Skip to content

Security List and Route Table in OCI

Security Lists and Route Tables are both essential components of Oracle Cloud Infrastructure (OCI) networking, but they serve different purposes:

Lets consider we have a Virtual Cloud Network (VCN) in Oracle Cloud Infrastructure (OCI) with two subnets:

  • Subnet A: Public subnet hosting web servers accessible from the internet.
  • Subnet B: Private subnet hosting database servers that should not be directly accessible from the internet and only from subnet A
  1. Security Lists:
    • Function: Security lists act as virtual firewalls for the subnets within your Virtual Cloud Network (VCN).
    • Purpose: They control the traffic entering and exiting the subnets by defining sets of ingress and egress rules.
    • Scope: Security lists are applied at the subnet level, meaning they affect all the instances within the subnet.
    • Rules: Each security list contains rules that permit or deny traffic based on the source and destination IP addresses, protocols, and ports.
    • Security List Example:
Subnet AIngressTCP80, 4430.0.0.0/0 (any)Subnet AAllow HTTP/HTTPS from anywhere
Subnet AEgressAnyAnySubnet A0.0.0.0/0Allow all outbound traffic
Subnet BIngressTCP1521Subnet ASubnet BAllow Oracle Database from Subnet A
Subnet BEgressAnyAnySubnet B0.0.0.0/0Allow all outbound traffic
Security List
  1. Route Tables:
    • Function: Route tables determine where network traffic is directed within the VCN.
    • Purpose: They contain a set of rules (routes) that specify how traffic should be routed between different destinations.
    • Scope: Route tables are applied at the subnet level, similarly to security lists.
    • Routing: Routes within a route table define the next hop for traffic destined to specific IP ranges. This can include destinations within the VCN, internet, on-premises networks (via Dynamic Routing Gateways), or other services in OCI.
    • Default Route: Route tables typically include a default route that directs traffic to an Internet Gateway for internet-bound traffic or a NAT Gateway for private subnet traffic destined for the internet.
    • Route Table Example
Subnet A0.0.0.0/0Internet GatewayRoute all traffic to the internet gateway
Subnet AVCN CIDRLocalRoute traffic within the VCN locally
Subnet B0.0.0.0/0Internet GatewayRoute all traffic to the internet gateway
Subnet BVCN CIDRLocalRoute traffic within the VCN locally
Route table example

Leave a Reply

Your email address will not be published. Required fields are marked *