Internet Gateway

Before continuing, make sure you’ve read Access to the Internet and also understand how to set up security rules for the resources in a subnet.

An internet gateway as an optional virtual router that connects the edge of the VCN with the internet. To use the gateway, the hosts on both ends of the connection must have public IP addresses for routing. Connections that originate in your VCN and are destined for a public IP address (either inside or outside the VCN) go through the internet gateway. Connections that originate outside the VCN and are destined for a public IP address inside the VCN go through the internet gateway.

A given VCN can have only one internet gateway. You control which public subnets in the VCN can use the gateway by configuring the subnet’s associated route table. You use security rules to control the types of traffic allowed in and out of resources in those public subnets.

The following diagram illustrates a simple VCN setup with a single public subnet. The VCN
has an internet gateway, and the public subnet is configured to use the VCN’s default
route table. The table has a route rule that sends all egress traffic from the subnets
to the internet gateway. The gateway allows any ingress connections from the internet
with a destination IP address equal to the public IP address of a resource in the VCN.
However, the public subnet’s security list rules ultimately determine the specific
types of traffic that are allowed in and out of the resources in the subnet.
Those specific security rules are not shown.

This image shows a simple layout of a VCN with a public subnet that uses an internet gateway.

Callout 1: VCN Default Route Table

Destination CIDR
Route Target

0.0.0.0/0
Internet Gateway

Tip

Traffic through an internet gateway between a VCN and a public IP
address that is part of

Oracle Cloud Infrastructure

(such as

Object Storage

) is routed without being sent over
the internet.