EU-Vietnam Business Network (EVBN) > Noindex > Public IP Addresses

Public IP Addresses

A public IP address is an IPv4 address that is reachable from the internet. If a resource in your tenancy needs to be directly reachable from the internet, it must have a public IP address. Depending on the type of resource, there might be other requirements.

Certain types of resources in your tenancy are designed to be directly reachable from the internet and therefore automatically come with a public IP address. For example: a NAT gateway or a public load balancer. Other types of resources are directly reachable only if you configure them to be. For example: instances in your VCN.

This topic focuses on these subjects:

  • The types of public IP addresses and their characteristics
  • How to control whether an instance has a public IP address

For more information about resources that automatically get a public IP address, see
Resources That Always Get a Public IP.

Instances and Public IP Addresses

You can assign a public IP address to an instance to enable communication with the
internet. The instance is assigned a public IP address from the Oracle Cloud Infrastructure address pool.

The assignment is actually to a private IP object on the instance. The VNIC that the private IP is assigned to must be in a public subnet. A given instance can have multiple secondary VNICs, and a given VNIC can have multiple secondary private IPs. So you can assign a given instance multiple public IPs across one or more VNICs if you like.

For an instance to communicate directly with the internet, all of the following are required:

  • The instance must be in a public subnet.
  • The instance must have a public IP address.
  • The instance’s VCN must have an internet gateway.
  • The public subnet must have route tables and security lists configured accordingly.

Tip

Oracle Cloud Infrastructure

FastConnect

public peering lets your on-premises
network access the public IP addresses of resources in

Oracle Cloud Infrastructure

without the traffic traversing the internet. For more information, see

public peering lets your on-premises network access the public IP addresses of resources inwithout the traffic traversing the internet. For more information, see FastConnect

The Public IP Object

The Networking service defines an object called a
public IP, which consists of these items:

  • Public IPv4 address (chosen by Oracle)
  • Properties that further define the public IP’s type and behavior

Each public IP object has an Oracle-assigned OCID (see Resource Identifiers). If you’re using the API, you can also assign each public IP object a friendly name.

Types of Public IPs

There are two types of public IPs:

  • Ephemeral: Think of it as temporary and existing for the lifetime of the
    instance.
  • Reserved: Think of it as persistent and existing beyond the lifetime of
    the instance it’s assigned to. You can unassign it and then reassign it to
    another instance whenever you like. Exception: reserved public IPs on public
    load balancers. See Overview of Public IP Addresses.

The following table summarizes the differences between the two types.

Characteristic
Ephemeral Public IPs
Reserved Public IPs

Allowed assignment

To a VNIC’s primary private
IP only

Limits:

  • One per VNIC
  • Two per VM instance, and 16 per bare metal instance

To either a primary or secondary private IP

Limit: 32 per VNIC

Creation

Optionally created and assigned during instance launch or
secondary VNIC creation. You can create and assign one later if
the VNIC doesn’t already have one.

 

You create one at any time. You can then assign it when you
like.

Limit: You can create 50 per region

Unassignment

You can unassign it at any time, which deletes it. You might do
this if whoever launched the instance included a public IP, but
you don’t want the instance to have one.

When you stop an instance, its ephemeral public IPs remain
assigned to the instance.

You can unassign it at any time, which returns it to your
tenancy’s pool of reserved public IPs.

Moving to a different resource

You cannot move an ephemeral public IP to a different private
IP.

If assigned to a secondary private IP: If you move the private IP
to a different VNIC (must be in the same subnet), the reserved
public IP goes with it.

You can move it (unassign and then reassign it) at any time to
another private IP in the same region. Can be in a different VCN
or availability domain.

Automatic deletion

Its lifetime is tied to the private IP’s lifetime. Automatically
unassigned and deleted when:

  • Its private IP is deleted
  • Its VNIC is detached or terminated
  • Its instance is terminated

Never. Exists until you delete it.

Scope

Availability domain

Regional (can be assigned to a private IP in any

availability domain

in the region)

Compartment and

availability domain

Same as the private IPs
Can be different from the private IPs

When you launch an instance in a public subnet, by default, the instance gets a
public IP unless you say otherwise. See To choose whether an ephemeral public IP is assigned when launching an instance.

After you create a given public IP, you can’t change which type it is. For example,
if you launch an instance that is assigned an ephemeral public IP with address
203.0.113.2, you can’t convert the ephemeral public IP to a reserved public IP with
address 203.0.113.2.

The preceding table notes the public IP limits per VNIC and instance. If you try to
perform any operation that assigns or moves a public IP to a VNIC or instance that
has already reached its public IP limit, an error is returned. The operations
include:

  • Assigning a public IP
  • Creating a new secondary VNIC with a public IP
  • Moving a private IP with a public IP to another VNIC
  • Moving a public IP to another private IP

Resources That Always Get a Public IP

As mentioned earlier, certain types of resources are designed to be directly reachable from the internet. Examples: a NAT gateway or a public load balancer. These resources automatically get a public IP address upon creation. Oracle chooses the public IP address from the Oracle pool. You can’t remove or change the address.

For public load balancers, the address can be either a regional reserved public IP
address that you create from a pool and assign to the load balancer at creation
time, or an ephemeral public IP address assigned by Oracle for the life of the load
balancer. When the load balancer is no longer needed, the ephemeral IP address is
returned to the pool of available addresses, but the reserved IP address can be
moved to a different resource. While active, this public IP appears in the list of
your tenancy’s reserved public IPs, which you can
view in the Console.

For NAT gateways, the address is a regional ephemeral public IP that is assigned to the NAT gateway. Like other ephemeral public IPs, it’s automatically unassigned and deleted when you terminate its assigned resource (the NAT gateway). However, unlike other ephemeral public IPs, you can’t edit it or unassign it yourself.

Required

IAM

Policy

To use Oracle Cloud Infrastructure, you must be granted security
access in a policy  by an administrator. This access
is required whether you’re using the Console or the
REST API with an SDK, CLI, or other tool. If you get a message that you don’t have
permission or are unauthorized, verify with your administrator what type of access
you have and which compartment  to work in.

For administrators: see IAM Policies for Networking.

Bài viết liên quan
Bài viết mới
Thể Thao nổi bật