Permitting Traffic Between Oracle Cloud Infrastructure Compute Classic Instances


Options



Before You Begin

Purpose

This tutorial shows you how to permit traffic on a port and protocol of your choice between Compute Classic instances.

Note: If the instances between which you want to permit traffic are in the same security list, then they can already communicate freely with each other on all ports and protocols. No further action is necessary to permit traffic between them.

Time to Complete

Approximately 10 minutes

Scenario

You're running Oracle WebLogic Server managed servers on two Compute Classic instances and Oracle Database instances on two other Compute Classic instances. You want to allow TCP traffic over port 1152 from the Compute Classic instances hosting Oracle WebLogic Server to the Compute Classic instances hosting Oracle Database.

What Do You Need?

To perform the steps in this tutorial, you must be a service user with the Compute Operations role. If you don't have this role, ask your service administrator to assign the role to you in Oracle Cloud My Services.

Creating Security Lists

A security list is a group of Compute Classic instances.

To open a port on specific instances, you must first group those instances in a security list. Create one security list for the Compute Classic instances hosting Oracle WebLogic Server and another security list for the Compute Classic instances hosting Oracle Database.

  1. Sign in to Oracle Cloud My Services and go to the Compute Classic console.
  2. Click the Network tab.
  3. On the Network page, click the Security Lists tab in the left pane.
  4. Click Create Security List.
  5. In the Create Security List dialog box, do the following:
    • Name: Enter a name for the new security list (for example, ms_seclist). Note this name. You'll use it later in this tutorial.
    • Leave the Inbound Policy and Outbound Policy fields at the default values.
    • Description: Enter a description for the new security list (for example, WebLogic Server managed server VMs).

    Create Security List dialog box

  6. Click Create.
  7. Repeat this procedure to create another security list (say, db_seclist) for the Oracle Database VMs.

Next, add your Compute Classic instances to the security lists that you just created.

Adding Instances to the Security Lists

  1. Click the Instances tab.
  2. From the list of instances displayed, identify the first instance that you want to add to a security list. From the Menu icon menu, select View.
  3. On the instance details page, click Add to Security List.

    The Add to Security List dialog box is displayed.

  4. Select the appropriate security list out of the two security lists that you created earlier in this tutorial.
  5. Add to Security List dialog box

  6. Click Attach.
  7. Repeat this procedure for each of the instances that you want to add to security lists.

At this point, all the instances between which you want to permit traffic have been added to the appropriate security lists. For example, all the Compute Classic instances hosting Oracle WebLogic Server have been added to the ms_seclist security list, and all the Compute Classic instances hosting Oracle Database have been added to the db_seclist security list.

Next, create a security application for port 1152.

Creating a Security Application

A security application, in this context, is a mapping between a port number and port type (TCP, UDP, or ICMP).

To open port 1152, you must create a security application for that port in Compute Classic.

  1. Click the Network tab.
  2. On the Network page, click the Security Applications tab in the left pane.
  3. Click Create Security Application.
  4. In the Create Security Application dialog box, do the following:
    • Name: Enter a name for the new security application (for example, tcp_1152). Note this name. You'll use it later in this tutorial.
    • Port Type: Select tcp.
    • Port Range Start and Port Range End: In both these fields, enter the port that you want to open (for example, 1152).
    • Description: Enter a description for the new security application (for example, TCP traffic to port 1152).

    Create Security Application dialog box

  5. Click Create.

Next, create a security rule to permit traffic over port 1152 from the Compute Classic instances hosting your Oracle WebLogic Server managed servers to the Compute Classic instances hosting your Oracle Database instances.

Creating a Security Rule

  1. Click the Security Rules tab in the left pane.
  2. Click Create Security Rule, and do the following:
    • Name: Enter a name for the rule (for example, allow_ms2db_1152).
    • Status: Select Enabled.
    • Security Application: Select the tcp_1152 security application, which you created earlier in this tutorial.
    • Source: From the security lists drop-down list, select the ms_seclist security list, which you created earlier in this tutorial.
    • Destination: Select the db_seclist security list, which you created earlier in this tutorial.
    • Description: Enter a description for the rule (for example, Allow TCP traffic from managed servers to DB).

    Create Security Rule

  3. Click Create.

TCP traffic can now flow on port 1152 from your Oracle WebLogic Server managed servers running on the Compute Classic instances that are part of the ms_seclist security list to the Oracle Database instances running on the Compute Classic instances that are part of the db_seclist security list.

At any time, you can temporarily suspend security rules by disabling them. You can also delete security rules that you no longer need.

Disabling and Deleting Security Rules

Disabling a Security Rule

  1. Sign in to Oracle Cloud My Services and go to the Compute Classic console.
  2. Click the Network tab.
  3. Identify the security rule that you want to disable.
  4. From the Actions menu, select Update.
  5. In the resulting dialog box, change Status to Disabled.
  6. Click Update.

Deleting a Security Rule

  1. Sign in to Oracle Cloud My Services and go to the Compute Classic console.
  2. Click the Network tab.
  3. Identify the security rule that you want to delete.
  4. From the Actions menu, select Delete.
  5. At the confirmation prompt, click Yes.

Want to Learn More?

Credits

  • Lead Curriculum Developer: Kumar Dhanagopal

  • Other Contributors: Eshwar Narayan, Anamika Mukherjee