Versions Compared

Old Version 5

changes.mady.by.user W.Erber

Saved on

compared with

New Version Current

changes.mady.by.user W.Erber

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: pdf layout

Anchor
TOC
TOC
Include Page
KBCOMMON:KB-CSSstyle
KBCOMMON:KB-CSSstyle

...

(info) NetworkManager is disabled on Charon-SSP OCI. Therefore, the interface configuration relies on ifcfg-files in /etc/sysconfig/network-scripts.

(warning) The information in this chapter is not comprehensive. Please refer to the Oracle cloud documentation for up-to-date and comprehensive information.

Concepts

VCN: VCN stands for Virtual Cloud Network. Before you can launch an instance, you need to have a virtual cloud network (VCN) and subnet into which you can launch the instance. A VCN is associated with resources such as a CIDR address block, a route table, an Internet gateway, a default security list, etc.

Subnet: A subnet is a subdivision of the VCN. The subnet directs traffic according to a route table. For example, if you access the instance via a public IP address, the route table will direct traffic to an internet Internet gateway. A subnet also uses a security list to control traffic in and out of the instance.

Instance: An instance is a virtual machine that is launched into a VCN and subnet. It is associated with an image (e.g., Charon-SSP image) and a certain shape representing the virtual hardware.

VNIC: A virtual network interface card, which attaches to an instance and resides in a subnet to enable a connection to the subnet's VCN. The VNIC determines how the instance connects with endpoints inside and outside the VCN. Each instance has a primary VNIC that's created during instance launch and cannot be removed. All VNICs of an instance must be in the same availability domain as the instance.


Div
classpagebreak



Address Assignment

Each VCN is assigned a block of private IP addresses. This block can be split by the user to form several IP subnets. Routing within one VCN works automatically.

When an OCI instance is launched into a subnet,

  • it is automatically or manually assigned a private IP address from the address range assigned to the subnet,
  • the user can choose whether to assign a public IP address if the subnet is a public subnet.

(info) Public IP addresses are not directly visible to the instance. The instance operating system always works with the private address. For external connections, the private address is mapped to the public IP address via NAT.

Reserved addresses (important, if manual address assignment is used):

...

  • 10.1.1.0: the network address
  • 10.1.1.1: reserved by OCI for the default router
  • 10.1.1.255: network broadcast address.

...

Other special addresses:

  • 169.254.0.0/16: Reserved for OCI use.

Public IP addresses:

There are two types of public IP addresses (only available in public subnets):

  • Ephemeral addresses:
    • maximum one per VNIC,
    • assigned by Oracle,
    • persistent during the lifetime of the associated private IP address,
    • can only be associated with the primary private IP address of a VNIC,
    • a user can only delete it but not associate it with a different private IP address.
  • Reserved addresses:  
    • maximum 32 per VNIC,
    • created and assigned by the user,
    • can be re-assigned to a different private IP,
    • can be associated with primary and secondary private IP addresses,
    • exists until the user deletes it.


Div
classpagebreak



Host to Guest Communication Considerations

...

  1. Internal virtual bridge on the host system:
    Such a bridge has several TAP interfaces. The host and the guest systems are connected to this bridge and can communicate directly to one another using L3 and L2 protocols. The bridge uses its own IP subnet that can be defined by the user. Setting up such a configuration is supported by the Charon Manager.
  2. Communication via the OCI subnet LAN:
    In this case, a second interface is added to the Charon host system. The second interface is then assigned to the emulated guest system. After the correct configuration, the host and guest can communicate across the OCI LAN using IP. L2 protocols or any protocols that require changing the MAC address to something different than the MAC address assigned to the second interface by OCI will not work.
    To connect the guest system to the LAN, the following basic configuration steps must be performed (see also Dedicated NIC for Guest System):
    • Add the additional interface to the Charon host system.
    • Create a configuration file for the additional interface.
    • Remove the private IP address assigned to the second interface by OCI from the Linux configuration (if it has been configured).
    • Use the Charon Manager to assign the interface to the emulated SPARC system.
    • Use the Charon Manager to set the MAC address of the emulated SPARC system to the same value as the one used on the host system Ethernet interface.
    • On the Solaris system, configure the private IP address that was previously assigned to the second interface on Linux and configure the appropriate default route for the LAN.Additional steps may be required:If the primary interface has an automatically assigned IP address, this will be released when the instance is stopped and restarted. Hence the configuration must be changed to use a persistent Elastic IP address first to maintain reachability of the host system.

(info) Please refer to the Oracle cloud documentation for up-to-date comprehensive information.

...

Access to the Internet for private VCN subnets is possible across a gateway instance providing VPN access to the customer network and allowing (NATted) Internet access via this path. Alternatively, a NAT gateway in the cloud can be used to map the private addresses to public addresses. The NAT gateway can be implemented on a Charon host system or it can be provided by OCI for a charge.
(info) Please note that the Charon host always needs either direct Internet access or Internet access via NAT from a NAT gateway in the OCI cloud to access the license server.

Direct Solaris guest access to the Internet:

This not a recommended standard solution for security reasons. However, should it be required, two interfaces with public IP addresses can be assigned to the Charon host.
One of these interfaces is then dedicated to the guest system which uses the private interface address and the MAC address assigned to the Charon host by OCI (similar to point 2 in section Host to Guest Communication Considerations abovesee also Dedicated NIC for Guest System).

Using a Charon host system as a Router

...