Tuesday, October 25, 2016

Oracle Linux and understanding Oracle Cloud IP's

When working with the Oracle Public Cloud the first time and trying to bind services on your Oracle Linux instance to the public internet you might be a bit confused in first instance. If you look from a cloud portal point of view you will find two IP addresses, One public IP and one private IP. when you connect to your Linux machine remotley via SSH you will use the public IP however we you check the instance you will find only a single NIC containing the private IP.

As an example; the below screenshot from the cloud portal shows both the internal and the eternal IP;


When connected to the Oracle Linux instance we can check the IP's and we will notice only the private IP is available:

[opc@testbox08 ~]$ ifconfig
eth0      Link encap:Ethernet  HWaddr C6:B0:36:23:FE:CE
          inet addr:10.196.68.38  Bcast:10.196.68.39  Mask:255.255.255.252
          inet6 addr: fe80::c4b0:36ff:fe23:fece/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:9000  Metric:1
          RX packets:2300612 errors:0 dropped:2 overruns:0 frame:0
          TX packets:643213 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:691364657 (659.3 MiB)  TX bytes:144613834 (137.9 MiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:2551 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2551 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:40849225 (38.9 MiB)  TX bytes:40849225 (38.9 MiB)

[opc@testbox08 ~]$

Oracle has a network translation on the edge of the network that will translate the external IP to the internal IP and will tunnel all traffic for the external IP to the internal IP while going through a firewall. This means you can control which traffic on the external IP will actually end up being tunneled to the internal IP address.

Even though this sounds like something you do not have to worry about to much, for some services it is vital to understand what the external IP is and not only what the internal IP is.

No comments: