Monday, June 29, 2020

OCI Traffic Management Geo-Location based Steering Policy

9:15 AM Posted by Dilli Raj Maharjan No comments

Global steering policy is needed to route users from a region to service instance in that respective region. Depending upon the user's geolocation and IP prefix of the source IP address, OCI Steering policy will return different answers to the DNS query for the application. Geolocation steering dynamically routes request to approprite response pool based on the physical location of the client. OCI will monitor the primary endpoint (via Oracle Health Checks) and reroute all traffic to a failover location if the primary endpoint is unresponsive. 

Geolocation Steering

Geolocation Steering consists of multiple steps as below:

  1. Creating DNS Zone.
  2. Creating web servers in multiple regions.
  3. Creating Traffic management Steering policies.

Creating DNS Zone

We can create zones, add records to zones, and allow Oracle Cloud Infrastructure's edge network to handle our domain's DNS queries. In my case I am creating DNS zone for my domain I have set my zone type as primary and Added oracle cloud nameserver to my domain's nameserver list.

Following is the step by step process to create DNS Zone for my domain

Click on Navigation menu > Networking > DNS Zone Management.

On the landing page click on Create Zone button to create a zone.

Since I am going to add all the details manually. I have selected method MANUAL. Provided zone name as and zone type as Primary and click on Create to create the zone.

Once zone creation is completed, click on Zone name to view details of the name servers.

Namservers will be displayed in the zone information page. Add these name servers in your domain's name server's list.

Creating web servers in multiple regions.

We are going to create two web servers in US East region and Germany Central Frankfurt regions. We will route all the traffic generated from US to the web server hosted in US region and all the traffic generated from Europe to the web server hosted in Germany Frankfurt.

Following is the web server instance created in US region.

While accessing web page using IP address following is the page that is displayed.

Similar I have next web server instance created in Germany Frankfurt.

Following is the web page that get displayed when I access web pages from web server created at Germany Frankfurt.

Creating Traffic Management Steering Policy

Now we are going to create traffic management steering policy which will route all the traffic from US to web server created in US region, all traffic from Europe to web server hosted in Germany, and all traffic from rest of the place will be route to US and failover to Germany.

Click on Navigation menu > Networking > Traffic Management Steering Policies

Click on Create Traffic Management Steering Policy button in the landing page.

Select GEOLOCATION STEERING option and Provide the name of Policy.

Provide the answer pool name, answer name, type of record and IP address of the web server in US. 

Provide second Answer pool details. Provide Answer pool name, name of Answer, record type and IP address of the server hosted in EU region.

Create Geolocation Steering Rules.  Provide GEOLOCATION, Name of the pools and click on +Additional Rules to add addition Steering Rules.

Add second GeoSteering rules, Provide GEOLOCATION and name of the POOL. Click on Add Global Catch-all. Catch-all will define rules for all the locations beside defined on the rules. In our case all the locations beside Europe, North America and South America will match on the Catch-all rule and route traffic as define on the list of the pool.

Add pool for the Global Catch-all.

Health Check will check the health status of the backend server using defined protocol. If any server fails in Health check, traffic will be route to next available pool. In my case, there is no Health Check defined so I am adding new one. Provide Health check name, interval in second that health check to be performed and the protocol that is used.

Next part is to attach the policy to domain(s). Once this policy get attached to the domain specified it will route traffic as per the define policy. Select the domain name from the drop down and Click on Create Policy.

Once Steering policy is created we can view detail of the policy.

Browsing website from my location(Aish/Nepal) I am getting web page from server hosted in US region. In this case, rule defined for Global Catch-all get matched and my DNS request get resolved to the server in US. In the case when US server is not healthy or not available the next available server in EU get resolved.

Next, I set web Proxy server to one of the free web proxy server in New York and accessed the page. In this case my DNS request get resolved and returned IP address of the server in the US.

Setting US based free web proxy to the browser.

My DNS request get resolved to IP address of the web server created in US.

Now I set web Proxy server to one of the free web proxy server in France/Europe and accessed the page. In this case my DNS request get resolved and returned IP address of the server in the Germany.

Setting France based free web proxy to the browser.

My DNS request get resolved to IP address of the web server created in US.

Friday, June 12, 2020

Install Terraform for OCI in linux.

6:31 AM Posted by Dilli Raj Maharjan , No comments

Terraform is the infrastructure as code offering from HashiCorp. It is a tool for building, changing, and managing infrastructure in a safe, repeatable way. Operators and Infrastructure teams can use Terraform to manage environments with a configuration language called the HashiCorp Configuration Language (HCL) for human-readable, automated deployments.

Advantages of using terraform:

1. Platform Agnostic
        It can manage a heterogeneous environment (AWS, GCP, OCI, etc) with the same workflow by creating a configuration file.
2. State Management
        Terraform uses this local state to create plans and make changes to your infrastructure
        Terraform state is the source of truth by which configuration changes are measured.
        If any changes are made to the configuration file, terraform compares those with the state file to determine what changes result in a new resource.
3. Operator Confidence
       When we execute terraform apply, we will be prompted to review the proposed changes and must affirm the changes, or else Terraform will not apply the proposed plan.

Installation is quite easy. Following is a step by step installation guide for terraform with OCI.

Root privilege is not required for installation. I have used user terraform to install and configure terraform and OCI CLI.

Install OCI CLI.

Switch to the desired user and executed following command to download and execute
bash -c "$(curl -L"

You will be prompted for an install location. Just press enter if default location works.

Installation in progress #####.

Installation in progress ##########.

Finally, Installation completed. Installation will add the location of the oci binary to PATH env variables.

Verify the oci is available.

Check oci version with --version option

Configure oci with command below
oci setup config

You will be prompted for config location, user ocid, tenancy ocid, region and for API signing key. Create API singing key.

Once the oci cli setup is completed login to the OCI console and click on the user under the Profile section.

On the left-hand side under Resources section Click on API Keys.

In API Keys page click on Add Public Key

Select to PASTE PUBLIC KEYS and Paste public key created during the oci cli setup. The default name of the Public key will be oci_api_key_public.pem. Once you pasted public key Click on Add to continue.

Install terraform.

Open site

Select Operation System as per your host and the architecture. In my case, I am going to install a terraform on Linux 64 bit. Click on the link and download the terraform or copy link and use wget to download the terraform.

Downloading terraform using wget command.

Once download is complete unzip compressed terraform.

Move terraform binary to executable directory and type terraform --version to display version information. Terraform installed successfully and ready to execute terraform configuration.