About This Architecture

OCI hub-spoke network in us-ashburn-1 region with a central Hub VCN (10.0.0.0/16) connected via DRG v2 to Production (10.1.0.0/16) and Development (10.2.0.0/16) spoke VCNs. Internet traffic flows through an Internet Gateway, WAF Policy, and OCI Load Balancer in the public tier, while private subnets enforce least-privilege security via NSGs and route all inter-VCN traffic through the DRG. On-premises connectivity is established via FastConnect 10Gbps and IPsec VPN backup, both terminating at the Cisco ASR 9001 BGP router (ASN 65500). This architecture demonstrates enterprise-grade network segmentation, redundant hybrid connectivity, and centralized ingress control for multi-tier workloads. Fork and customize this diagram on Diagrams.so to adapt CIDR ranges, add additional spokes, or modify FastConnect regions. The Service Gateway provides private, high-bandwidth access to OCI services like Object Storage and Autonomous Database without traversing the internet.

People also ask

How do I design a hub-spoke network topology in OCI with hybrid on-premises connectivity and centralized security?

This diagram shows an OCI hub-spoke architecture where a central Hub VCN (10.0.0.0/16) connects via DRG v2 to Production and Development spoke VCNs, with on-premises connectivity via FastConnect 10Gbps and IPsec VPN backup to a Cisco ASR 9001 router. Internet ingress is centralized through an Internet Gateway, WAF Policy, and OCI Load Balancer in the public tier, while NSGs enforce least-privilege