Manage Network

Create New Network Resources in OCI (Greenfield Workflow)

• Create Network
• Use an existing DRG in OCI while creating the network
• Modify Network
• Modify Security Rules, Route Rules and DRG Route Rules
• Sync manual changes done in OCI of Security Rules, Route Rules and DRG Route Rules with CD3 Excel Sheet and Terraform
• Add/Modify/Delete NSGs
• Add/Modify/Delete VLANs
• RPCs

Note

Make sure to execute "Fetch Compartments OCIDs to variables file" from CD3 Services in setUpOCI menu before starting with Network Creation.

Create Network

Creation of Networking components using Automation Toolkit involves four simple steps.

• Add the networking resource details to appropriate Excel Sheets.
• Running the toolkit with 'Create Resources' workflow to generate *.auto.tfvars.
• Executing Terraform to provision resources in OCI.
• Exporting the automatically generated Security Rules and Route Rules by the toolkit to CD3 Excel Sheet.

Important

'Create Network' generates custom security rules and route rules in OCI along with default ones. Make sure to export them all into excel sheet after running Create Network.

Below are the steps in detail to create Network that includes VCNs, Subnets, DHCP, DRG, Security List, Route Tables, DRG Route Tables, NSGs, etc.

1. Choose appropriate excel sheet from Excel Templates and fill the required Network details in the Networking Tabs - VCNs, DRGs, VCN Info, DHCP, Subnets, NSGs tabs.
   

2. Execute setupOCI with Create Resources workflow.

3. Choose option 'Validate CD3' and then 'Validate Networks' to check for syntax errors in Excel sheet. Examine the log file generated at /cd3user/tenancies/<prefix>/<prefix>_cd3validator.log. If there are errors, rectify them accordingly and proceed to the next step.
   

4. Choose option 'Create Network' under 'Network' from the displayed menu. Once the execution is successful, multiple .tfvars related to networking like _major-objects.auto.tfvars and more will be generated under the folder /cd3user/tenancies/<prefix>/terraform_files/<region_dir>/<service_dir>
   

5. Look at the terraform plan and apply. Running terraform apply completes the creation of Networking components in OCI. Verify the components in console. However the details of the security lists and route tables may not be available in the CD3 Excel sheet yet. In order to export that data, follow the below steps:
   

6. Execute setupOCI with Create Resources workflow:

7. Choose 'Network' from the displayed menu. Choose below sub-options: (Make sure to choose all the three options for the first time)
   Security Rules
   - Export Security Rules (From OCI into SecRulesinOCI sheet)
   - Add/Modify/Delete Route Rules (Reads SecRulesinOCI sheet)
   Route Rules
   - Export Route Rules (From OCI into RouteRulesinOCI sheet)
   - Add/Modify/Delete Route Rules (Reads RouteRulesinOCI sheet)
   DRG Route Rules
   - Export DRG Route Rules (From OCI into DRGRouteRulesinOCI sheet)
   - Add/Modify/Delete Route Rules (Reads DRGRouteRulesinOCI sheet)
   

8. Executing terraform plan for network shows 'Up-to-Date' with no changes.

This completes the steps for Creating the Network in OCI and exporting the rules to the CD3 Excel Sheet using the Automation Toolkit.

Use an existing DRG in OCI while creating the network

In some scenarios, a DRG has already been created in the tenancy and rest of the Network components still need to be created. In such cases, generate the networking related tfvars using same process mentioned above till Step 4. Use same name for DRG in DRGs tab as present in OCI console.

• For Step 5, Navigate to the outdir path and execute the terraform commands:
  

   terraform init
  

   terraform import "module.drgs[\"<<drgs terraform variable name>>\"].oci_core_drg.drg" <<drg_ocid>>
  

  → This will Import the DRG into the state file.
  

   terraform plan
  

  → Terraform Plan will indicate to add all the other components except DRG.

   terraform apply
  

Continue executing the remaining steps (from Step 6) of Create Network.

Note

When using the toolkit with Jenkins, the apply pipeline for network will need to be stopped before running terraform import command for DRG. After terraform import cmd has been executed successfully, re-launch the apply pipeline for network folder.

Modify Security Rules, Route Rules and DRG Route Rules

Follow the below steps to add, update or delete the following components: - Security Lists and Security Rules - Route Table and Route Rules - DRG Route Table and DRG Route Rules

1. Modify the Excel sheet to update required data in the Tabs - RouteRulesInOCI, SecRulesInOCI, DRGRouteRulesInOCI tabs.
   

2. Execute setupOCI with Create Resources workflow.

3. Choose 'Network' from the displayed menu. Choose below sub-options:
   Security Rules
   - Add/Modify/Delete Security Rules (Reads SecRulesinOCI sheet)
   Route Rules
   - Add/Modify/Delete Route Rules (Reads RouteRulesinOCI sheet)
   DRG Route Rules
   - Add/Modify/Delete DRG Route Rules (Reads DRGRouteRulesinOCI sheet)

   Once the execution is successful, <prefix>_seclists.auto.tfvars, <prefix>_routetables.auto.tfvars and <prefix>_drg-routetables.auto.tfvars file will be generated under the folder /cd3user/tenancies/<prefix>/terraform_files/<region_dir>. Existing files will move into respective backup folders.

