Managing IP Networks

An IP network allows you to define an IP subnet in your account. The address range of the IP network is determined by the IP address prefix that you specify while creating the IP network. These IP addresses aren’t part of the common pool of Oracle-provided IP addresses used by the shared network. When you add an instance to an IP network, the instance is assigned an IP address in that subnet. You can assign IP addresses to instances either statically or dynamically, depending on your business needs. So you have complete control over the IP addresses assigned to your instances.

Creating an IP Network

To complete this task, you must have the Compute_Operations role. If this role isn’t assigned to you or you’re not sure, then ask your system administrator to ensure that the role is assigned to you in Oracle Cloud My Services. See Modifying User Roles in Managing and Monitoring Oracle Cloud.

  1. Sign in to the Compute Classic console. If your domain spans multiple sites, select the appropriate site. To change the site, click the Site menu near the top of the page.
  2. Click the Network tab.
  3. In the Network drop-down list, expand IP Network, and then click IP Networks.
  4. Click Create IP Network.
  5. Select or enter the required information:
    • Name: Enter a name for the IP network.

    • IP Address Prefix: Enter the IP address prefix for this IP network, in CIDR format. When you create instances, you can associate a vNIC on the instance with an IP network. That vNIC on the instance is then allocated an IP address from the specified IP network.

      Select the IP address prefix for your IP networks carefully. Consider the number of instances that you might want to add to the network. This will help determine the size of the subnet required.

      The prefix length of the IP address prefix that you specify in an IP network should be between /16 to /30.

      If you create multiple IP networks and you might want to add these IP networks to the same IP network exchange, then ensure that you don’t allocate overlapping address ranges to these IP networks.

      Similarly, if you plan to connect to your IP networks using VPN, then ensure that the addresses you specify for your IP networks don’t overlap with each other, or with the IP addresses used in your on-premises network.

      Note:

      RFC 6598 addresses aren’t supported.

    • IP Exchange: Specify the IP network exchange that you want to add this IP network to. An IP network can belong to only one IP network exchange. Before you specify an IP network exchange for an IP network, ensure that the IP addresses in this IP network don’t overlap the IP addresses in any other network in the same IP network exchange. If you don’t specify an IP network exchange while creating an IP network, you can do so later, by updating an IP network.

      If you want to connect IP networks by using an IP network exchange, it is recommended that you do this before creating instances with an interface on those IP networks. This ensures that routes are appropriately configured on instances by the DHCP client during instance initialization.

    • Description: Enter a meaningful description for your IP network, if required.

    • Tags: Enter a list of the tags that you want to associate with your IP network, if required.

  6. Click Create.
    The IP network is created and added to the specified IP network exchange.

Other Ways of Creating an IP Network

To create an IP network using the CLI, use the opc compute ip-network add command. For help with that command, run the command with the -h option. For the instructions to install the CLI client, see Preparing to Use the Compute Classic CLI in CLI Reference for Oracle Cloud Infrastructure Compute Classic.

To create an IP network using the API, use the POST /network/v1/ipnetwork/ method. See REST API for Oracle Cloud Infrastructure Compute Classic.

You can also create an IP network by using an orchestration. See Orchestration v1 Attributes Specific to Each Object Type or Orchestration v2 Attributes Specific to Each Object Type.

To add an instance to an IP network, you must specify the IP network attributes while creating the instance. See Adding an Instance to an IP Network.

Listing IP Networks

After creating IP networks, you can view a list of your IP networks along with information about the IP address prefix of the IP network, and the IP network exchange you’ve added the IP network to, if any.

To complete this task, you must have the Compute_Monitor or Compute_Operations role. If this role isn’t assigned to you or you’re not sure, then ask your system administrator to ensure that the role is assigned to you in Oracle Cloud My Services. See Modifying User Roles in Managing and Monitoring Oracle Cloud.

  1. Sign in to the Compute Classic console. If your domain spans multiple sites, select the appropriate site. To change the site, click the Site menu near the top of the page.
  2. Click the Network tab.
  3. In the Network drop-down list, expand IP Network, and then click IP Networks.
The IP Networks page displays a list of IP networks, along with information about each network, such as the IP address prefix of the network, the IP network exchange it belongs to, and the description.

