Summary
For a large and complex environment, a hub-and-spoke design with standard names and contiguous CIDR blocks with space to grow is recommended.
Network Design Best Practices
Use best practices:
- Do network design early as some design can be difficult or involve outages to change later
- Consider the following items:
- Topology
- Traffic flow
- VCN/subnet size
- DNS
- Connectivity
Hub-and-Spoke Design
The advantages of a hub-and-spoke design are:
- Isolation and segmentation
- Enables common/shared services hosted in the hub VCN
- Higly scalable
- Centralised security through placement of security appliances in hub VCN
The following should be considered:
- How and where different environments are segmented
- Production versus non-production
- Different internal or external customers
For a very simple or small OCI deployment, a single VCN is recommended.
Network Design: Best Practices
Best practices for network design include:
- Standard Naming Convention
- In a large and complex environment, easy identification of resources is vital as to purpose, lifecycle, ownership, and type. A standard set of acronyms is advisable. Some resource names cannot be changed after creation.
- Subnet Type
- The subnet type (Public or Private)cannot be changed after creation.
- Size of VCNs and Subnets
- For IPv4, VCNs should have a contiguous CIDR that allows for future growth in both resources and subnets.
- Custom Route Tables and Security Lists
- Granular routing and security for subnets lessens the chances for security holes.