1. Using Oracle Cloud Infrastructure Compute Classic
  2. Configuring IP Networks
  3. Managing IP Address Prefix Sets

Managing IP Address Prefix Sets

Topics

Creating an IP Address Prefix Set

An IP address prefix set contains a set of IPv4 addresses in the CIDR address prefix format. When you create a security rule, you can specify a list of IP address prefix sets as the source or destination for permitted traffic.

To complete this task, you must have the Compute_Operations role. If this role isn’t assigned to you or you’re not sure, then ask your system administrator to ensure that the role is assigned to you in Oracle Cloud Infrastructure Classic Console. See Modifying User Roles in Managing and Monitoring Oracle Cloud.

  1. Sign in to the Compute Classic console. If your domain spans multiple sites, select the appropriate site. To change the site, click the Site menu near the top of the page.
  2. Click the Network tab.
  3. In the Network drop-down list, expand IP Network, and then click IP Address Prefix Sets.
  4. Click Create IP Address Prefix Set.
  5. Select or enter the required information:
    • Name: Enter a name for the IP address prefix set.
    • IP Address Prefixes: Enter a set of IPv4 addresses in CIDR address prefix format.

      The maximum number of IP address prefixes that you can specify in an IP address prefix set is limited to 2047.

    • Description: Enter a meaningful description for the IP address prefix set.
    • Tags: Enter one or more tags to help you identify the IP address prefix set.
  6. Click Create.
    The IP address prefix set is created.

To create an IP address prefix set using the CLI, use the opc compute ip—address—prefix—set add command. For help with that command, run the command with the -h option. For the instructions to install the CLI client, see Preparing to Use the Compute Classic CLI in CLI Reference for Oracle Cloud Infrastructure Compute Classic.

To create an IP address prefix set using the API, use the POST /network/v1/ipaddressprefixset/ method. See REST API for Oracle Cloud Infrastructure Compute Classic.

You can also create an IP address prefix set by using an orchestration. See Orchestration v1 Attributes Specific to Each Object Type or Orchestration v2 Attributes Specific to Each Object Type.

After creating an IP address prefix set, to update or delete the IP address prefix set, see Updating an IP Address Prefix Set or Deleting an IP Address Prefix Set. To use an IP address prefix set in a security rule, see Creating a Security Rule for IP Networks.

Listing IP Address Prefix Sets

After creating IP address prefix sets, you can view a list of your IP address prefix sets along with information about the IP address prefixes in each set and the security rules that each IP address prefix set is used in.

To complete this task, you must have the Compute_Monitor or Compute_Operations role. If this role isn’t assigned to you or you’re not sure, then ask your system administrator to ensure that the role is assigned to you in Oracle Cloud Infrastructure Classic Console. See Modifying User Roles in Managing and Monitoring Oracle Cloud.

  1. Sign in to the Compute Classic console. If your domain spans multiple sites, select the appropriate site. To change the site, click the Site menu near the top of the page.
  2. Click the Network tab.
  3. In the Network drop-down list, expand IP Network, and then click IP Address Prefix Sets.
The IP Address Prefix Sets page displays a list of IP address prefix sets, along with information about each IP address prefix set, such as its name, description, the IP address prefixes contained in this set, and the security rules that specify this IP address prefix set as a source or destination.

To list IP address prefix sets using the CLI, use the opc compute ip—address—prefix—set list command. For help with that command, run the command with the -h option. For the instructions to install the CLI client, see Preparing to Use the Compute Classic CLI in CLI Reference for Oracle Cloud Infrastructure Compute Classic.

To list IP address prefix sets using the API, use the GET /network/v1/ipaddressprefixset/container/ method. See REST API for Oracle Cloud Infrastructure Compute Classic.

After listing IP address prefix sets, to update or delete an IP address prefix set, see Updating an IP Address Prefix Set or Deleting an IP Address Prefix Set. To use an IP address prefix set in a security rule, see Creating a Security Rule for IP Networks.

