Private IP Addresses

This topic describes how to manage the IPv4 addresses assigned to an instance in a virtual cloud network (VCN).

IPv6 addressing is supported for all commercial and government regions. For more information, see IPv6 Addresses.

Overview of IP Addresses

Instances use IP addresses for communication. Each instance has at least one private IP address and optionally one or more public IP addresses. A private IP address enables the instance to communicate with other instances inside the VCN, or with hosts in your on-premises network (via Site-to-Site VPN or Oracle Cloud Infrastructure FastConnect). A public IP address enables the instance to communicate with hosts on the internet. For more information, see these related topics:

About the Private IP Object

The Networking service defines an object called a private IP, which consists of:

Each private IP object has an Oracle-assigned OCID (see Resource Identifiers). If you're using the API, you can also assign each private IP object a friendly name.

Each instance receives a primary private IP object during launch. The Networking service uses the Dynamic Host Configuration Protocol (DHCP) to pass the object's private IP address to the instance. This address does not change during the instance's lifetime and cannot be removed from the instance. The private IP object is terminated when the instance is terminated.

If an instance has any secondary VNICs attached, each of those VNICs also has a primary private IP.

A private IP can have a public IP assigned to it at your discretion.

A private IP can be the target of a route rule in your VCN. For more information, see Using a Private IP as a Route Target.

About Secondary Private IP Addresses

You can add a secondary private IP to an instance after it's launched. You can add it to either the primary VNIC or a secondary VNIC on the instance. The secondary private IP address must come from the CIDR of the VNIC's subnet. You can move a secondary private IP from a VNIC on one instance to a VNIC on another instance if both VNICs belong to the same subnet.

Here are a few reasons why you might use secondary private IPs:

  • Instance failover: You assign a secondary private IP to an instance. Then if the instance has problems, you can easily reassign that secondary private IP to a standby instance in the same subnet. If the secondary private IP has a public IP assigned to it, that public IP moves along with the private IP.
  • Running multiple services or endpoints on a single instance: For example, you could have multiple container pods running on a single instance, and each uses an IP address from the VCN's CIDR. The containers have direct connectivity to other instances and services in the VCN. Another example: you could run multiple SSL websites with each one using its own IP address.

Here are more details about secondary private IP addresses:

  • They're supported for all shapes and OS types, for both bare metal and VM instances.
  • A VNIC can have a maximum of 33 private IPv4 addresses: 1 primary private IP address and 32 secondary private IP addresses. A VNIC can also have 32 secondary IPv6 addresses. A VNIC's primary address can be either IPv4 or IPv6 if the subnet allows IPv6 addressing.
  • They can be assigned only after the instance is launched (or the secondary VNIC is created/attached).
  • A secondary private IP that is assigned to a VNIC in a regional subnet has a null availability domain attribute. Compare this with the VNIC's primary private IP, which always has its availability domain attribute set to the instance's availability domain, regardless of whether the instance's subnet is regional or AD-specific.
  • Deleting a secondary private IP from a VNIC returns the address to the pool of available addresses in the subnet.
  • They are automatically deleted when you terminate the instance (or detach/delete the secondary VNIC).
  • The instance's bandwidth is fixed regardless of the number of private IP addresses attached. You can't specify a bandwidth limit for a particular IP address on an instance.
  • A secondary private IP can have a reserved public IP assigned to it at your discretion.

IP Address Information in the Instance Metadata

The instance metadata includes information about the private IP addresses at this URL:

Here's an example response:

[ {
  "vnicId" : "ocid1.vnic.oc1.sea.<unique_ID>",
  "privateIp" : "",
  "vlanTag" : 11,
  "macAddr" : "00:00:00:00:00:01",
  "virtualRouterIp" : "",
  "subnetCidrBlock" : ""
}, {
  "vnicId" : "ocid1.vnic.oc1.sea.<unique_ID>",
  "privateIp" : "",
  "vlanTag" : 12,
  "macAddr" : "00:00:00:00:00:01",
  "virtualRouterIp" : "",
  "subnetCidrBlock" : ""
} ]

Required IAM Policy

To use Oracle Cloud Infrastructure, you must be granted security access in a policy  by an administrator. This access is required whether you're using the Console or the REST API with an SDK, CLI, or other tool. If you get a message that you don't have permission or are unauthorized, verify with your administrator what type of access you have and which compartment  to work in.

For administrators: see IAM Policies for Networking.