Back to Blog

Building Your Network in Oracle Cloud Infrastructure (OCI): A Step-by-Step Guide

   Mariusz Antonik    Networking    2 min read    1 views

Building Your Network in Oracle Cloud Infrastructure (OCI): A Step-by-Step Guide

Every reliable cloud deployment starts with a solid network foundation. In OCI, that foundation is the Virtual Cloud Network (VCN)—a private, software-defined network for your compute, databases, and services. This guide explains compartments, public vs private subnets, and a practical setup flow.

1. Tenancy, Compartments, and VCNs

Your tenancy is your company’s root account. Inside it, create compartments—logical containers for isolation, access control, and cost tracking.

DMCloudArchitect (Tenancy) ├─ Production │ ├─ Networking │ ├─ Compute │ └─ Databases └─ Development ├─ Networking ├─ Compute └─ Databases

Keep network resources in a dedicated Networking compartment for clean IAM and troubleshooting.

2. What Is a VCN?

A VCN is a private, customizable network in a single region that can span multiple ADs. You define IP ranges (CIDRs), subnets, gateways, routes, and security.

  • Example VCN CIDR: 10.0.0.0/16
  • Example Subnets: 10.0.1.0/24 (public), 10.0.2.0/24 (private)

3. Public vs Private Subnets

Public Subnets

  • Internet access via an Internet Gateway.
  • For web frontends, bastions, public LBs.
  • Instances can have public IPs.

Private Subnets

  • No direct internet exposure.
  • For databases and internal services.
  • Outbound only via NAT Gateway for updates.

4. Create a Basic Network (Console)

  1. Create a Compartment: Identity & Security → Compartments → Create.
  2. Create a VCN: Networking → Virtual Cloud Networks → Create (Quick setup or Custom). Choose CIDR like 10.0.0.0/16.
  3. Create Subnets: Public-Subnet 10.0.1.0/24, Private-Subnet 10.0.2.0/24.
  4. Configure Routes: Public → 0.0.0.0/0 → Internet Gateway; Private → 0.0.0.0/0 → NAT Gateway.
  5. Security: Use NSGs or Security Lists. Example: allow TCP 22 (SSH) from your IP to public; allow DB port from app subnet only.

5. Key Networking Components

  • Internet Gateway: public ingress/egress
  • NAT Gateway: private egress only
  • Service Gateway: private access to OCI services
  • DRG: on-prem/VPN or inter-VCN connectivity
  • LPG: local peering same region
  • Route Tables: traffic paths per subnet
  • NSGs/Security Lists: firewall policies

6. Organizing for Growth

  • Plan non-overlapping CIDRs for future peering/VPNs.
  • Use tags for owner/cost center.
  • Separate prod vs dev in distinct compartments/VCNs.
  • Document the IP plan early.
VCN: 10.0.0.0/16 ├─ Public Subnet: 10.0.1.0/24 (Web) └─ Private Subnet: 10.0.2.0/24 (DB)

7. Tips for Developers & Small Businesses

  • Start with Quick Create; customize later.
  • Keep most resources private; expose only what’s needed.
  • Automate with Terraform/CLI for repeatability.
  • Use Flow Logs and Monitoring for troubleshooting.

8. Summary

Organize with compartments, define a clean VCN, split public/private subnets, and apply least-privilege security. A solid network unlocks secure, scalable deployments for your workloads.

Tags: #Beginner #Best Practices #OCI
Share: Twitter LinkedIn Facebook
About the Author
Mariusz Antonik

Oracle Cloud Infrastructure expert and consultant specializing in database management and automation.

Recent Posts
Getting Started with Oracle Cloud Free Tier - update
Nov 01, 2025 Oracle Cloud Always Free Tier: What’s Included and How to Use It
Nov 01, 2025 Load Balancers in Oracle Cloud Infrastructure
Nov 01, 2025 Virtual Servers in Oracle Cloud Infrastructure
Nov 01, 2025 What Is Oracle Cloud Infrastructure
Nov 01, 2025
All Tags
#Beginner #Best Practices #free-tier #Guide #OCI #oracle-cloud #Tutorial