Public IP Addresses

This topic describes how to manage public IP addresses on instances in a virtual cloud network (VCN).

Overview of Public IP Addresses

A public IP address is an IPv4 address that is reachable from the internet. You can assign a public IP address to a resource (such as an instance) to enable communication with the internet. The resource is assigned a public IP address from the Oracle Cloud Infrastructure address pool.

The assignment is actually to a private IP object on the resource. The VNIC that the private IP is assigned to must be in a public subnet. A given resource can have multiple secondary VNICs. And a given VNIC can have multiple secondary private IPs. So you can assign a given resource multiple public IPs across one or more VNICs if you like.

For a public IP address to be reachable over the internet, the VCN it's in must have an internet gateway, and the public subnet must have route tables and security lists configured accordingly.

Oracle Cloud Infrastructure FastConnect public peering lets your on-premises network access the public IP addresses of resources in Oracle Cloud Infrastructure without the traffic traversing the internet. For more information, see FastConnect Overview.

The Public IP Object

The Networking service defines an object called a public IP, which consists of:

  • Public IPv4 address (chosen by Oracle)
  • Properties that further define the public IP's type and behavior

Each public IP object has an Oracle-assigned OCID (see Resource Identifiers). If you're using the API, you can also assign each public IP object a friendly name.

Types of Public IPs

There are two types of public IPs:

  • Ephemeral: Think of it as temporary and existing for the lifetime of the instance.
  • Reserved: Think of it as persistent and existing beyond the lifetime of the instance it's assigned to. You can unassign it and then reassign it to another instance whenever you like.

The following table summarizes the differences between the two types.

Characteristic Ephemeral Public IPs Reserved Public IPs
Allowed assignment

To a VNIC's primary private IP only

Limits:

  • One per VNIC
  • Two per VM instance, and 16 per bare metal instance

To either a primary or secondary private IP

Limit: 32 per VNIC

Creation

Optionally created and assigned during instance launch or secondary VNIC creation. You can create and assign one later if the VNIC doesn't already have one.

 

You create one at any time. You can then assign it when you like.

Limit: You can create 50 per region

Unassignment

You can unassign it at any time, which deletes it. You might do this if whoever launched the instance included a public IP, but you don't want the instance to have one.

When you stop an instance, its ephemeral public IPs remain assigned to the instance.

You can unassign it at any time, which returns it to your tenancy's pool of reserved public IPs.
Moving to a different resource

If assigned to a secondary private IP: If you move the private IP to a different VNIC (must be in the same subnet), the ephemeral public IP goes with it.

You cannot move an ephemeral public IP to a different private IP.

If assigned to a secondary private IP: If you move the private IP to a different VNIC (must be in the same subnet), the reserved public IP goes with it.

You can move it (unassign and then reassign it) at any time to another private IP in the same region. Can be in a different VCN or availability domain.

Automatic deletion

Its lifetime is tied to the private IP's lifetime. Automatically unassigned and deleted when:

  • Its private IP is deleted
  • Its VNIC is detached or terminated
  • Its instance is terminated

Never. Exists until you delete it.

Scope Availability domain Regional (can be assigned to a private IP in any availability domain in the region)
Compartment and availability domain Same as the private IP's Can be different from the private IP's

When you launch an instance in a public subnet, by default, the instance gets a public IP unless you say otherwise. See To choose whether an ephemeral public IP is assigned when launching an instance.

After you create a given public IP, you can't change which type it is. For example, if you launch an instance that is assigned an ephemeral public IP with address 129.146.1.9, you can't convert the ephemeral public IP to a reserved public IP with address 129.146.1.9.

The preceding table notes the public IPs limits per VNIC and instance. If you try to perform any operation that assigns or moves a public IP to a VNIC or instance that has already reached its public IP limit, an error is returned. The operations include:

  • Assigning a public IP
  • Creating a new secondary VNIC with a public IP
  • Moving a private IP with a public IP to another VNIC
  • Moving a public IP to another private IP

Required IAM Policy

To use Oracle Cloud Infrastructure, you must be given the required type of access in a policyA document in the IAM that specifies who has what type of access to your resources. It is used in different ways: to mean an individual statement written in the policy language; to mean a collection of statements in a single, named "policy" document (which has an Oracle Cloud ID (OCID) assigned to it); and to mean the overall body of policies your organization uses to control access to resources. written by an administrator, whether you're using the Console or the REST API with an SDK, CLI, or other tool. If you try to perform an action and get a message that you don’t have permission or are unauthorized, confirm with your administrator the type of access you've been granted and which compartmentA collection of related resources that can be accessed only by certain groups that have been given permission by an administrator in your organization. you should work in.

For administrators: see IAM Policies for Networking.

Tagging Resources

You can apply tags to your resources to help you organize them according to your business needs. You can apply tags at the time you create a resource, or you can update the resource later with the desired tags. For general information about applying tags, see Resource Tags.

You can apply tags to reserved public IPs, but not ephemeral public IPs.

Ephemeral Public IPs: Using the Console

Reserved Public IPs: Using the Console

Using the API

For information about using the API and signing requests, see REST APIs and Security Credentials. For information about SDKs, see Oracle Cloud Infrastructure SDKs.

To manage public IPs, use these operations:

  • GetPublicIp: Use this to get a publicIp object by specifying its OCID.
  • GetPublicIpByIpAddress: Use this to get a publicIp object by specifying its public IP address.
  • GetPublicIpByPrivateIpId: Use this to get a publicIp object by specifying the OCID of the private IP it's assigned to.
  • ListPublicIps: Use this to list either your ephemeral or reserved publicIp objects.
  • CreatePublicIp: Use this to create a new reserved public IP in your pool.
  • UpdatePublicIp: Use this to assign, reassign, or unassign a reserved public IP, or to update the display name of an ephemeral or reserved public IP. You can also update a reserved public IP's tags.
  • DeletePublicIp: Use this to delete an ephemeral public IP from its private IP, or delete a reserved public IP from your pool. The operation first unassigns the public IP.