   Note

   This will create TF for only those Security Lists and Route Tables in VCNs which are part of cd3 and skip any VCNs that have been created outside of cd3 execution.

4. Look at the terraform plan and apply. Running terraform apply completes the modification of Security Rules, Route Rules and DRG Route Rules in OCI. Verify the components in console.
   

Modify Network

Modifying the Networking components using Automation Toolkit involves three simple steps.

• Add/modify the details of networking components like the VCNs, Subnets, DHCP and DRG in Excel Sheet.
  
• Running the toolkit with 'Create Resources' workflow to generate *.auto.tfvars.
  
• Executing Terraform to provision/modify resources in OCI.

Follow these Steps to modify Security Rules, Route Rules and DRG Route Rules.

1. Modify the Excel sheet to update required data in the Tabs - VCNs, DRGs, VCN Info, DHCP and Subnets.
   

2. Execute setupOCI with Create Resources workflow.

3. To Validate the CD3 excel Tabs - choose option 'Validate CD3' and 'Validate Networks' from sub-menu to check for syntax errors in Excel sheet. Examine the log file generated at /cd3user/tenancies/<prefix>/<prefix>_cd3validator.logs. If there are errors, rectify them accordingly and proceed to the next step.
   

4. Choose option 'Modify Network' under 'Network' from the displayed menu. Once the execution is successful, multiple .tfvars related to networking like <prefix>_major-objects.auto.tfvars and more will be generated under the folder /cd3user/tenancies/<prefix>/terraform_files/<region_dir>/<service_dir>. Existing files will move into respective backup folders.
   Note-: Make sure to export Sec Rules, Route Rules, DRG Route Rules to CD3 Excel Sheet before executing this option.
   

5. Look at the terraform plan and apply. Running terraform apply completes the modification of Networking components in OCI. Verify the components in console.

Sync manual changes done in OCI of Security Rules, Route Rules and DRG Route Rules with CD3 Excel Sheet and Terraform

Follow the below process to export the rules to the same CD3 Excel Sheet as the one used to Create Network, and to sync the Terraform files with OCI whenever a user adds, modifies or deletes rules in OCI Console manually.

Note

Make sure to close the Excel sheet during the export process.

1. Execute setupOCI with Create Resources workflow.

2. Choose 'Network' from the displayed menu. Choose below sub-options:
   Security Rules
   - Export Security Rules (From OCI into SecRulesinOCI sheet)
   Route Rules
   - Export Route Rules (From OCI into RouteRulesinOCI sheet)
   DRG Route Rules
   - Export DRG Route Rules (From OCI into DRGRouteRulesinOCI sheet)

   Once the execution is successful, 'RouteRulesInOCI', 'SecRulesInOCI', 'DRGRouteRulesInOCI' tabs of the excel sheet will be updated with the rules exported from OCI. At this point, we only have our Excel sheet Tabs updated, proceed to the next step to create the Terraform Files for the same.

3. Choose 'Network' from the displayed menu. Choose below sub-options:
   Security Rules
   -Add/Modify/Delete Security Rules (Reads SecRulesinOCI sheet)
   Route Rules
   - Add/Modify/Delete Route Rules (Reads RouteRulesinOCI sheet)
   DRG Route Rules
   - Add/Modify/Delete DRG Route Rules (Reads DRGRouteRulesinOCI sheet)

   Once the execution is successful, <prefix>_seclists.auto.tfvars, <prefix>_routetables.auto.tfvars and <prefix>drg-routetables.auto.tfvars files will be generated under the folder /cd3user/tenancies/<prefix>/terraform_files/<region_dir>/<service_dir>

4. Look at the terraform plan and apply. Running terraform apply completes the export of Security Rules, Route Rules and DRG Route Rules from OCI. Terraform plan/apply should be in sync with OCI.

Add/Modify/Delete NSGs

1. Modify the Excel sheet to update required data in the Tabs - NSGs.
   

2. Execute setupOCI with Create Resources workflow.

3. Choose 'Network' from the displayed menu. Choose below sub-option:
   Network Security Groups
   - Add/Modify/Delete NSGs (Reads NSGs sheet)

   Once the execution is successful, <prefix>_nsgs.auto.tfvars will be generated under the folder /cd3user/tenancies/<prefix>/terraform_files/<region_dir>/<service_dir>. Existing files will move into respective backup folders.

