# Lesson 5: OCI Networking Services > Virtual Cloud Network, Gateways, Peering, VCN Security, Load Balancer ## Virtual Cloud Network (VCN) * A private network in Software layer which lives in an OCI Region. * Enables OCI resources to securely communicate with **Internet**, other **instances** or **on-premises(内部, 本地) data center**. * Highly Available, Scalable and Secure. ### How to establish a VCN * Private address pool assigned to a VCN * Subnets in private address pool ![](https://imgur.com/pZME7IM.png) ## Gateways ### Internet Gateway It provides a path for network traffic between your **VCN** and the **internet**. ### Nat Gateway It gives cloud resources without public IP addresses access to the internet without exposing those resources to incoming internet connections. 它提供的云资源无需公共IP地址即可访问Internet,而不会将这些资源暴露于传入的Internet连接中。 ### Dynamic Routing Gateway (DRG) when connecting your existing on-premises network to your virtual cloud network (VCN). ![](https://imgur.com/6B9z5Nl.png) There are 2 mechanisms of DRG: * VPN Connect (IPSec VPN) An **encrypted connection over the internet** between between your on-premises network (a data center or corporate LAN) and your Oracle virtual cloud network (VCN) * FastConnect An **dedicated, private connection** between your data center and Oracle Cloud Infrastructure, **bypasses the internet** (绕过internet) ### Service Gateway which lets resources in VCN access public services such as **Object Storage**, but **without** using an internet or NAT gateway. So your traffic is not going over the internet ![](https://imgur.com/PBSsDP7.png) ## VCN Security * Firewall rules to protect subnets * Network Security Group consists of set of rules applied only for VNICs ## Peering **communicate to other VCNs**, it has 2 types of peering: * Local VCN peering Connect 2 VCNs in the **same region** so that their resources can communicate using private IP addresses. ![](https://imgur.com/t4tCxes.png) * Remote VCN peering Connect 2 VCNS in **different regions** so that their resources can communicate using private IP addresses. ![](https://imgur.com/FToNNM8.png) ## Load Balancer It provides automated traffic distribution from one entry point to multiple servers reachable from your virtual cloud network (VCN) A load balancer improves **resource utilization**, facilitates **scaling**, **fault tolerance** and helps ensure **high availability**. You can configure multiple load balancing policies and application-specific **health checks** to ensure that the load balancer directs traffic only to healthy instances. It has 2 types of LB: * Public Load Balancer To accept traffic from the internet, you create a public load balancer. ![](https://imgur.com/hIQJLW5.png) * Private Load Balancer To isolate your load balancer from the internet and simplify your security posture 处境