Build a VCN for a Multitier configuration

Welcome back to our series on designing and implementing real-world network architectures. In this hands-on installment, we’ll guide you through the process of manually constructing a virtual cloud network (VCN), complete with public and private subnets. Let’s dive in!

Creating the Virtual Cloud Network (VCN)

First things first, navigate to your home region, the chosen subscription region. Ensure you’re in the correct compartment, then proceed to click on “Virtual Cloud Networks” and select “Create VCN.” Give your VCN a name – let’s call it “WebAppsVCN.” Define the CIDR block, aligning it with your network diagram. Once set, leave other configurations as default and click “Create VCN.”

Establishing the Public Subnet

Now, let’s craft our first subnet, the public one. Name it appropriately; for instance, “WebSub” to denote its purpose as the web layer. Ensure it’s availability domain-specific, and specify the availability domain (e.g., 1). Define the CIDR block accordingly, ensuring it’s public-facing. Stick to default security lists and route tables for now. Click to create the subnet.

Configuring the Private Subnet

Next up, let’s create the private subnet. Similar to the previous step, name it logically – perhaps “AppsSub” for applications. Specify the availability domain (e.g., 2) and define the CIDR block, maintaining the private nature of this subnet. Again, default security lists and route tables suffice initially.

Setting Up Security Measures

Now, let’s bolster security by creating a dedicated security list. Label it as “private security list.” Define rules to allow traffic, such as permitting port 80 and port 22 for internal communications. Associate this security list with the private subnet to enforce these restrictions effectively.

Adding Internet Connectivity

To enable internet access, we need to add an internet gateway (IG) and configure routing accordingly. Attach the IG to a route table, specifying a rule (e.g., 0.0.0.0/0) to direct traffic through the gateway.

Next Steps

With our foundational network elements in place, our next article will focus on building a load balancer and backend set.

Previous
Subscribing to a Region and Creating Compartments
Next
Create a public Load Balancer