4. Look at the terraform plan and apply. Running terraform apply completes the modification of NSGs in OCI. Verify the components in console.

Add/Modify/Delete VLANs

1. Modify the Excel sheet to update required data in the Tabs - SubnetsVLANs.
   

2. Make sure that the RouteRulesinOCI sheet and corresponding terraform is in synch with route rules in OCI console. If not, follow the procedure specified in Sync manual changes done in OCI of Security Rules, Route Rules and DRG Route Rules with CD3 Excel Sheet and Terraform
   

3. Execute setupOCI with Create Resources workflow.

4. Choose 'Network' from the displayed menu. Choose below sub-option:
   - Add/Modify/Delete VLANs (Reads SubnetsVLANs sheet)

   Once the execution is successful, <prefix>\_vlans.auto.tfvars will be generated under the folder /cd3user/tenancies/<prefix>/terraform_files/<region_dir>/<service_dir>. Existing files will move into respective backup folders.<prefix>_routetables.auto.tfvars file will also be updated with the route table information specified for each VLAN.

5. Look at the terraform plan and apply. Run terraform apply.

6. Again make sure to export the Route Rules in OCI into excel and terraform. Follow the procedure specified in Sync manual changes done in OCI of Security Rules, Route Rules and DRG Route Rules with CD3 Excel Sheet and Terraform

This completes the modification of VLANs in OCI. Verify the components in console.

RPCs

Remote VCN peering is the process of connecting two VCNs in different regions (but the same tenancy). The peering allows the VCNs' resources to communicate using private IP addresses without routing the traffic over the internet or through your on-premises network.

• Modify the Excel sheet to update required data in the Tabs - DRGs.
• The source and target RPC details to be entered in DRG sheet for establishing a connection. Check the example in excel file for reference.
• Make sure that the DRGRouteRulesinOCI sheet and corresponding terraform is in synch with DRG route rules in OCI console. If not, follow the procedure specified in Sync manual changes done in OCI of Security Rules, Route Rules and DRG Route Rules with CD3 Excel Sheet and Terraform
• Global directory which is inside the customer outdir will have all RPC related files and scripts.
• The RPC resources(modules,provider configurations etc) are generated dynamically for the tenancy and can work along only with CD3 automation toolkit.
• Choose option 'Network' and then 'Customer Connectivity' for creating RPC in create_resources (GreenField) workflow.
• Output files are created under /cd3user/tenancies/<prefix>/terraform_files/global/rpc directory

Export Existing Network Resources from OCI (Non-Greenfield Workflow)

• Export Network
• Add a new or modify the existing networking components

Note

Make sure to execute "Fetch Compartments OCIDs to variables file" from CD3 Services in setUpOCI menu before starting with Network Creation.

Export Network

Follow the below steps to export the Networking components that includes VCNs, Subnets, DHCP, DRG, Security List, Route Tables, DRG Route Tables, NSGs, etc to CD3 Excel Sheet and create the Terraform state.

1. Use the CD3-Blank-Template.xlsx to export the networking resources into the Tabs - VCNs, DRGs, VCN Info, DHCP, Subnets, NSGs, RouteRulesInOCI, SecRulesInOCI,DRGRouteRulesInOCI tabs.
   

2. Execute setupOCI with Export Resources workflow.

3. Choose one of the below available sub-options from 'Export Network' of the main menu.

   • Export all Network Components
   • Export Network components for VCNs/DRGs/DRGRouteRulesinOCI Tabs
   • Export Network components for DHCP Tab
   • Export Network components for SecRulesinOCI Tab
   • Export Network components for RouteRulesinOCI Tab
   • Export Network components for SubnetsVLANs Tab
   • Export Network components for NSGs Tab

   Once the execution is successful, networking related *.auto.tfvars files and .sh files containing import statements will be generated under the folder /cd3user/tenancies/<prefix>/terraform_files/<region_dir>/<service_dir>

   Also,The RPC related .tfvars and .sh files containing import statements will be generated in global directory which is inside the /cd3user/tenancies/<prefix>/terraform_files/ folder.

4. Execute import_commands_network_major-objects.sh and then rest of the sh files. These will be automatically executed while using the toolkit with Jenkins.

Note

The oci_core_drg_attachment_management for RPC resources will be shown as created at the end of import process, but it doesn't actually create any resources and can be safely ignored.

5.Running terraform plan must show that all the components are in sync. This completes the export of Networking components from OCI.

Sample of CD3 Excel after export:
(DO NOT Modify the highlighted columns)

(Showing old images below)
VCNs tab:

Subnets tab:

Add a new or modify the existing networking components

1. Export the Networking components by following the above Steps. (Note that here Workflow Type is set to Export Resources)
2. Follow this process to add new components such as VCN/DHCP/DRG/IGW/NGW/SGW/LPG/Subnet etc. (Note that here Workflow Type is set to Create Resources)