Note:

• This tutorial requires access to Oracle Cloud. To sign up for a free account, see Get started with Oracle Cloud Infrastructure Free Tier.
• It uses example values for Oracle Cloud Infrastructure credentials, tenancy, and compartments. When completing your lab, substitute these values with ones specific to your cloud environment.

Use Reserved Public IPs with Moving Instances in OCI Full Stack Disaster Recovery

Introduction

Oracle Cloud Infrastructure Full Stack Disaster Recovery (OCI Full Stack DR) orchestrates the transition of compute, database, and applications between Oracle Cloud Infrastructure (OCI) regions from around the globe with a single click. Customers can automate the steps needed to recover one or more business systems without redesigning or re-architecting existing infrastructure, databases, or applications and without needing specialized management or conversion servers.

A public IP address is an internet-reachable IPv4 address. Resources that need direct internet access must have one, though some may have additional requirements.

There are two types of public IP addresses in OCI:

• Ephemeral: Temporary and tied to the life of the instance. It goes away when the instance is terminated.
• Reserved: Persistent and can outlive the instance it is assigned to. You can unassign and reassign it to another instance anytime.

With this new feature, OCI Full Stack DR gives you more control over the assignment of public IPs. When adding a moving instance to an OCI Full Stack DR protection group, you can now choose a reserved public IP to be assigned to the instance in the destination (standby) region. This ensures that the instance is assigned an IP address you have specified, instead of be assigned a temporary (ephemeral) one automatically. For more information about OCI public IP address, see OCI Public IP address documentation.

In this tutorial, you will learn how to use reserved public IPs with moving instances in OCI Full Stack DR and perform the DR plan execution for a switchover operation.

Architecture Description

This tutorial uses a cold virtual machine (VM) DR (also known as pilot light) architecture. In this setup, the virtual machine runs only in the primary region. During a DR plan execution, the VM is created in the DR region.

To set this up in OCI Full Stack DR, make sure to select the OCI Compute instance as a moving instance when adding it as a member to the primary DR protection group. For any block storage attached to the compute instance, you will need to set up cross-region volume group replication using the OCI Block Storage service. This ensures your boot and block volumes are kept in sync and can be quickly recovered in the DR region.

When adding the compute instance as a member, you will have the option to select a pre-created reserved public IP in the destination (standby) region. If you choose this, OCI Full Stack DR will automatically assign that reserved IP when launching the instance during DR operations.This step is optional and if you skip it Full Stack DR will assign an ephemeral public IP instead. However, using a reserved IP is recommended if you want to maintain consistent public access to the instance after DR plan execution.

Definitions and Assumptions throughout the Tutorial

• Regions:

  • Region 1 is London: London will initially serve as the primary region. However, this role will transition to standby during the switchover process, which will be performed in the later tasks as part of the disaster recovery plan.

  • Region 2 is Frankfurt: Frankfurt will initially function as the standby region. This role will later transition to primary following the switchover process, which will be carried out in the subsequent tasks as part of the disaster recovery procedure.

• Compartments: You are free to organize this deployment and OCI Full Stack DR into any compartment scheme that works within your standards for IT governance. We have chosen to organize all the OCI resources for this tutorial in one single compartment.

Objectives

The following tasks will be covered in this tutorial:

• Task 1: Create reserved public IPs in both regions.
• Task 2: Create DR Protection Groups (DRPGs) in both regions.
• Task 3: Add members to the DRPG.
• Task 4: Create the DR plans in Region 2.
• Task 5: Validate the DR plans in Region 2.
• Task 6: Run the switchover plan in Region 2.
• Task 7: Create DR plans in Region 1.

Prerequisites

We will use the following resources to start with the tutorial. By the end of this tutorial, OCI Full Stack DR will create additional resources, such as an OCI Compute instance and volume group, in Region 2.

Resources	Region 1 - London	Region 2 - Frankfurt
Object Storage Bucket	fsdr-bucket-lon	fsdr-bucket-fra
Compartment	suraj	suraj
VCN	vcn-london	vcn-frankfurt
Subnet	public subnet-vcn-london	public subnet-vcn-frankfurt
Reserved IP	appvm-lon	appvm-fra
Compute VM	appvm	NA
Volume Group	appvg	NA

In this tutorial, we will show how to create a reserved public IP. You must go ahead and complete all the required prerequisites before proceeding further. These steps lay the foundation for a smooth and successful OCI Full Stack DR setup.

