{"id":945,"date":"2026-04-17T05:42:15","date_gmt":"2026-04-17T05:42:15","guid":{"rendered":"https:\/\/www.devopsschool.com\/tutorials\/oracle-cloud-ip-management-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-networking-edge-and-connectivity\/"},"modified":"2026-04-17T05:42:15","modified_gmt":"2026-04-17T05:42:15","slug":"oracle-cloud-ip-management-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-networking-edge-and-connectivity","status":"publish","type":"post","link":"https:\/\/www.devopsschool.com\/tutorials\/oracle-cloud-ip-management-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-networking-edge-and-connectivity\/","title":{"rendered":"Oracle Cloud IP Management Tutorial: Architecture, Pricing, Use Cases, and Hands-On Guide for Networking, Edge, and Connectivity"},"content":{"rendered":"\n

Category<\/h2>\n\n\n\n

Networking, Edge, and Connectivity<\/p>\n\n\n\n

1. Introduction<\/h2>\n\n\n\n

What this service is<\/h3>\n\n\n\n

In Oracle Cloud Infrastructure (OCI), IP Management<\/strong> is the set of networking capabilities and Console workflows used to allocate, reserve, assign, and govern IP addresses<\/strong>\u2014especially public IP addresses<\/strong> (reserved or ephemeral) and their association to private IPs<\/strong> on VNICs within your Virtual Cloud Network (VCN).<\/p>\n\n\n\n

Simple explanation (one paragraph)<\/h3>\n\n\n\n

IP Management in Oracle Cloud helps you control \u201cwhat IP address is used where\u201d so your applications have stable endpoints, your allowlists stay accurate, and your network changes don\u2019t accidentally break connectivity. The most common task is reserving a public IP so you can move it between resources (or keep it even if an instance is rebuilt), rather than relying on an ephemeral public IP that can change.<\/p>\n\n\n\n

Technical explanation (one paragraph)<\/h3>\n\n\n\n

Technically, OCI IP Management centers on Public IP<\/strong> resources (ephemeral and reserved) and how they map to a Private IP<\/strong> on a VNIC in a subnet inside a VCN. You manage these objects within a region and compartment, enforce access with IAM policies, track changes via audit logs, and automate actions using the OCI Console, CLI, SDKs, and APIs. Advanced capabilities may include Bring Your Own IP (BYOIP)<\/strong>, depending on your account eligibility and region support (verify in official docs for your tenancy and region).<\/p>\n\n\n\n

What problem it solves<\/h3>\n\n\n\n

IP Management solves common operational and architectural problems such as:<\/p>\n\n\n\n

    \n
  • Preventing outages caused by changing public IPs<\/strong> during rebuilds or scaling events.<\/li>\n
  • Enabling stable endpoints for DNS records, partner allowlists, firewall rules<\/strong>, and integrations.<\/li>\n
  • Supporting patterns like \u201cfloating IP\u201d\/VIP-style failover using re-assignment<\/strong> (where supported).<\/li>\n
  • Improving governance with compartmentalization, tagging, and auditability of IP usage.<\/li>\n<\/ul>\n\n\n\n
    \n

    Important scope note: OCI \u201cIP Management\u201d is not marketed as a standalone \u201centerprise IPAM\u201d product in the way some other clouds provide (for example, AWS VPC IPAM). In OCI, it\u2019s primarily public IP and related address administration<\/strong> within OCI Networking. For true enterprise IPAM (multi-site, multi-cloud, DHCP\/DNS sync, automated subnet planning), teams often integrate OCI with specialized IPAM tools (self-managed or commercial).<\/p>\n<\/blockquote>\n\n\n\n

    \n\n\n\n

    2. What is IP Management?<\/h2>\n\n\n\n

    Official purpose<\/h3>\n\n\n\n

    The purpose of IP Management<\/strong> in Oracle Cloud (OCI Networking, Edge, and Connectivity) is to let you manage IP addressing for OCI resources<\/strong>, primarily by controlling:<\/p>\n\n\n\n

      \n
    • Allocation and lifecycle of Public IP addresses<\/strong><\/li>\n
    • Association of public IPs to Private IP<\/strong> objects<\/li>\n
    • (Where applicable) management of BYOIP<\/strong> address ranges<\/li>\n<\/ul>\n\n\n\n

      Because OCI documentation and Console evolve, verify the exact screen names and supported operations in the official OCI Networking documentation<\/strong> for your tenancy\/region.<\/p>\n\n\n\n

