html5/thumbnails/71.jpg)
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
1 NIC IP(IP )
77
• IPNIC IP
• IP NICIP IP
IP
eth0192.168.1.2
192.168.1.10
IP (192.168.1.0/24)
IP :192.168.1.10/32: 1 eth0 (vNICSet )
$ sudo ip addr add 192.168.1.10/32 dev eth0 label eth0:1$ ip addr list eth0 | grep inet
inet 192.168.1.2/24 brd 192.168.1.255 scope global eth0inet 192.168.1.10/24 scope global secondary eth0:1
IP
![Page 72: Oracle Cloud Infrastructure Classic ネットワーク機能詳細](https://reader034.vdocuments.mx/reader034/viewer/2022051504/5a6479187f8b9a4c568b461b/html5/thumbnails/72.jpg)
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 78
Instance1
eth0
Instance2
eth0
internet
IPNAT
Active Standby
35.x.x.x ( IP)
10.x.x.1( IP)
10.x.x.2( IP)
IP
Instance1
Instance1
eth0
Instance2
eth0
internet
IPNAT
Active Standby
35.x.x.x ( IP)
10.x.x.1( IP)
IP
10.x.x.2( IP)
• IP IP Instance 1
• IP
• Instance1 IP IP Instance2
![Page 73: Oracle Cloud Infrastructure Classic ネットワーク機能詳細](https://reader034.vdocuments.mx/reader034/viewer/2022051504/5a6479187f8b9a4c568b461b/html5/thumbnails/73.jpg)
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Instance1 Instance2
IP
79
eth1
192.168.1.3
eth1
192.168.1.4
IP(192.168.1.0/24)
Instance1
• Instance1 Instance2 eth1 2 IP ※
• 2 IP
192.168.1.11eth1:1
Instance
eth1
Active Standby
• IP NIC OS IP 2 IP
• OCI Classic 2 IP
※ L2 2IP
※ NIC
192.168.1.11 Instance1
eth1
192.168.1.2
: 192.168.1.11
Instance1 Instance2
eth1
192.168.1.3
eth1
192.168.1.4
IP(192.168.1.0/24)
192.168.1.11eth1:1
Instance
eth1
Active Standby
192.168.1.2
192.168.1.11 Instance2
eth1
![Page 74: Oracle Cloud Infrastructure Classic ネットワーク機能詳細](https://reader034.vdocuments.mx/reader034/viewer/2022051504/5a6479187f8b9a4c568b461b/html5/thumbnails/74.jpg)
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 80
![Page 75: Oracle Cloud Infrastructure Classic ネットワーク機能詳細](https://reader034.vdocuments.mx/reader034/viewer/2022051504/5a6479187f8b9a4c568b461b/html5/thumbnails/75.jpg)