OCI GoldenGate Networking Setup and Requirements
Note Oct 2024 — Some of OCI GG concepts and terminologies have changed since Dec 2023. This article is good to understand basics, but I recommend reading this post which is updated with latest concepts.
In this article we’ll learn OCI GG network setup and requirements. Plus, we’ll look at ports and IP requirements for OCI GG deployment.
Network setup is one the most important planning aspects before starting with OCI GoldenGate (OCI GG) deployment. A well-planned NW setup will save you headaches when troubleshooting connectivity and replication issues.
Consider a common scenario. The following three resources are in the same private subnet. All three resources do not have public endpoints.
- OCI GG with private endpoint
- Source Oracle DB on VM based DB system with Listener Port 1521
- Target OCI Autonomous DB with mTLS connection on Port 1522
Note — You can use this diagram template to document your existing or new deployments. Visual communication makes it easy for everyone to understand the setup. This is especially important if the replication setup is complex.
In the above diagram blue circles indicate DB resources. OCI GG deployment and DB connections are marked with black circles. OCI GG + DB icons (10.0.0.2 and 10.0.0.4) represent OCI GG DB connections. Center OCI GG icon (10.0.0.3) represents deployment. To summarize, there is one deployment with two DB connections assigned.
Dotted lines indicate the logical data flow. Bi-directional solid arrows indicate communication between DB and OCI GG DB connection.
Note — IP addresses in diagram are hypothetical and do not match the screen captures in the article below.
IP address requirements -
How many IP addresses do we need for the above OCI GG deployment?
One IP address is required for the deployment itself and one for each DB connection. A total of three private IP’s (indicated by black circles numbered 2, 3 and 4). Each OCI GG connection to database on private endpoint will have its own ingress IP from a private subnet.
If source/target DB is created with private endpoint, the “Network connectivity via private endpoint” option must be selected while creating the OCI GG DB connection.
Connection Ingress IP can be verified after connection creation. Connection to respective databases will originate from this Ingress IP and not from the deployment.
Source and target databases each require one private IP (indicated by Blue Circles 1 and 5).
Including both OCI GG & DB, we need five IP addresses from the private subnet.
Keep this in mind when planning your subnet and growth of OCI resources. If the DB subnet is very tightly defined, it’s better to host OCI GG in its own subnet.
If you plan to host both OCI GG and DB in same subnet, it is recommended to have a larger subnet to accommodate current and future requirements.
PORTS
The next major question after IP address is what ports are required to be opened for OCI GG deployment.
Continuing our example from the previous section, the following ports will need to be opened:
- Port 443 i.e., HTTPS for accessing OCI GG web console. This is indicated by black circle numbered 3 with IP 10.0.0.3 in the above diagram. Communication to Source and Target DB will not be from this IP
- Ingress rules for source DB ( blue circle numbered 1 with IP 10.0.0.1) must allow connection from OCI GG Connection number 2 (IP 10.0.0.2). Similarly, Target DB (blue circle numbered 5 with IP 10.0.0.5) must allow connection from OCI GG Connection numbered 4 (IP 10.0.0.4)
Simply put, treat OCI GG as JADC (Just another database client :-) ). Allow DB connection from the Ingress IP, that’s it!
This is a very important point to understand. Connection to Source and Target DB’s originate from OCI GG connection ingress IP (10.0.0.2 and 10.0.0.4) and not from the deployment itself ( 10.0.0.3 ).
Since all resources are within same subnet, additional security list/NSG configuration may not be required. This is more important when the DB and OCI GG are in different subnets.
I will cover different scenarios with slightly more complexity in subsequent articles. I hope this was informative and useful. Thank you for reading so far.
See something you like or don’t like here, leave a note and share your feedback.
Bookmark the repo for latest code samples and scripts.
You can also drop into our developer Slack channel and ask around!