Updating an IP Address Prefix Set

After creating an IP address prefix set, if required, you can modify the IP address prefixes in that set. You can also change the description or tags of an IP address prefix set.

Prerequisites

  • To complete this task, you must have the Compute_Operations role. If this role isn’t assigned to you or you’re not sure, then ask your system administrator to ensure that the role is assigned to you in Oracle Cloud Infrastructure Classic Console. See Modifying User Roles in Managing and Monitoring Oracle Cloud.

Note:

You should always use your orchestrations to manage resources that you’ve created using orchestrations. Don’t, for example, use the web console or the CLI or REST API to update an object that you created using an orchestration. This could cause your orchestration to either attempt to re-create the object and associated resources, or to go into an error state. See Workflows for Updating Orchestrations v2.

  1. Sign in to the Compute Classic console. If your domain spans multiple sites, select the appropriate site. To change the site, click the Site menu near the top of the page.
  2. Click the Network tab.
  3. In the Network drop-down list, expand IP Network, and then click IP Address Prefix Sets.
  4. Go to the IP address prefix set that you want to update, and from the menu icon menu, select Update.
  5. Update the information, as required:
    • IP Address Prefixes: Enter the set of IPv4 addresses in CIDR address prefix format.

      The maximum number of IP address prefixes that you can specify in an IP address prefix set is limited to 2047.

    • Description: Update the description, if required.
    • Tags: Update the tags, if required.
  6. Click Update.
    The IP address prefix set is updated.

To update an IP address prefix set using the CLI, use the opc compute ip—address—prefix—set update command. For help with that command, run the command with the -h option. For the instructions to install the CLI client, see Preparing to Use the Compute Classic CLI in CLI Reference for Oracle Cloud Infrastructure Compute Classic.

To update an IP address prefix set using the API, use the PUT /network/v1/ipaddressprefixset/name method. See REST API for Oracle Cloud Infrastructure Compute Classic.

After updating an IP address prefix set, to use the IP address prefix set in a security rule, see Creating a Security Rule for IP Networks.

Deleting an IP Address Prefix Set

If you no longer use an IP address prefix set as a source or destination in any security list, you can delete the IP address prefix set.

Prerequisites

  • Ensure that the IP address prefix set that you want to delete isn’t referenced in any security rule. If you delete an IP address prefix set that is referenced in a security rule, that security rule won’t be used.

  • To complete this task, you must have the Compute_Operations role. If this role isn’t assigned to you or you’re not sure, then ask your system administrator to ensure that the role is assigned to you in Oracle Cloud Infrastructure Classic Console. See Modifying User Roles in Managing and Monitoring Oracle Cloud.

Note:

You should always use your orchestrations to manage resources that you’ve created using orchestrations. Don’t, for example, use the web console or the CLI or REST API to delete an object that you created using an orchestration. This could cause your orchestration to either attempt to re-create the object and associated resources, or to go into an error state.

If you created the object using orchestration v1, then you can delete the object by terminating the orchestration. See Terminating an Orchestration v1.

If you created the object using an orchestration v2, then you can delete the object by suspending, terminating, or updating the orchestration. See Suspending an Orchestration v2, Terminating an Orchestration v2, or Updating an Orchestration v2.

Procedure

  1. Sign in to the Compute Classic console. If your domain spans multiple sites, select the appropriate site. To change the site, click the Site menu near the top of the page.
  2. Click the Network tab.
  3. In the Network drop-down list, expand IP Network, and then click IP Address Prefix Sets.
  4. Go to the IP address prefix set that you want to delete, and from the menu icon menu, select Delete.

To delete an IP address prefix set using the CLI, use the opc compute ip—address—prefix—set delete command. For help with that command, run the command with the -h option. For the instructions to install the CLI client, see Preparing to Use the Compute Classic CLI in CLI Reference for Oracle Cloud Infrastructure Compute Classic.

To delete an IP address prefix set using the API, use the DELETE /network/v1/ipaddressprefixset/name method. See REST API for Oracle Cloud Infrastructure Compute Classic.