• Admin Access or Required Oracle Cloud Infrastructure Identity and Access Management (OCI IAM) Policies: Ensure you have administrator privileges or configure the necessary OCI IAM policies to use OCI Full Stack DR. For more information, see:

  • IAM Policy Documentation
  • Configuring IAM Policies (Blog)

• Access to Run Commands on OCI Compute Instances: If your compute instance has block storage attached, you may need to run commands on it during DR operations. For more information, see Running Commands on OCI Compute.

• Create OCI Object Storage Buckets in both Regions: These buckets will store logs generated during DR operations. For more information, see Object Storage for Logs.

• Set Up VCNs with Public Subnets in both Regions: Create virtual cloud networks with public subnets in both the primary and standby regions. For more information, see OCI VCN.

• Create Virtual Machine in Region 1: Create OCI VM and associate with public subnet. For more information, see OCI VM.

• Configure Cross-Region Volume Group Replication in Region 1: Group your VM’s block storage (boot and data volumes) and enable replication from the primary to the standby region. For more information, see OCI Volume group.

Task 1: Create Reserved Public IP in both Regions

Create reserved public IP in Region 1 and Region 2.

Note: If the reserved IPs are already available in both regions, you can skip Task 1.

1. Log in to the OCI Console and navigate to Reserved public IPs as shown in Figure 1.1.

   1. Ensure the OCI region context is set to Region 1 (London).

   2. Click Networking.

   3. Click Virtual Cloud Networks.

   4. Click IP management.

   5. Click Reserve public IP address, enter the parameters as shown in the following image and click Reserve public IP address.

   
   Figure 1.1: Create reserved public IP in region 1

2. Go to the OCI Console and navigate to Reserved public IPs as shown in Figure 1.2.

   1. Ensure the OCI region context is set to Region 2 (Frankfurt).

   2. Click Networking.

   3. Click Virtual Cloud Networks.

   4. Click IP management.

   5. Click Reserve public IP address, enter the parameters as shown in the following image and click Reserve public IP address.

   
   Figure 1.2: Create reserved public IP in region 2

Task 2: Create DR Protection Groups (DRPG) in both Regions

Create DR protection groups in Region 1 and Region 2 if the protection groups for this application stack do not exist yet.

Task 2.1: Create a Protection Group in Region 1

1. Go to the OCI Console and navigate to DR Protection Groups as shown in Figure 2.1.

   1. Ensure the OCI region context is set to Region 1 (London).

   2. Click Migration & Disaster Recovery.

   3. Click DR Protection Groups.

   
   Figure 2.1: Navigate to DR protection groups

2. Create a basic DRPG in Region 1 as shown in Figure 2.2. The peer, role and members will be assigned in later steps.

   1. Select the Compartment where you want the DRPG to be created.

   2. Click Create DR protection group.

   3. Enter a meaningful Name for the DRPG.

   4. Select OCI Object Storage bucket for OCI Full Stack DR logs.

   5. Click Create.

   
   Figure 2.2: Parameters needed to create DR protection group in region 1

Task 2.2: Create a Protection Group in Region 2

1. Go to the OCI Console and navigate to DR Protection Groups as shown in Figure 2.3.

   1. Ensure the OCI region context is set to Region 2 (Frankfurt).

   2. Click Migration & Disaster Recovery.

   3. Click DR Protection Groups.

   
   Figure 2.3: Navigate to DR protection groups

2. Create a basic DR protection group (DRPG) in Region 2 as shown in Figure 2.4. The peer, role and members will be assigned in later steps.

   1. Select the Compartment where you want the DRPG to be created.

   2. Click Create DR protection group.

   3. Enter a meaningful Name for the DRPG.

   4. Select OCI Object Storage bucket for OCI Full Stack DR logs.

   5. Click Create.

   
   Figure 2.4: Parameters needed to create DR protection group in region 2

Task 2.3: Associate Protection Groups in Region 1 and Region 2

Associate the DRPGs in each region as peers of each other and assign the peer roles of primary and standby. The roles of primary and standby are automatically changed by OCI Full Stack DR as part of any DR operation/DR plan execution; there is no need to manage the roles manually at any time.

