About This Architecture

OCI Hub-and-Spoke architecture distributes a web application across three regional spokes managed from a central hub compartment. User traffic flows through Internet Gateway, WAF, and Flexible Load Balancer in the hub, then routes via Dynamic Routing Gateway to OCI VMs and Functions across Spoke regions A, B, and C. Each spoke contains isolated app and data subnets with Autonomous DB and Object Storage, enabling regional resilience and reduced latency. Fork this diagram to customize compartment isolation, add disaster recovery failover logic, or adjust CIDR ranges for your multi-region deployment. The hub's dedicated Identity, Management, and Monitoring subnets enforce least-privilege access and centralized observability across all spokes.

People also ask

How do I design a multi-region web application on OCI using hub-and-spoke architecture with compartment isolation?

This diagram shows a hub compartment in one region managing security (WAF, Firewall, IAM, Vault) and routing via DRG to three spoke regions, each with isolated VCNs, OCI VMs, Functions, and Autonomous DB. Each spoke operates independently while maintaining centralized governance through the hub's Identity and Monitoring subnets.