      Core capabilities<\/h3>\n\n\n\n

      At a practical level, IP Management commonly includes:<\/p>\n\n\n\n

        \n
      • Creating Reserved Public IPs<\/strong> for stable, reusable public endpoints<\/li>\n
      • Understanding and using Ephemeral Public IPs<\/strong> (temporary public addresses)<\/li>\n
      • Assigning\/unassigning public IPs to private IPs<\/strong> on VNICs<\/li>\n
      • Listing, tracking, and governing public IP inventory across compartments<\/li>\n
      • Automating tasks with OCI CLI\/SDK\/API<\/strong><\/li>\n
      • Tagging and auditing IP resources for cost, ownership, and compliance<\/li>\n<\/ul>\n\n\n\n

        Major components (how OCI models it)<\/h3>\n\n\n\n

        In OCI, IP-related networking is built from these core objects:<\/p>\n\n\n\n

          \n
        • VCN (Virtual Cloud Network):<\/strong> Your private network in OCI.<\/li>\n
        • Subnet:<\/strong> A range within a VCN (regional in OCI).<\/li>\n
        • VNIC (Virtual Network Interface Card):<\/strong> Attached to compute instances and some services.<\/li>\n
        • Private IP:<\/strong> An address on a VNIC within a subnet. A VNIC can have a primary private IP and may support secondary private IPs (verify exact limits in docs).<\/li>\n
        • Public IP:<\/strong> An internet-routable IPv4 address that maps to a private IP.<\/li>\n
        • Ephemeral<\/strong>: Typically assigned automatically and released when you terminate certain resources (behavior depends on resource type; verify in docs).<\/li>\n
        • Reserved<\/strong>: Stays allocated to your tenancy until you explicitly release it; can be reassigned.<\/li>\n<\/ul>\n\n\n\n

          Service type<\/h3>\n\n\n\n

          IP Management<\/strong> is best understood as a networking control-plane capability<\/strong> (resource administration) within OCI Networking\u2014not a data-plane packet processing service by itself.<\/p>\n\n\n\n

          Scope: regional\/global\/zonal and tenancy boundaries<\/h3>\n\n\n\n
            \n
          • Tenancy-scoped governance:<\/strong> Controlled by IAM at the tenancy\/compartment<\/strong> level.<\/li>\n
          • Regional behavior:<\/strong> Public IP resources and networking constructs are typically regional<\/strong> in OCI, though attachment\/association can depend on the underlying resource and availability domain constructs. Always confirm the exact scope in the relevant resource docs.<\/li>\n
          • Compartment-scoped resources:<\/strong> Public IPs are created in a compartment<\/strong>, enabling delegated management.<\/li>\n<\/ul>\n\n\n\n

            How it fits into the Oracle Cloud ecosystem<\/h3>\n\n\n\n

            IP Management is foundational to many services in the Networking, Edge, and Connectivity<\/strong> category and beyond:<\/p>\n\n\n\n

              \n
            • Compute<\/strong> (instances with public endpoints)<\/li>\n
            • Load Balancing<\/strong> (public load balancers \/ network load balancers that need fixed IPs)<\/li>\n
            • Network Firewall \/ WAF<\/strong> (front-door designs often rely on stable IPs and DNS)<\/li>\n
            • VPN \/ FastConnect<\/strong> (allowlisting and routing scenarios)<\/li>\n
            • Kubernetes and microservices<\/strong> (ingress endpoints, NAT, egress controls)<\/li>\n
            • Security and governance services<\/strong> (IAM, Audit, Logging)<\/li>\n<\/ul>\n\n\n\n
              \n\n\n\n

              3. Why use IP Management?<\/h2>\n\n\n\n

              Business reasons<\/h3>\n\n\n\n
                \n
              • Reduce downtime risk:<\/strong> Stable IPs prevent integration breaks when infrastructure changes.<\/li>\n
              • Faster incident recovery:<\/strong> Reassigning a reserved IP can speed up mitigation and restore service.<\/li>\n
              • Partner integrations:<\/strong> Many partners require fixed IP allowlists for inbound\/outbound connectivity.<\/li>\n
              • Change management:<\/strong> Clear inventory and ownership for IPs supports audit and compliance.<\/li>\n<\/ul>\n\n\n\n

                Technical reasons<\/h3>\n\n\n\n
                  \n
                • Stable endpoints:<\/strong> Reserved public IPs support consistent DNS A records and firewall rules.<\/li>\n
                • Planned migration:<\/strong> Move traffic from one backend to another without changing the public endpoint.<\/li>\n
                • Environment parity:<\/strong> Manage IPs per environment (dev\/test\/prod) via compartments and tags.<\/li>\n
                • Automation:<\/strong> CLI\/SDK-based control reduces manual errors.<\/li>\n<\/ul>\n\n\n\n