1. Go to the DR protection group details page.

   1. Ensure OCI region context is set to Region 1 (London).

   2. Click Associate to begin the process.

   
   Fig: Begin DRPG association

2. Enter the parameters as shown in the following image and click Associate.

   • Role: Select Primary role. OCI Full Stack DR will assign the standby role to Region 2 automatically.
   • Peer region: Select Region 2 (Frankfurt), where the other DRPG created in Task 2.2.
   • Peer DR protection group: Select the peer DRPG created in Task 2.2.

   
   Fig: Parameters needed to associate the DRPGs

OCI Full Stack DR will show something similar to the details in the following image, once the association is completed.

• The current primary peer DRPG is London (region 1).
• The current standby peer DRPG is Frankfurt (region 2).

Fig: Showing the peer relationship from the individual DRPG perspective

The same information can be found whenever the context/view is from a global perspective showing all DR protection groups as shown in the following image.

• The current primary peer DRPG is London (region 1).
• The current standby peer DRPG is Frankfurt (region 2).

Fig: Showing the peer relationship from the global DRPG perspective

Task 3: Add Members to the DR Protection Group

Note: You should have already created the VM and associated volume group with cross-region replication from Region 1 to Region 2 before proceeding further. If not, create them as per Prerequisites.

In this task, we will add the following OCI resources to the primary DRPG in Region 1.

Before proceeding, let us verify the virtual machine and its associated volume group.

• Ensure the virtual machine is up and running.
• The virtual machine must be associated with a public subnet in order to use a reserved public IP address during DR operations.
• Confirm that the volume group is correctly attached and replicating to Region 2.

Fig: Showing the application VM running in region 1 associated with public IP

Fig: Showing the cross region volume group replication from region 1 to region 2

Task 3.1: Add Members to DRPG in Region 1

1. Select the DRPG in Region 1 as shown in the following image.

   1. Ensure the OCI region context is Region 1 (London).

   2. Select the DRPG in Region 1.

   3. Select Members.

   4. Click Add Member to begin the process.

   
   Fig: How to begin adding members to DR protection group in region 1

2. Add a compute instance for the app VM.

   1. Acknowledge warning about DR plans.

   2. Enter Compute as a member Resource type.

   3. Select the appvm compute instance.

   4. Select Moving instance.

   5. Click Add VNIC mapping to select which VCN and public subnet to assign to the VNIC at Region 2 during a recovery.

   6. Enter the reserved IP details in the Destination reserved public IP section. This is the reserved public IP which we want to use during the instance launch in Region 2. Once all the details are provided, click Add.

      Note: You will get this optional field only if you select Public subnet in the Destination subnet section. If you do not select this OCI Full Stack DR will assign a ephemeral public IP to the provided VNIC. Considering, we have provided the reserved IP details, OCI Full Stack DR will assign the reserved public IP to the VNIC.

   7. Verify if the added VNIC is showing in the VNIC section, it should show the selected Reserved Public IP details.

   8. Wait for the DR protection group to change to Active state. Verify the added compute VM in the Members section.

   
   Fig: Parameters needed to add Application VM

   
   Fig: Parameters needed to map the VNIC in region 2

   
   Fig: VNIC details in region 2

   
   Fig: Compute Instance Added to the DRPG in Region 1

3. Add the block volume group containing boot volume of the application VM and click Add member.

   1. Acknowledge warning about DR plans.

   2. Select Volume group as member Resource type.

   3. Ensure the correct compartment containing the volume group is selected and select the volume group.

   
   Fig: Parameters needed to add the Volume Group for the Compute

   
   Fig: Volume Group for the Compute Added to the DRPG in Region 1

With this, we have successfully added the required members to the DR protection group in Region 1.

Since we are using a moving instance, there is no need to add any members to the DR protection group in Region 2. OCI Full Stack DR will automatically create the necessary resources in the standby region during plan execution.

