When you work with Oracle Cloud Infrastructure, one of the first steps is to set up a virtual cloud network (VCN) for your cloud resources. In this episode, Lois Houston and Nikita Abraham, along with Rohit Rahi, discuss Oracle’s Virtual Cloud Network, VCN routing, and security.   Oracle MyLearn: https://mylearn.oracle.com/ Oracle University Learning Community: https://education.oracle.com/ou-community X (formerly Twitter): https://twitter.com/Oracle_Edu LinkedIn: https://www.linkedin.com/showcase/oracle-university/   Special thanks to Arijit Ghosh, Kiran BR, Rashmi Panda, David Wright, the OU Podcast Team, and the OU Studio Team for helping us create this episode.   ---------------------------------------------------------   Episode Transcript:  00:00 Welcome to the Oracle University Podcast, the first stop on your cloud journey. During this series of informative podcasts, we’ll bring you foundational training on the most popular Oracle technologies. Let’s get started. 00:26 Lois: Hello and welcome to the Oracle University Podcast. I’m Lois Houston, Director of Innovation Programs with Oracle University, and with me is Nikita Abraham, Principal Technical Editor. Nikita: Hi everyone. We hope you’ve been enjoying these last few weeks as we’ve been revisiting our most popular episodes of the year.  00:47 Lois: Today’s episode is the fourth of six we’ll have in this series and it’s a throwback to a conversation with Rohit Rahi, our Vice President of CSS OU Cloud Delivery, talking about Networking in OCI. We began by asking Rohit to explain what a Virtual Cloud Network is. Let’s listen in. 01:06 Rohit: At its core, it's a private software defined network you create in Oracle Cloud. It's used for secure communication. Whether instances talking to each other, instances talking to on-premises environments, or instances talking to other instances in different regions, you would use Virtual Cloud Network.  It lives in an OCI region. Like we said, it's a regional service. It's highly available, massively scalable, and secure. And we take care of these things for you. So before we dive deep into the VCN and all the characteristics and all the features it has, let's look at some of the basic stuff.  01:44 Rohit: So the first thing is VCN has an address space. In this case, you see this address space is denoted in a CIDR notation. CIDR stands for classless interdomain routing.  The VCN has an IP addressing range. And what that means is you have an address range. You take that range. And you can break it down into smaller networks which are called subnetworks. And these subnetworks are where you would instantiate your compute instances.  02:16 Nikita: And what can you tell us about the different mechanisms that exist inside a VCN?  Rohit: So first, there is a notion of internet gateway. This is a gateway which is massively scalable, highly available, and is used for communication to anything on the internet.  So if you have a web server which wants to talk to other websites on the web being able to be accessed publicly, you would use an internet gateway. So going to the internet and coming back from the internet. You also have this highly available, massively scalable router called NAT gateway. And it is used for providing NAT as a service.  02:53 Rohit: So what this means is the traffic is unidirectional. It can go from your private subnets to the internet. But users from the internet cannot use the NAT gateway to reach your instances running in a private subnet. So the idea with the NAT gateway is to enable outbound communication to the internet, but block inbound communications or connections initiated from the internet.  Then we have another router which is called Service Gateway. And the idea is it lets resources in VCN access public OCI services such as object storage, but without using an internet or NAT gateway. So these are the three scenarios-- Internet gateway for internet, NAT gateway also for internet but unidirectional, and