                  Operational reasons<\/h3>\n\n\n\n
                    \n
                  • Inventory control:<\/strong> Prevent \u201cIP sprawl\u201d and unknown public exposure.<\/li>\n
                  • Delegation:<\/strong> Compartments let platform teams delegate IP tasks to app teams safely.<\/li>\n
                  • Auditability:<\/strong> Changes are trackable with OCI Audit and tags.<\/li>\n<\/ul>\n\n\n\n

                    Security\/compliance reasons<\/h3>\n\n\n\n
                      \n
                    • Minimize accidental exposure:<\/strong> Explicit control over public IP assignment reduces risk.<\/li>\n
                    • Policy enforcement:<\/strong> IAM policies restrict who can create and attach public IPs.<\/li>\n
                    • Governance:<\/strong> Tagging supports ownership, cost allocation, and compliance reporting.<\/li>\n<\/ul>\n\n\n\n

                      Scalability\/performance reasons<\/h3>\n\n\n\n

                      IP Management itself doesn\u2019t \u201cscale throughput,\u201d but it enables scalable architectures by ensuring:<\/p>\n\n\n\n

                        \n
                      • Load balancers maintain stable IPs for clients.<\/li>\n
                      • Blue\/green and canary patterns don\u2019t require frequent public endpoint changes.<\/li>\n
                      • Egress controls (NAT or egress gateways) keep consistent outbound IPs for allowlisting.<\/li>\n<\/ul>\n\n\n\n

                        When teams should choose it<\/h3>\n\n\n\n

                        Choose OCI IP Management patterns when you need:<\/p>\n\n\n\n

                          \n
                        • A fixed inbound IP<\/strong> for an API, webhook receiver, VPN endpoint, or load balancer.<\/li>\n
                        • Stable outbound IP identity<\/strong> for SaaS allowlisting (often via NAT or controlled egress).<\/li>\n
                        • A repeatable operational process<\/strong> for allocating and assigning public IPs.<\/li>\n<\/ul>\n\n\n\n

                          When they should not choose it<\/h3>\n\n\n\n

                          Avoid building designs that depend on frequently reassigning IPs if:<\/p>\n\n\n\n

                            \n
                          • You can use DNS-based<\/strong> approaches (CNAME to managed endpoints) and tolerate TTL.<\/li>\n
                          • You can front services with a load balancer<\/strong> and keep the endpoint stable there.<\/li>\n
                          • You need full enterprise IPAM features (IP planning, DHCP\/DNS automation across hybrid). In that case, consider integrating OCI with a dedicated IPAM system.<\/li>\n<\/ul>\n\n\n\n
                            \n\n\n\n

                            4. Where is IP Management used?<\/h2>\n\n\n\n

                            Industries<\/h3>\n\n\n\n
                              \n
                            • Financial services:<\/strong> Strict allowlisting, controlled change processes, audit needs<\/li>\n
                            • Healthcare:<\/strong> Regulated environments, controlled exposure, stable endpoints<\/li>\n
                            • SaaS \/ ISVs:<\/strong> Customer allowlists, stable API ingress, predictable outbound identity<\/li>\n
                            • Retail and e-commerce:<\/strong> Reliable public endpoints for storefronts and integrations<\/li>\n
                            • Manufacturing \/ IoT:<\/strong> Device gateways, VPN endpoints, stable ingestion endpoints<\/li>\n<\/ul>\n\n\n\n

                              Team types<\/h3>\n\n\n\n
                                \n
                              • Cloud\/platform engineering teams<\/li>\n
                              • Network engineering and NetSec teams<\/li>\n
                              • DevOps\/SRE teams managing production endpoints<\/li>\n
                              • Application teams owning internet-facing APIs<\/li>\n
                              • Governance\/risk\/compliance teams needing evidence and control<\/li>\n<\/ul>\n\n\n\n

                                Workloads<\/h3>\n\n\n\n
                                  \n
                                • Internet-facing APIs and web apps<\/li>\n
                                • VPN gateways and network appliances<\/li>\n
                                • Bastion access patterns (though OCI Bastion service may reduce direct public exposure)<\/li>\n
                                • Load-balanced microservices and ingress<\/li>\n
                                • Data ingestion endpoints, webhook handlers<\/li>\n<\/ul>\n\n\n\n

