FastConnect Public Peering Advertised Routes
This topic discusses the public IP address ranges (routes) that BGP advertises to your on-premises network over FastConnect public peering (a public virtual circuit). You may need this information when configuring firewall allow lists for your on-premises network.
By default, when you connect with FastConnect to Oracle Cloud Infrastructure (OCI) in a particular region, the routes advertised over the public virtual circuit include routes for other OCI regions in the same market, and for specific Oracle Cloud Infrastructure Classic regions. For more information about regions, see About Regions and Availability Domains.
If you do not own a Public ASN or Public IP Address, you might need to review this section: To use FastConnect if you do not own a Public ASN or Public IP Address .
Using route filtering you can also choose to advertise public routes to your on-premises network at the region or global (all regions in all markets) scope, or choose to only allow connection to Oracle Services Network (OSN). The following map and tables show which regions are in the same market group.
Downloading the JSON File
Use this link to download the current list of all public IP ranges in all commercial regions. This list is formatted in JSON, and provides the most current list of the actual public routes advertised by a region. If necessary, you can concatenate several regional lists into market lists.
You can poll the published file to check for new IP address ranges as frequently as every 24 hours. We recommend that you poll the published file at least weekly. More information on reading and using this JSON file is at IP Address Ranges.
Security considerations for FastConnect public peering
Always consider FastConnect public peering as an untrusted interface, and put in place firewalls and other access controls as you would for any network interface connected to the Internet.
When your on-premises network is connected to OCI using FastConnect public peering without access controls or route filtering, your on-premises network can potentially receive packets from:
- All VCNs in the same market in your tenancy (or tenancies, if you have more than one) with internet access
- Any VCN resources with internet access operated by other OCI customers in the same market
- OCI public services such as Object Storage, the Console, or APIs
When your on-premises network is connected to OCI using FastConnect public peering without access controls, your on-premises network cannot receive packets from:
- Routers used by other OCI customers' on-premises networks that are also connected with FastConnect public peering
- Internet users and resources
Markets are groupings of OCI regions that are in the same general part of the world. The following map shows the OCI regions grouped into the four existing markets. It also indicates which regions interconnect with Azure ExpressRoute.
Regions in each market:
The following table shows the OCI regions grouped into the four existing markets. If you use FastConnect public peering to connect to one of the following OCI regions, and you set route filtering to the market scope, BGP advertises routes from the region to which you are directly connected and also the other regions in the market to your on-premises network.
Links are also provided to lists of Oracle Cloud Infrastructure Classic regional routes that can be advertised over the public virtual circuit.
The Microsoft Logo ( ) shown on the map indicates regions that allow direct Access to Microsoft Azure.
|Market||OCI regions in the market - region keys||Oracle Cloud Infrastructure Classic regions in the market|
|Asia Pacific (APAC)||
Australia East (Sydney) - SYD
Australia Southeast (Melbourne) - MEL
India South (Hyderabad) - HYD
India West (Mumbai) - BOM
Japan Central (Osaka) - KIX
Japan East (Tokyo) - NRT
Singapore (Singapore) - SIN
South Korea Central (Seoul) - ICN
South Korea North (Chuncheon) - YNY
|Europe, Middle East, Africa (EMEA)||
France Central (Paris) - CDG
France South (Marseille) - MRS
Germany Central (Frankfurt) - FRA
Israel Central (Jerusalem) - MTZ
Italy Northwest (Milan) - LIN
Netherlands Northwest (Amsterdam) - AMS
Saudi Arabia West (Jeddah) - JED
South Africa Central (Johannesburg) - JNB
Spain Central (Madrid) - MAD
Sweden Central (Stockholm) - ARN
Switzerland North (Zurich) - ZRH
UAE Central (Abu Dhabi) - AUH
UAE East (Dubai) - DXB
UK South (London) - LHR
UK West (Newport) - CWL
Serbia Central (Jovanovac) - BEG *
|North America (NA)||
Canada Southeast (Montreal) - YUL
Canada Southeast (Toronto) - YYZ
Mexico Central (Queretaro) - QRO
Mexico Northeast (Monterrey) - MTY
US East (Ashburn) - IAD
US Midwest (Chicago) - ORD
US West (Phoenix) - PHX
US West (San Jose) - SJC
|Latin America Division (LAD)||
Brazil East (Sao Paulo) - GRU
Brazil Southeast (Vinhedo) - VCP
Chile Central (Santiago) - SCL
Colombia Central (Bogota) - BOG
|* BGP route sharing of routes in other commercial regions to on-premises networks is not available for Serbia Central (Jovanovac).|
Oracle Cloud Infrastructure Classic Regional Routes