Author: Sergio J. Castro

Sergio J. Castro is a Senior Cloud Solutions Engineer at Oracle North America Cloud, With 7 years of cloud computing experience and 26 years of overall IT experience, Sergio has worked from multinational companies such as Oracle, IBM, and Ericsson; to 10 person startup companies. He holds a Bachelor of Science Degree in Computer Science from the Autonomous University of Baja California. He is Certified as a Cloud Solutions Architect from both OCI and AWS, and he also earned a CCNA from Cisco Systems. He focuses on Networking and on Next-Generation IT services.

Oracle Cloud Infrastructure 2024 Certified Networking Professional – Beta

The newest certification from Oracle Cloud Infrastructure is the OCI 2024 Certified Networking Professional. It is still in beta mode and will be with this status until 15 October 2023; returning as a Generally Available certification early in December of this year. If you are interested in taking this certification, visit the Oracle University learning path for it.

Oracle Cloud Infrastructure 2024 Certified Networking Professional certification is for Cloud professionals that have at least two years of general experience with OCI, or other IaaS cloud providers and are already familiar with general Networking concepts. An Oracle Cloud Infrastructure 2024 Certified Networking Professional has demonstrated the hands-on experience and knowledge required to plan, design, implement, and operate networking solutions on OCI. The abilities validated by this certification include:

• Plan and Design OCI Networking and Connectivity Solutions

• Design for Hybrid and Multicloud Networking Architectures

• Implement, and Operate Secure OCI Networking and Connectivity Solutions

• Migrate workloads to OCI

• Troubleshoot OCI Networking and Connectivity issues.

Happy testing!

Hashicorp’s cidrsubnet function

A while back I witnessed a Terraform presentation where a subnet’s IPv4 CIDR block was constructed from a parent VCN by invoking a Hashicorp function called cidrsubnet. This function is very useful because it can save time when you have multiple VCNs in your Terraform code. And it is universal, it can be used when there are several concurrent Terraform providers in the same code.

The function’s format is like this: cidrsubnet(prefix, newbits, netnum).

The prefix field is for the VCN CIDR. You can enter a variable in the prefix field. For example cidrsubnet(var.vcn_cidr, 8,1). Let’s say that the VCN CIDR is 10.0.0.0/16, then the value of var.vcn_cidr is 10.0.0.0/16. So, the function looks like this: cidersubnet(“10.0.0.0/16”,8,1).

The newbits value is the number of digits that you will be adding to the actual CIDR value. 16 + 8 = 24, so the subnet will be a /24 subnet.

The netnum value is for completing the actual subnet, and it depicts the “raw” decimal number of the binary portion of the subnet side of the CIDR, in this case is the third octet. The result for the subnet is 10.0.1.0/24.

This example illustrates it better:

cidrsubnet(“10.1.2.0/24”, 4, 15). 24+4 = 28, so the subnet will be a x.x.x.x/28 subnet.

The value in the netnum field will help us identify which of the 16 possible /28 subnets we’re creating. On a /28 subnet, in the fourth octet, the four left bits are the subnetwork bits. Convert 15 (the netnum value) to binary and you will get 1111. Place it on the subnetwork side of the fourth octet and you will get 1111|0000. The decimal value of the whole octet is 240, therefore the subnet is 10.1.2.240/28.

This is optimal, isn’t it?

Today is the best time for pursuing your Oracle Cloud Infrastructure certification!

There is nothing like experience. Having been there and having done that is the best benefit that one can offer to those who require our services, the knowhow. Cloud, specifically Infrastructure as a Service (IaaS), is a skill that is in high demand. One way to validate the gained experience is via a certification from your IaaS provider of choice. You are reading this blog post on Red Thunder, which means that Oracle Cloud Infrastructure (OCI) is your vendor of choice!