                                  Architectures<\/h3>\n\n\n\n
                                    \n
                                  • Public front door with WAF\/LB and private backends<\/li>\n
                                  • Hub-and-spoke VCNs where shared services own public IPs<\/li>\n
                                  • DR setups where public endpoints must remain consistent<\/li>\n
                                  • Hybrid where on-premises firewalls allowlist specific cloud IPs<\/li>\n<\/ul>\n\n\n\n

                                    Real-world deployment contexts<\/h3>\n\n\n\n
                                      \n
                                    • Production:<\/strong> Reserved public IPs are common for stable endpoints and change control.<\/li>\n
                                    • Dev\/test:<\/strong> Ephemeral public IPs can be acceptable, but still require governance to avoid accidental exposure and surprise costs.<\/li>\n<\/ul>\n\n\n\n
                                      \n\n\n\n

                                      5. Top Use Cases and Scenarios<\/h2>\n\n\n\n

                                      Below are realistic scenarios where OCI IP Management<\/strong> is a key enabling capability.<\/p>\n\n\n\n

                                      1) Stable public IP for a production API endpoint<\/h3>\n\n\n\n
                                        \n
                                      • Problem:<\/strong> Your public API\u2019s IP changes when you rebuild instances, breaking clients and DNS caches.<\/li>\n
                                      • Why IP Management fits:<\/strong> Reserve a public IP and attach it to the API endpoint\u2019s private IP or front it with a load balancer that uses reserved IPs (depending on service behavior).<\/li>\n
                                      • Example:<\/strong> api.example.com<\/code> must always resolve to the same IP for enterprise clients with strict allowlists.<\/li>\n<\/ul>\n\n\n\n

                                        2) Blue\/green cutover by reassigning a reserved public IP<\/h3>\n\n\n\n
                                          \n
                                        • Problem:<\/strong> You need a fast cutover between two backends without waiting for DNS TTL.<\/li>\n
                                        • Why it fits:<\/strong> A reserved public IP can be reassigned (within supported constraints) to shift inbound traffic.<\/li>\n
                                        • Example:<\/strong> Switch from green compute instance to blue instance during a release window.<\/li>\n<\/ul>\n\n\n\n

                                          3) Fixed inbound IP for webhook receivers<\/h3>\n\n\n\n
                                            \n
                                          • Problem:<\/strong> A partner SaaS only sends webhooks to allowlisted destination IPs.<\/li>\n
                                          • Why it fits:<\/strong> Reserve and maintain a stable public IP for the receiver endpoint.<\/li>\n
                                          • Example:<\/strong> Payment processor webhooks only to registered static IP.<\/li>\n<\/ul>\n\n\n\n

                                            4) Outbound allowlisting to third-party APIs (controlled egress identity)<\/h3>\n\n\n\n
                                              \n
                                            • Problem:<\/strong> A vendor only accepts requests from known source IPs.<\/li>\n
                                            • Why it fits:<\/strong> Use an architecture with controlled outbound IP (often via NAT or a dedicated egress path). IP Management helps you keep the outbound public IP stable.<\/li>\n
                                            • Example:<\/strong> Data pipeline calls a partner API from a known IP.<\/li>\n<\/ul>\n\n\n\n

                                              5) Public load balancer endpoint with predictable IPs<\/h3>\n\n\n\n
                                                \n
                                              • Problem:<\/strong> Clients require static IPs for a load-balanced service.<\/li>\n
                                              • Why it fits:<\/strong> Load balancers can provide stable front-door endpoints; in designs needing fixed IPs, IP Management is part of how you reserve and track them.<\/li>\n
                                              • Example:<\/strong> Enterprise customer firewall allowlists two IPs of your public load balancer.<\/li>\n<\/ul>\n\n\n\n

                                                6) Disaster recovery (DR) readiness with reserved IP inventory<\/h3>\n\n\n\n
                                                  \n
                                                • Problem:<\/strong> During failover, you must quickly restore services with known endpoints.<\/li>\n
                                                • Why it fits:<\/strong> Reserved public IPs (and documented assignment runbooks) simplify DR operations.<\/li>\n
                                                • Example:<\/strong> DR cutover playbook includes reassigning reserved IPs to standby resources.<\/li>\n<\/ul>\n\n\n\n

                                                  7) Compliance-driven public exposure control<\/h3>\n\n\n\n
                                                    \n
                                                  • Problem:<\/strong> Security policy requires approvals for any public IP assignment.<\/li>\n
                                                  • Why it fits:<\/strong> IP Management combined with IAM policies, compartments, and audit trails enforces controls.<\/li>\n
                                                  • Example:<\/strong> Only NetSec group can create\/attach public IPs in production compartments.<\/li>\n<\/ul>\n\n\n\n

