Back to Blog
OCI Dynamic Routing Gateway Setup Step-by-Step for Hybrid Networking

OCI Dynamic Routing Gateway Setup Step-by-Step for Hybrid Networking

   Mariusz Antonik    Oracle Cloud (OCI)    3 min read    15 views

1. Introduction

The Dynamic Routing Gateway (DRG) is the heart of hybrid networking in OCI.
If you're connecting an on-prem network, another cloud provider, or multiple VCNs — the DRG is the router that ties it all together.

In this guide, I’ll show you exactly how to set it up, test it, and validate routing end-to-end.

2. What Problem This Solves

Without the DRG:

❌ On-prem cannot reach OCI
❌ Site-to-site VPN won’t work
❌ FastConnect can’t attach
❌ Cross-VCN routing becomes messy
❌ VCN peering becomes inconsistent

With a DRG:

✅ Centralized routing
✅ Multiple VCN attachments
✅ VPN or FastConnect integration
✅ Inspection and monitoring

Let's build it properly.

3. Step-by-Step Guide

Step 1 — Create DRG

OCI Console → Networking → Dynamic Routing Gateways → Create DRG

CLI:

 
oci network drg create \ --compartment-id <COMPARTMENT_OCID> \ --display-name "main-drg"

Step 2 — Attach VCN to DRG

Console → DRG → Attachments → Create Attachment

CLI:

 
oci network drg-attachment create \ --drg-id <DRG_OCID> \ --vcn-id <VCN_OCID> \ --display-name "vcn-attachment"

Step 3 — Create and Configure Route Tables

VCN → Route Tables → Create New Route Table

Add rule:

 
Destination Type: DRG Destination: <ON_PREM_CIDR> Target: DRG Attachment

CLI:

 
oci network route-table update \ --rt-id <RT_OCID> \ --route-rules '[ {"cidrBlock":"192.168.0.0/16","networkEntityId":"<DRG_ATTACHMENT_OCID>"} ]'

Step 4 — Configure IPSec VPN (Optional)

Create Customer-Premise Equipment (CPE):

 
oci network cpe create \ --display-name "my-cpe" \ --ip-address <ON_PREM_PUBLIC_IP>

Create IPSec tunnel:

 
oci network ip-sec-connection create \ --cpe-id <CPE_OCID> \ --drg-id <DRG_OCID> \ --static-routes '["0.0.0.0/0"]'

Step 5 — Validate Routing with Traceroute

From on-prem:

 
traceroute 10.0.2.10

From OCI compute:

 
sudo traceroute 192.168.1.10

4. Architecture Diagram

(Generated in next message)

Placeholder:

 
On-Prem Network ---- IPSec ---- DRG ---- VCN A \---- VCN B

5. Best Practices

  • Use separate DRG route tables for each VCN attachment

  • Avoid overlapping CIDRs

  • Use HA VPN (tunnel 1 + tunnel 2)

  • Consider FastConnect for production

  • Enable logging on the DRG

  • Use Network Path Analyzer for troubleshooting

6. Troubleshooting

Issue Cause Fix
Ping not working ICMP blocked Enable ICMP in NSG
VPN down Phase 1 mismatch Adjust IKE settings
Route unreachable Wrong RT target Point to DRG attachment
Slow performance MTU mismatch Adjust MTU to 1500/1400

7. Summary

The DRG allows you to build reliable hybrid networks in OCI.
With the configuration above, you can connect multiple VCNs and even full on-prem infrastructure using VPN or FastConnect.

👉 Download the free guide: “7 OCI Networking Mistakes to Avoid”
https://dmcloudarchitect.com/c/7_oci_mistakes_to_avoid.html

Tags: #Beginner #free-tier #OCI #oracle-cloud #Security
Share: Twitter LinkedIn Facebook
Related Posts
Connect to server using Console
Nov 30, 2025
Monitoring and Troubleshooting with OCI Observability and Logging
Monitoring and Troubleshooting with OCI Observability and Logging
Nov 10, 2025
Understanding OCI Storage: Block, Object, and File Explained
Understanding OCI Storage: Block, Object, and File Explained
Nov 07, 2025
About the Author
Mariusz Antonik

Oracle Cloud Infrastructure expert and consultant specializing in database management and automation.

Recent Posts
Connect to server using Console
Nov 30, 2025 Troubleshooting HeatWave — Common Issues, Causes & Fixes
Nov 28, 2025 Monitoring HeatWave — Complete Guide for DBAs & DevOps
Nov 26, 2025 How to Secure Your OCI Always Free Tier Network: A Practical Guide
Nov 25, 2025 HeatWave Query Engine Internals — Joins, Aggregations, Hashing & Vectorization
Nov 24, 2025
All Tags
#Advanced #Beginner #Best Practices #free-tier #Guide #MySQL #OCI #oracle-cloud #Security #Tutorial