1. User Guide
  2. Networking
  3. Managing VCNs and Subnets

Managing VCNs and Subnets

The VCN is the basic networking unit of the Oracle Private Cloud Appliance product. VCNs can be further divided into IP subnets, and individual VCNs can communicate with each other through various types of gateways, each type intended for a particular purpose.

Creating a VCN

The VCN is the basic networking unit of the Oracle Private Cloud Appliance product. VCNs can be further divided into IP subnets. VCNs can communicate with each other through various types of gateways, each type intended for a particular purpose.

Using the Compute Web UI

  1. Open the Navigation Menu. Under Networking, click Virtual Cloud Networks.

  2. Click the Create Virtual Cloud Network button to open the Create Virtual Cloud Network dialog.

  3. Enter the following information:

    • Name: Enter a descriptive name for the VCN.

    • Compartment: Select the compartment in which to create the VCN.

    • CIDR Block: Specify which CIDR range can be used within the VCN.

    • DNS: If you check the box to use DNS host names in this VCN, then you can either enter a DNS label or leave the field blank to let the system generate a label for you. The first character of the label must be a letter. Only use letters and numbers. Up to 15 characters are allowed.

  4. Optionally, add one or more tags to this VCN resource.

    For more information about tagging, see Working with Resource Tags. If you are not sure whether to apply tags, skip this option (you can apply tags later) or ask your administrator.

  5. Click the Create Virtual Cloud Network button in the dialog. The details page of the new VCN is displayed.

Using the OCI CLI

  1. Gather the information that you need to run the command:

    • Compartment OCID (oci iam compartment list --compartment-id-in-subtree true)

  2. Enter the vcn create command using at least the compartment OCID and CIDR block options.

    If you want to use DNS host names in the VCN, include the DNS label in the create command. It cannot be added later.

    Optionally, set a descriptive name for the VCN.

    $ oci network vcn create --compartment-id compartment_OCID \
--cidr-blocks '["10.0.0.0/16"]' --dns-label vcn1 --display-name VCN1
{
  "data": {
    "cidr-block": "10.0.0.0/16",
    "cidr-blocks": [
      "10.0.0.0/16"
    ],
    "compartment-id": "ocid1.compartment.unique_ID",
    "default-dhcp-options-id": "ocid1.dhcpoptions.unique_ID",
    "default-route-table-id": "ocid1.routetable.unique_ID",
    "default-security-list-id": "ocid1.security_list.unique_ID",
    "defined-tags": {},
    "display-name": "VCN1",
    "dns-label": "vcn1",
    "freeform-tags": {},
    "id": "ocid1.vcn.unique_ID",
    "ipv6-cidr-block": null,
    "ipv6-private-cidr-block": null,
    "lifecycle-state": "PROVISIONING",
    "time-created": "2022-04-27T04:34:58.722835+00:00",
    "vcn-domain-name": "vcn1.oraclevcn.com"
  },
  "etag": "a555bf2a-0764-4389-8d72-e9a746f63a78"
}

Creating a Subnet

VCNs can be divided into subnets. Although it is possible to have an enormous VCN with a thousand IP addresses, it often makes sense from a performance and fault isolation standpoint to create multiple subnets within a VCN. The subnets can still communicate if configured properly.

IP subnet calculation can be a difficult task, especially when figuring out which IP addresses in the range are reserved. The wide range of allowable CIDR block addresses complicates the issue. Free subnet calculation tools available online can help, such as https://www.calculator.net/ip-subnet-calculator.html.

Using the Compute Web UI

  1. Open the Navigation Menu. Under Networking, click Virtual Cloud Networks.

  2. Click the name of the VCN in which you want to create a new subnet. The VCN details page is displayed.

  3. In the Resources section, click Subnets.

  4. Click the Create Subnet button at the top of the subnets list to open the Create Subnet dialog.

  5. Enter the following information:

    • Name: Enter a descriptive name for the subnet.

    • Create in Compartment: Select the compartment where you want to create this subnet.

    • CIDR Block: Specify which CIDR range can be used within the subnet. It must be within the VCN CIDR block and must not overlap with other subnets.

    • Route Table (Optional): Select the route table to associate with this subnet. You might need to change the compartment selection. If you do not select a route table, the VCN default route table is used.

    • Private or Public Subnet: If you select Private Subnet, instances in this subnet are not allowed to obtain a public IP address.

    • DNS Hostnames (Optional): Check this box if you want to be able to assign a DNS hostname when you launch an instance in this subnet. If you check the box, enter a DNS label that is unique across the system.

    • DHCP Options (Optional): Select the set of DHCP options to associate with the subnet. You might need to change the compartment selection. If you do not select a set of options, the VCN default set is used.

    • Security Lists (Optional): If you want a security list for this subnet, click the +Add Security List button. Select a security list to associate with the subnet. You might need to change the compartment selection. If you want another security list, click the +Add Security List button and select another security list. If you do not select a security list, the VCN default security list is used.

  6. Optionally, add one or more defined or free-form tags to this subnet as described in Adding Tags at Resource Creation. Tags can also be applied later.

  7. Click the Create Subnet button in the dialog. The details page of the new subnet is displayed.

Using the OCI CLI

  1. Gather the information that you need to run the command:

    • Compartment OCID (oci iam compartment list --compartment-id-in-subtree true)

    • VCN OCID (oci network vcn list --compartment-id <compartment_OCID>)

  2. Enter the subnet create command using at least the compartment ID, VCN ID and CIDR block options.

    If you want to use DNS host names in the subnet, include the DNS label in the create command. It cannot be added later. This option is available only if you provided a DNS label for the VCN during creation.

    This example also sets a descriptive name for the subnet. No set of DHCP options is specified, so the subnet will use the VCN default set.