A certification is also a great way to start gaining experience, and the good news is that there is no better time for earning OCI certifications than today because for the rest of 2021 you can pursuit and earn OCI certifications for free!!! Not only can you secure a free 30 day trial on OCI (including always free resources), but also you can study all the OCI learning material free of charge. Oracle and Oracle University have released all the learning material that serves as a guide to OCI certifications, in addition to free OCI training, OCI certification testing is also free until 31 December, 2021

These are the some of the OCI certifications that you can pursuit and earn free of charge:

Summarizing, the learning material from Oracle University is free of charge, the certification testing is also free until 31 December, 2021. You can subscribe to a free 30 day Oracle Cloud Infrastructure trial, which you can use for doing OCI labs, and you can keep the always free resources for life; resources such as Compute, Virtual Cloud Network, Autonomous Database, Network Load Balancer, among others. Therefore, whether you are new to OCI or already have hands-on experience today is the best time for pursuing your OCI certification.

To learn more, visit the Free OCI Certification Promotion page.

Connect your OCI resources to other Clouds with Libreswan

IPSec VPN view from the OCI Network Visualizer

In today’s world, the norm for videos is that they should be short in length, even if they are instructional videos. They cite the short attention span of the targeted audience…. And I do agree to some extent. However, in tech there are many occasions that  require a longer length so they can properly address all the details of the topic at hand. Back in March 2021, I recorded myself for the purpose of demonstrating how to configure to completion an Inter-Cloud VPN connection using the Oracle Cloud Infrastructure (OCI) native IPSec VPN tunnel against a Customer Premises Equipment (CPE) with LibreSwan on an Amazon Web Services (AWS) Elastic Cloud Compute (EC2) instance. The video is nearly 30 minutes long! Only the truly committed will follow along, which is the intention.  

I used official OCI documentation as a basis. Basically I explain every single step on this document while I perform them on both OCI and AWS consoles.

This is the link to this document:

https://docs.oracle.com/en-us/iaas/Content/Network/Concepts/libreswan.htm

Even though in the video I present myself as an Oracle employee, which I proudly am, the video and this post are NOT official Oracle documents. Any opinion is my own and only my own.

I hope that you find this step-by-step video helpful. This is the link to it:

P.S. The reason why I am using a non-RFC1918 CIDR prefix is because I am strictly following the steps in the guide.

Configure to completion a site-to-site VPN tunnel on OCI using the VPN Wizard

There is plenty of information out there about connecting from an on-premises network to OCI. But if you want to see a step-by step-procedure that configures to completion an actual VPN you will have a hard time finding it. And rather than writing about it, this time I will actually show it.

OCI VPN Wizard

This link will take you to the list of OCI’s verified CPE (Customer Premises Equipment) devices. If your On-Premises CPE is in this list then the VPN configuration should be very easy. In my case, the router I used is not in the list. It is a SOHO (Small Office-Home Office) type of router. For this configuration the on-premises network is my Home-Office LAN. For routers not on the list, there is an option called “other”. OCI offers a lists of supported configuration parameters for VPN connections that you can use for “other” types of routers. Here is the link to these parameter. And I explain them in the video. I hope that you find it useful:

https://tinyurl.com/OCI2HomeVPN

Enhance the security of your website with Oracle Cloud Infrastructure’s Web Application Firewall

Oracle recently introduced a Web Application Firewall (WAF) to further enhance and secure Oracle Cloud Infrastructure offerings. The Oracle Cloud Infrastructure WAF is based on Oracle Zenedge and Oracle Dyn technologies. It inspects all traffic destined to your web application origin and identifies and blocks all malicious traffic. The WAF offers the following tools, which can be used on any website, regardless of where it is being hosted:

  • Origin management
  • Bot management
  • Access control
  • Over 250 robust protection rules that include the OWASP rulesets to protect against SQL injection, cross-site scripting, HTML injection, and more

In this post, I configure a set of access control WAF policies to a website. Access control defines explicit actions for requests that meet conditions based on URI, request headers, client IP address, or countries and regions.

Continue reading “Enhance the security of your website with Oracle Cloud Infrastructure’s Web Application Firewall”