Task 4: Create the DR Plans in Region 2

In this task, we will create the initial switchover and failover plans associated with the standby DR protection group in Region 2 (Frankfurt).

The purpose of these plans is to seamlessly transition the workload from the primary region (Region 1) to the standby region (Region 2). As part of any DR operation, the roles of the DR protection groups in both regions are automatically reversed: the protection group in Region 1 becomes the standby, while the protection group in Region 2 assumes the primary role following a failover or switchover.

OCI Full Stack DR will pre-populate these plans with built-in steps derived from the member resources added during the previous tasks.

Switchover plans are always created within the protection group holding the standby role. Since Region 2 (Frankfurt) is currently the standby protection group, we will begin creating the plans there.

Task 4.1: Create a DR Plans

1. Create a basic plan by selecting the DRPG in Region 2 (Frankfurt).

   1. Ensure the OCI region context is Region 2 (Frankfurt).

   2. Select the standby DRPG in Region 2.

   3. Select Plans.

   4. Click Create Plan to begin the process.

   
   Fig: How to begin creating basic DR plans in Region 2

2. Create a switchover plan.

   1. Enter a simple and meaningful Name for the switchover plan. The name should be as short as possible but easy to understand at a glance to help reduce confusion and human error during a crisis.

   2. Select Plan type as Switchover (planned).

   
   Fig: The parameters needed to create DR switchover plan

3. Create a failover plan.

   1. Enter a simple and meaningful Name of the failover plan.

   2. Select Plan type as Failover (unplanned).

   
   Fig: The parameters needed to create DR failover plan

4. Create a start drill plan.

   1. Enter a simple and meaningful Name of the start drill plan.

   2. Select Plan type as Start drill.

   
   Fig: The parameters needed to create DR start drill plan

5. Create a stop drill plan.

   1. Enter a simple and meaningful Name of the stop drill plan.

   2. Select Plan type as Stop drill.

   
   Fig: The parameters needed to create DR start drill plan

   Note: You will receive a warning message because OCI Full Stack DR only allows creation of a stop drill plan after the start drill has been executed and the DR Protection Group is no longer in an Active state.

   This means you cannot create a stop drill plan at this point. In this tutorial, we will proceed with the switchover plan. However, if you are interested, you can experiment by running a start drill plan first and then attempt to create a stop drill plan instead.

6. The standby DR protection group in Region 2 should now have the three DR plans as shown in the following image. These will handle transitioning workloads from Region 1 to Region 2 and also running drill plan in Region 2. You will create similar plans at Region 1 to transition workloads from Region 2 back to Region 1 in a later task.

   
   Fig: Showing the three DR plans that must exist in region 2 before proceeding any further

Task 5: Validate the DR plans Plan in Region 2

The basic DR plans created in Task 4 contain pre-populated steps for recovery tasks that are built into OCI Full Stack DR.

Task 5.1: (Optional) Enable DR Plan Groups that Terminate Artifacts for the Switchover Plan

There are two plan groups that are disabled by default in the switchover plan as shown in the following image. These plan groups are disabled to provide reassurance during testing, ensuring that no artifacts are deleted and that source environment (VM/volume groups) remains intact in case of issues during the test phase.

However, these two plan groups are designed to terminate (delete) artifacts that will no longer be needed for any future DR operations. Without these plan groups enabled, unused artifacts will continue to accumulate over time as you perform switchovers between the two regions, which can lead to confusion about which compute instances, OCI File Storage and volume groups should be active.

Optionally, enabling these plan groups now will help avoid the need for manual clean up of unnecessary artifacts before going into production. This proactive step can streamline the transition to production and maintain a cleaner, more manageable environment.

Fig: Plan groups disabled by default for the switchover plan

1. To enable the plan groups, select Enable all steps from the context menu to the right of the plan group name.

   
   Fig: How to enable terminate compute instances

   
   Fig: Click on Enable to validate.

   
   Fig: How to enable terminate Volume Group

   
   Fig: Click on Enable to validate.