    $ oci network subnet create --compartment-id compartment_OCID \
--vcn-id vcn_OCID --cidr-block 10.0.1.0/24 --dns-label subnet1 \
--display-name NoPublicIP
{
  "data": {
    "availability-domain": "AD-1",
    "cidr-block": "10.0.1.0/24",
    "compartment-id": "ocid1.compartment.unique_ID",
    "defined-tags": {},
    "dhcp-options-id": "ocid1.dhcpoptions.unique_ID",
    "display-name": "NoPublicIP",
    "dns-label": "subnet1",
    "freeform-tags": {},
    "id": "ocid1.subnet.unique_ID",
    "ipv6-cidr-block": null,
    "ipv6-virtual-router-ip": null,
    "lifecycle-state": "PROVISIONING",
    "prohibit-internet-ingress": null,
    "prohibit-public-ip-on-vnic": true,
    "route-table-id": "ocid1.routetable.unique_ID",
    "security-list-ids": [
      "ocid1.security_list.unique_ID"
    ],
    "subnet-domain-name": "subnet1.vcn1.oraclevcn.com",
    "time-created": "2022-04-27T04:41:54.984856+00:00",
    "vcn-id": "ocid1.vcn.unique_ID",
    "virtual-router-ip": "10.0.1.1",
    "virtual-router-mac": "00:13:97:0e:8f:ff"
  },
  "etag": "30d67d2d-5e11-4b13-9607-1948c52a78f5"
}

Editing a Subnet

You can change the name of the subnet, the route tables and security lists used by the subnet, and DHCP options.

Using the Compute Web UI

  1. Open the Navigation Menu. Under Networking, click Virtual Cloud Networks.

  2. Click the name of the VCN that contains the subnet you want to edit. The VCN details page is displayed.

  3. In the Subnets list in the Resources section, locate the subnet that you want to edit. In the Actions menu, click Edit to open the Edit Subnet window.

  4. Make the changes to the subnet. The following properties can be edited:

    • Name: Change the name of the subnet.

    • Route Table: Select a different route table for this subnet. You might need to change the compartment selection.

    • DHCP Options: Select a different set of DHCP options for this subnet. You might need to change the compartment selection.

    • Security Lists: Select different or additional security lists for this subnet. You might need to change the compartment selection.

  5. Optionally, add or delete tags for this subnet.

    For more information about tagging, see Working with Resource Tags. If you are not sure whether to apply tags, skip this option (you can apply tags later) or ask your administrator.

  6. Click Save Changes. The subnet properties are updated.

Using the OCI CLI

  1. Gather the information that you need to run the command:

    • Compartment OCID (oci iam compartment list --compartment-id-in-subtree true)

    • You might also need OCIDs for a route table, DHCP options set, or security lists.

  2. Enter the subnet update command using the subnet OCID and the parameters you want to change.

    This example changes the DHCP options and route table for the subnet.

    $ oci network subnet update --subnet-id ocid1.subnet.unique_ID \
--dhcp-options-id ocid1.dhcpoptions.unique_ID \
--route-table-id ocid1.routetable.unique_ID
{
  "data": {
    "availability-domain": "AD-1",
    "cidr-block": "10.0.1.0/24",
    "compartment-id": "ocid1.compartment.unique_ID,
    "defined-tags": {},
    "dhcp-options-id": "ocid1.dhcpoptions.unique_ID",
    "display-name": "NoPublicIP",
    "dns-label": "subnet1",
    "freeform-tags": {},
    "id": "ocid1.subnet.unique_ID",
    "ipv6-cidr-block": null,
    "ipv6-virtual-router-ip": null,
    "lifecycle-state": "AVAILABLE",
    "prohibit-internet-ingress": null,
    "prohibit-public-ip-on-vnic": true,
    "route-table-id": "ocid1.routetable.unique_ID",
    "security-list-ids": [
      "ocid1.securitylist.unique_ID"
    ],
    "subnet-domain-name": "subnet1.vcn1.oraclevcn.com",
    "time-created": "2022-04-27T04:41:54.984856+00:00",
    "vcn-id": "ocid1.vcn.unique_ID",
    "virtual-router-ip": "10.0.1.1",
    "virtual-router-mac": "00:13:97:0e:8f:ff"
  },
  "etag": "30d67d2d-5e11-4b13-9607-1948c52a78f5"
}

Deleting a Subnet

A subnet can only be deleted if it is empty. Before deleting a subnet, make sure that all compute instances and other resources have been deleted.

Using the Compute Web UI

  1. Open the Navigation Menu. Under Networking, click Virtual Cloud Networks.

  2. Click the name of the VCN that contains the subnet you want to delete. The VCN details page is displayed.

  3. In the Subnets list in the Resources section, locate the subnet to delete. In the Actions menu, click Delete. Confirm the operation when prompted.

Using the OCI CLI

  1. Get the OCID of the subnet you want to delete (oci network subnet list -c compartment_OCID)

  2. Enter the subnet delete command. 

    $ oci network subnet delete --subnet-id subnet_OCID
Are you sure you want to delete this resource? [y/N]: y

Terminating a VCN

A VCN can only be terminated if it is empty. Before terminating a VCN, make sure that all subnets, route tables, gateways, and other resources have been deleted.

Using the Compute Web UI

  1. Open the Navigation Menu. Under Networking, click Virtual Cloud Networks.

  2. Click the name of the VCN that you want to terminate. The VCN details page is displayed. Check that the Resources list is empty.

  3. Click the Terminate button. Confirm the operation when prompted.

Using the OCI CLI

  1. Get the OCID of the VCN you want to delete (oci network vcn list -c compartment_OCID)

  2. Enter the vcn delete command. 

    $ oci network vcn delete --vcn-id vcn_OCID
Are you sure you want to delete this resource? [y/N]: y