1. Concepts Guide
  2. Virtual Networking Overview
  3. Virtual Cloud Network

Virtual Cloud Network

A virtual cloud network, or VCN, is a software-defined equivalent of a traditional network, with firewall rules and various types of communication gateways. A VCN resides in the single region of your Private Cloud Appliance installation and covers one contiguous CIDR block of your choice.

The size of a VCN is /16 to /30. The CIDR block can NOT be changed after the VCN is created. The maximum number of private IPs within a VCN is 64,000. Oracle recommends using a private IP address range as specified in RFC 1918 (10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16). This documentation uses the term private IP address when referring to IP addresses in your VCN's CIDR.

You can privately connect a VCN to another VCN so that traffic does not leave the secure network environment of the appliance. However, the CIDRs of the two VCNs must not overlap. The concept of privately connecting VCNs is called peering. It involves setting up a type of virtual router known as a Local Peering Gateway. For more information about the use of gateways in your VCNs, see Network Gateways.

Subnets

A VCN is subdivided into subnets. Each subnet in a VCN consists of a contiguous range of IPv4 addresses that do not overlap with other subnets in the VCN. Example: 172.16.1.0/24. The first two IPv4 addresses and the last in the subnet's CIDR are reserved by the Networking service. You cannot change the size of the subnet after creation.

Subnets act as a unit of configuration: all instances in a given subnet use the same route table, security lists, and DHCP options. Subnets can be either public or private. This is defined when the subnet is created, and cannot be changed later. In a private subnet, instances cannot be assigned a public IP address.

You can think of a compute instance as residing in a subnet. However, to be precise, each instance is attached to a virtual network interface card (VNIC), which in turn resides in the subnet and enables a network connection for that instance.

IPv6 addressing is currently not supported in Private Cloud Appliance.

Route Tables

Each VCN automatically comes with an empty default route table. Subnets use the default route table of the parent VCN, unless you explicitly assign them a different route table. When you add route rules to your VCN, you can simply add them to the default table if that suits your needs. However, if you need both a public subnet and a private subnet, you instead create a separate custom route table for each subnet.

The primary routing scenario is for sending a subnet's traffic to destinations outside the VCN. A subnet has a single route table of your choice associated with it at the time of creation. All VNICs in that subnet are subject to the rules in the route table. Traffic within the VCN is automatically handled by the VCN internal routing. No route rules are required to enable that traffic. You can change which route table the subnet uses at any time. You can also edit a route table's rules, or remove all the rules from the table.

A route rule specifies a destination CIDR block and the target, or the next hop, for any traffic that matches that CIDR. When selecting the target you also specify its compartment. Supported target types for a route rule are the different VCN gateways.

Route rules must be configured carefully to ensure that the network traffic reaches the intended destination and is not dropped. Moving route rules between compartments is not supported.