Welcome back to our series on designing and implementing real-world network architectures. In this hands-on installment, we’ll guide you through the process of manually constructing a virtual cloud network (VCN), complete with public and private subnets. Let’s dive in!
Creating the Virtual Cloud Network (VCN)
First things first, navigate to your home region, the chosen subscription region. Ensure you’re in the correct compartment, then proceed to click on “Virtual Cloud Networks” and select “Create VCN.” Give your VCN a name – let’s call it “WebAppsVCN.” Define the CIDR block, aligning it with your network diagram. Once set, leave other configurations as default and click “Create VCN.”
Establishing the Public Subnet
Now, let’s craft our first subnet, the public one. Name it appropriately; for instance, “WebSub” to denote its purpose as the web layer. Ensure it’s availability domain-specific, and specify the availability domain (e.g., 1). Define the CIDR block accordingly, ensuring it’s public-facing. Stick to default security lists and route tables for now. Click to create the subnet.
Configuring the Private Subnet
Next up, let’s create the private subnet. Similar to the previous step, name it logically – perhaps “AppsSub” for applications. Specify the availability domain (e.g., 2) and define the CIDR block, maintaining the private nature of this subnet. Again, default security lists and route tables suffice initially.
Setting Up Security Measures
Now, let’s bolster security by creating a dedicated security list. Label it as “private security list.” Define rules to allow traffic, such as permitting port 80 and port 22 for internal communications. Associate this security list with the private subnet to enforce these restrictions effectively.
Adding Internet Connectivity
To enable internet access, we need to add an internet gateway (IG) and configure routing accordingly. Attach the IG to a route table, specifying a rule (e.g., 0.0.0.0/0) to direct traffic through the gateway.
Next Steps
With our foundational network elements in place, our next article will focus on building a load balancer and backend set.