To list IP networks using the CLI, use the opc compute ip-network list command. For help with that command, run the command with the -h option. For the instructions to install the CLI client, see Preparing to Use the Compute Classic CLI in CLI Reference for Oracle Cloud Infrastructure Compute Classic.

To list IP networks using the API, use the GET /network/v1/ipnetwork/container/ method. See REST API for Oracle Cloud Infrastructure Compute Classic.

Next, if you want to change the IP address prefix, IP network exchange, or description of an IP network, see Updating an IP Network.

If you want to add an instance to an IP network, you must specify the IP network attributes while creating the instance. See Adding an Instance to an IP Network.

Adding an Instance to an IP Network

You can specify the IP networks that you want to add an instance to only when you create the instance. You can’t add an instance to IP networks or change the IP networks that you’ve added an instance to after you’ve created the instance.

To specify the IP networks that you want to add an instance to:

While adding interfaces to IP networks, you can also specify a static IP address for each interface. If you don’t specify a static IP address, then an IP address is allocated dynamically from the specified IP network. This IP address might change each time you re-create your instance.

Note:

A dynamic IP address is useful if you might need to update the IP address of your IP networks. If an instance has a dynamic IP address, then, if you update the IP address of an IP network, you can restart the instance orchestration to ensure that the instance is allocated a valid IP address from the updated network. However, if an instance has a static IP address, then if you update the IP address of an IP network, the instance will go into an error state. You’ll have to update the instance orchestration to specify a valid IP address in the updated IP network.

You can’t remove an instance from an IP network after you’ve created the instance. However, if you don’t require an IP network any more, you can delete the IP network. The corresponding interface on each instance that was added to that IP network then becomes unreachable. See Deleting an IP Network.

Updating an IP Network

After creating an IP network, if required, you can update the network. Updating an IP network allows you to modify all attributes of an IP network, except the name.

Prerequisites

  • To complete this task, you must have the Compute_Operations role. If this role isn’t assigned to you or you’re not sure, then ask your system administrator to ensure that the role is assigned to you in Oracle Cloud My Services. See Modifying User Roles in Managing and Monitoring Oracle Cloud.

Note:

You should always use your orchestrations to manage resources that you’ve created using orchestrations. Don’t, for example, use the web console or the CLI or REST API to update an object that you created using an orchestration. This could cause your orchestration to either attempt to re-create the object and associated resources, or to go into an error state. See Workflows for Updating Orchestrations v2.

  1. Sign in to the Compute Classic console. If your domain spans multiple sites, select the appropriate site. To change the site, click the Site menu near the top of the page.
  2. Click the Network tab.
  3. In the Network drop-down list, expand IP Network, and then click IP Networks.
  4. Go to the IP network that you want to update, and from the menu icon menu, select Update.
  5. You can update the following information:
    • IP Address Prefix: The IP address prefix for this IP network, in CIDR format. You can change the specified IP address prefix for the network even after you’ve created the network and attached instances to it. However, when you change an IP address prefix, it could cause the IP addresses currently assigned to existing instances to fall outside the specified IP network. If this happens, all traffic to and from those vNICs will be dropped.

      If the IP address of an instance is dynamically allocated, stopping the instance orchestration and restarting it will reassign a valid IP address from the IP network to the instance.

      However, if the IP address of an instance is static — that is, if the IP address is specified in the instance orchestration while creating the instance — then the IP address can’t be updated by stopping the instance orchestration and restarting it. You must manually update the orchestration to assign a valid IP address to the vNIC attached to that IP network.

      It is therefore recommended that if you update an IP network, you only expand the network by specifying the same IP address prefix but with a shorter prefix length. For example, you can expand 192.168.1.0/24 to 192.168.1.0/20. Don’t, however, change the IP address of the network. This ensures that all IP addresses that have been currently allocated to instances remain valid in the updated IP network.

