Private IP Addresses

This topic describes how to manage the IP addresses assigned to an instance in a virtual cloud network (VCN).

Overview of IP Addresses

Instances use IP addresses for communication. Each instance has at least one private IP address and at least one optional public IP address. A private IP address enables the instance to communicate with other instances inside the VCN, or with hosts in your on-premises network (via an IPSec VPN or Oracle Cloud Infrastructure FastConnect). A public IP address enables the instance to communicate with hosts on the internet. For more information, see these related topics:

About the Private IP Object

The Networking service defines an object called a private IP, which consists of:

Each private IP object has an Oracle-assigned OCID (see Resource Identifiers). If you're using the API, you can also assign each private IP object a friendly name.

Each instance receives a primary private IP object during launch. The primary private IP cannot be removed from the instance. It's automatically terminated when the instance is terminated.

If an instance has any secondary VNICs attached, each of those VNICs also has a primary private IP.

A private IP can have a public IP assigned to it at your discretion.

A private IP can be the target of a route rule in your VCN. For more information, see Using a Private IP as a Route Target.

About Secondary Private IP Addresses

You can add a secondary private IP to an instance after it's launched. You can add it to either the primary VNIC or a secondary VNIC on the instance. The secondary private IP address must come from the CIDR of the VNIC's subnet. You can move a secondary private IP from a VNIC on one instance to a VNIC on another instance if both VNICs belong to the same subnet.

Here are a few reasons why you might use secondary private IPs:

  • Instance failover: You assign a secondary private IP to an instance. Then if the instance has problems, you can easily reassign that secondary private IP to a standby instance in the same subnet. If the secondary private IP has a public IP assigned to it, that public IP moves along with the private IP.
  • Run multiple services or endpoints on a single instance: For example, you could have multiple container pods running on a single instance, and each uses an IP address from the VCN's CIDR. The containers have direct connectivity to other instances and services in the VCN. Another example: you could run multiple SSL websites with each one using its own IP address.

Here are more details about secondary private IP addresses:

  • They're supported for all shapes and OS types, for both bare metal and VM instances.
  • A VNIC can have a maximum of 31 secondary private IPs.
  • They can be assigned only after the instance is launched (or the secondary VNIC is created/attached).
  • Unassigning a secondary IP from a VNIC returns the address to the pool of available addresses in the subnet.
  • They are automatically unassigned when you terminate the instance (or detach/delete the secondary VNIC).
  • The instance's bandwidth is fixed regardless of the number of private IP addresses attached. You can't specify a bandwidth limit for a particular IP address on an instance.
  • A secondary private IP can have a reserved public IP assigned to it at your discretion.

Required IAM Policy

To use Oracle Cloud Infrastructure, you must be given the required type of access in a policyA document in the IAM that specifies who has what type of access to your resources. It is used in different ways: to mean an individual statement written in the policy language; to mean a collection of statements in a single, named "policy" document (which has an Oracle Cloud ID (OCID) assigned to it); and to mean the overall body of policies your organization uses to control access to resources. written by an administrator, whether you're using the Console or the REST API with an SDK, CLI, or other tool. If you try to perform an action and get a message that you don’t have permission or are unauthorized, confirm with your administrator the type of access you've been granted and which compartmentA collection of related resources that can be accessed only by certain groups that have been given permission by an administrator in your organization. you should work in.

For administrators: see IAM Policies for Networking.

Tagging Resources

You can apply tags to your resources to help you organize them according to your business needs. You can apply tags at the time you create a resource, or you can update the resource later with the desired tags. For general information about applying tags, see Resource Tags.

Using the Console

Using the API

For information about using the API and signing requests, see REST APIs and Security Credentials. For information about SDKs, see Oracle Cloud Infrastructure SDKs.

To manage private IPs on a VNIC, use these operations:

  • GetPrivateIp: Use this to get a single privateIp object by specifying its OCID.
  • ListPrivateIps: Use this to get a single privateIp object by specifying the private IP address (for example, 10.0.3.3) and the subnet's OCID. Or you can list all the privateIp objects in a given subnet, or just the ones assigned to a given VNIC.
  • CreatePrivateIp: Use this to assign a new secondary private IP to a VNIC.
  • UpdatePrivateIp: Use this to reassign a secondary private IP to a different VNIC in the same subnet, or to update the hostname or display name of a secondary private IP.
  • DeletePrivateIp: Use this to remove a secondary private IP from a VNIC. The private IP address is returned to the subnet's pool of available addresses.

Linux: Details about Secondary IP Addresses

After assigning a secondary private IP to a VNIC, you must configure the OS to use it.

Basic Commands (Not Persistent Through a Reboot)

On the instance, run the following command. It works on all variants of Linux, for both bare metal and VM instances:

ip addr add <address>/<subnet_prefix_len> dev <phys_dev> label <phys_dev>:<addr_seq_num>

where:

  • <address>: The secondary private IP address.
  • <subnet_prefix_len>: The subnet's prefix length. For example, if the subnet is 192.168.20.0/24, the subnet prefix length is 24.
  • <phys_dev>: The interface to add the address to (for example, ens2f0).
  • <addr_seq_num>: The sequential number in the stack of addresses on the device (for example, 0).

For example:

ip addr add 192.168.20.50/24 dev ens2f0 label ens2f0:0

Later if you want to delete the address, you can use:

ip addr del 192.168.20.50/24 dev ens2f0:0 

Also make sure to unassign the secondary IP from the VNIC. You can do that before or after executing the above command to delete the address from the OS configuration.

If you've assigned a secondary IP to a secondary VNIC, and you're using policy-based routing for the secondary VNIC, make sure to configure the route rules to look up the same route table for the secondary IP address.

Configuration File (Persistent Through a Reboot)

You can make the configuration persistent through a reboot by adding the information to a configuration file.

Windows: Details about Secondary IP Addresses

After assigning a secondary private IP to a VNIC, you must configure the OS to use it. Here are instructions for using a PowerShell script or the Network and Sharing Center UI.