2. Validate the switchover plan.

   
   Fig: Plan groups for the switchover plan

Task 5.2: Verify the Failover Plan

1. Verify the failover plan.

   
   Fig: Plan groups for the failover plan

Task 5.3: Verify the Start Drill Plan

1. Verify the start drill plan.

   
   Fig: Plan groups for the start drill plan

Task 6: Run the Switchover Plan in Region 2

DR plans (switchover, failover and start drill) have been successfully created in the standby Region 2. These plans enable OCI Full Stack DR to transition workloads from Region 1 to Region 2 and start drill in Region 2.

Task 6.1: Run Prechecks for the Switchover DR Plan

1. Ensure the region context is set to standby Region 2.

2. Ensure the correct DR protection group in Region 2 is selected, it should be the standby role.

3. Click the switchover plan name.

4. Click Run prechecks.

Fig: Showing how to run prechecks of the switchover plan

Fig: Showing a Completed prechecks of the switchover plan

Note: Similarly you can run the prechecks for the failover and start drill plans.

Task 6.2: Run the Switchover Plan in Region 2

Run the switchover DR plan to begin transitioning the VM from Region 1 to Region 2. During the VM launch in Region 2, it will automatically use the reserved public IP that was previously created.

1. Ensure the region context is set to standby Region 2.

2. Ensure the correct DR protection group in Region 2 is selected, it should be the standby role.

3. Click the switchover plan name.

4. Click Execute plan.

5. Deselect Enable prechecks, since they were already executed in Task 6.1.

6. Click Execute DR plan to begin.

   
   Fig: Showing how to Run the switchover plan

   Monitor the switchover plan until the complete workload has been fully transitioned from Region 1 to Region 2. The execution of the switchover plan was successfully completed in approximately 52 minutes.

   
   Fig: Showing a Completed switchover plan execution.

7. Let us validate the OCI Compute instance which was launched using the reserved public IP. Navigate to Reserved public IPv4 addresses section from the VCN page. You can see, the provided reserved IP appvm-fra is showing as assigned.

   
   Fig: Showing reserved IP is assinged

   You can also validate that with the compute instance public IP details.

8. Verify the DR protection group roles. Region 2 is now Primary and Region 1 is Standby, enabling DR plan creation in Region 1.

   
   Fig: Primary role in Region 2

   
   Fig: Standby role in Region 2

Task 7: Create and Customize DR plans in Region 1

With the successful completion of the switchover by OCI Full Stack DR, Region 2 has now assumed the role of the primary region, while Region 1 has transitioned to serve as the standby region.

Note: To use reserved IPs during an OCI Compute instance launch in Region 1, you must edit the VNIC properties of the compute member and select appvm-lon in the reserved IP section.

1. Follow the same approach detailed in Task 4 to 6, proceed to create and customize the switchover, failover and start drill plans within the DR protection group for Region 1, which now serves as the standby peer region.

2. The standby DR protection group in Region 2 should now have the three DR plans as shown in the following image. These will handle transitioning workloads from Region 1 to Region 2 and also running drill plan in Region 2. You will create similar plans at Region 1 to transition workloads from Region 2 back to Region 1 in a later task.

   
   Fig: Showing the three DR plans that must exist in region 1 before proceeding any further

3. Perform a switchover from Region 1 to Region 2 at this point. This ensures that all DR plans are available in both DR Protection Groups, enabling a complete and consistent failover configuration. You can follow the Task 6, to run the DR plans.

Related Links

• Using Reserved Public IP with Full Stack DR documentation

• Oracle Cloud Infrastructure (OCI) Full Stack Disaster Recovery Documentation

• OCI Full Stack Disaster Recovery Product Page

• OCI Public IP Addresses

• Join #full-stack-dr slack channel

Acknowledgments

• Author - Suraj Ramesh (Product Manager for OCI Full Stack DR)

More Learning Resources

Explore other labs on docs.oracle.com/learn or access more free learning content on the Oracle Learning YouTube channel. Additionally, visit education.oracle.com/learning-explorer to become an Oracle Learning Explorer.

For product documentation, visit Oracle Help Center.

---

Title and Copyright Information

Use Reserved Public IPs with Moving Instances in OCI Full Stack Disaster Recovery

G33186-01

Copyright ©2025, Oracle and/or its affiliates.