      The prefix length of the IP address prefix that you specify in an IP network should be between /16 to /30.

      If this IP network belongs to an IP exchange, then ensure that after updating the IP network address, the IP address prefix for this IP network doesn’t overlap with the IP address prefix assigned to another IP network that is part of the same IP network exchange.

      Similarly, if you plan to connect to your IP networks using VPN, then ensure that the addresses you specify for your IP networks don’t overlap with each other, or with the IP addresses used in your on-premises network.

      If you need to increase the size of the subnet of an IP network, instead of updating the IP address prefix, consider creating a separate IP network and adding it to an IP exchange. That way, you don’t risk disrupting the IP addresses already allocated to existing instances, or overlapping with IP addresses on another IP network.

      Note:

      RFC 6598 addresses aren’t supported.

    • IP Exchange: The IP network exchange that you want to add this IP network to. An IP network can belong to only one IP network exchange. Before you specify an IP network exchange for an IP network, ensure that the IP addresses in this IP network don’t overlap the IP addresses in any other network in the same IP network exchange.

      If you want to connect IP networks by using an IP network exchange, it is recommended that you do this before creating instances with an interface on those IP networks. This ensures that routes are appropriately configured on instances by the DHCP client during instance initialization.

    • Description: Update the description, if required.

    • Tags: Update the list of tags associated with your IP network, if required.

To update an IP network using the CLI, use the opc compute ip-network update command. For help with that command, run the command with the -h option. For the instructions to install the CLI client, see Preparing to Use the Compute Classic CLI in CLI Reference for Oracle Cloud Infrastructure Compute Classic.

To update an IP network using the API, use the PUT /network/v1/ipnetwork/name method. See REST API for Oracle Cloud Infrastructure Compute Classic.

Deleting an IP Network

If you no longer need an IP network, you can delete it.

Here’s what happens when you delete an IP network:

  • If any instances had interfaces on that network, those interfaces will be unreachable after the IP network is deleted. However, the instance itself won’t show any error and can still be reached on other interfaces.

  • If the IP network that you want to delete is used as a destination in a route, traffic sent over that route won’t reach its destination when the IP network is deleted. However, if you create another IP network with the same IP address prefix, then the route will apply to that destination.

  • If any vNICs on an IP network are used in a route, then if you delete that IP network, those vNICs will become unreachable. Any other vNICs in the same vNICset will continue to be used to route traffic. If all vNICs in a vNICset become unreachable, then any routes that use the vNICset won’t work.

Prerequisites

  • To complete this task, you must have the Compute_Operations role. If this role isn’t assigned to you or you’re not sure, then ask your system administrator to ensure that the role is assigned to you in Oracle Cloud My Services. See Modifying User Roles in Managing and Monitoring Oracle Cloud.

Note:

You should always use your orchestrations to manage resources that you’ve created using orchestrations. Don’t, for example, use the web console or the CLI or REST API to delete an object that you created using an orchestration. This could cause your orchestration to either attempt to re-create the object and associated resources, or to go into an error state.

If you created the object using orchestration v1, then you can delete the object by terminating the orchestration. See Terminating an Orchestration v1.

If you created the object using an orchestration v2, then you can delete the object by suspending, terminating, or updating the orchestration. See Suspending an Orchestration v2, Terminating an Orchestration v2, or Updating an Orchestration v2.

  1. Sign in to the Compute Classic console. If your domain spans multiple sites, select the appropriate site. To change the site, click the Site menu near the top of the page.
  2. Click the Network tab.
  3. In the Network drop-down list, expand IP Network, and then click IP Networks.
  4. Identify the IP network that you want to delete. From the menu icon menu, select Delete.

To delete an IP network using the CLI, use the opc compute ip-network delete command. For help with that command, run the command with the -h option. For the instructions to install the CLI client, see Preparing to Use the Compute Classic CLI in CLI Reference for Oracle Cloud Infrastructure Compute Classic.

To delete an IP network using the API, use the DELETE /network/v1/ipnetwork/name method. See REST API for Oracle Cloud Infrastructure Compute Classic.