                                                    8) BYOIP for brand\/registry ownership and reputation continuity<\/h3>\n\n\n\n
                                                      \n
                                                    • Problem:<\/strong> You need to use IP ranges you own (reputation, regulatory, routing control).<\/li>\n
                                                    • Why it fits:<\/strong> BYOIP (if supported for your tenancy\/region) allows using customer-owned address space.<\/li>\n
                                                    • Example:<\/strong> Maintain outbound email reputation tied to owned IP ranges (note: email sending has additional requirements; verify in docs).<\/li>\n<\/ul>\n\n\n\n

                                                      9) Stable \u201cjump host\u201d endpoint during migrations (short-lived but controlled)<\/h3>\n\n\n\n
                                                        \n
                                                      • Problem:<\/strong> Migration teams need a known entry point during a limited timeframe.<\/li>\n
                                                      • Why it fits:<\/strong> Reserved IP can remain stable across rebuilds; you can later release it.<\/li>\n
                                                      • Example:<\/strong> A bastion-style host with strict NSG rules and short TTL access.<\/li>\n<\/ul>\n\n\n\n

                                                        10) Shared services hub: centralized IP allocation and chargeback<\/h3>\n\n\n\n
                                                          \n
                                                        • Problem:<\/strong> Multiple app teams request public endpoints; IP usage becomes chaotic.<\/li>\n
                                                        • Why it fits:<\/strong> Central IP Management with tagging (CostCenter<\/code>, Owner<\/code>, App<\/code>) and compartment boundaries enables governance.<\/li>\n
                                                        • Example:<\/strong> Platform team manages a pool of reserved IPs and assigns them to approved services.<\/li>\n<\/ul>\n\n\n\n

                                                          11) M&A \/ integration: avoid renumbering during transitional connectivity<\/h3>\n\n\n\n
                                                            \n
                                                          • Problem:<\/strong> Integrations require stable IPs while network consolidation is in progress.<\/li>\n
                                                          • Why it fits:<\/strong> Reserved IPs provide a stable target even as backends move.<\/li>\n
                                                          • Example:<\/strong> Keep a stable inbound IP while moving workloads between VCNs via new load balancers.<\/li>\n<\/ul>\n\n\n\n

                                                            12) Security tooling integrations (SIEM\/SOAR callbacks)<\/h3>\n\n\n\n
                                                              \n
                                                            • Problem:<\/strong> External security tooling needs a fixed callback target.<\/li>\n
                                                            • Why it fits:<\/strong> Stable public IP simplifies allowlisting and reduces operational churn.<\/li>\n
                                                            • Example:<\/strong> SOAR platform pushes alerts to your endpoint on a fixed IP.<\/li>\n<\/ul>\n\n\n\n
                                                              \n\n\n\n

                                                              6. Core Features<\/h2>\n\n\n\n

                                                              Because \u201cIP Management\u201d in OCI is a console grouping rather than a single isolated service, the \u201cfeatures\u201d below describe the practical capabilities you typically use.<\/p>\n\n\n\n

                                                              Feature 1: Reserved Public IP addresses<\/h3>\n\n\n\n
                                                                \n
                                                              • What it does:<\/strong> Allocates a public IPv4 address that stays in your tenancy until you explicitly release it.<\/li>\n
                                                              • Why it matters:<\/strong> Prevents endpoint changes during rebuilds and supports consistent allowlisting.<\/li>\n
                                                              • Practical benefit:<\/strong> Stable DNS A record targets and consistent firewall rules.<\/li>\n
                                                              • Limitations\/caveats:<\/strong><\/li>\n
                                                              • Availability and limits depend on OCI quotas and IPv4 availability in your region.<\/li>\n
                                                              • Costs may apply for public IPv4 usage (verify current OCI pricing).<\/li>\n<\/ul>\n\n\n\n

                                                                Feature 2: Ephemeral Public IP addresses<\/h3>\n\n\n\n
                                                                  \n
                                                                • What it does:<\/strong> Provides a public IP that may be automatically assigned and later released depending on resource lifecycle.<\/li>\n
                                                                • Why it matters:<\/strong> Useful for non-production or short-lived needs.<\/li>\n
                                                                • Practical benefit:<\/strong> Faster provisioning with fewer administrative steps.<\/li>\n
                                                                • Limitations\/caveats:<\/strong><\/li>\n
                                                                • IP may change on rebuild\/terminate; don\u2019t rely on it for allowlists.<\/li>\n
                                                                • Governance risk if teams accidentally expose services publicly.<\/li>\n<\/ul>\n\n\n\n

                                                                  Feature 3: Assigning a public IP to a private IP<\/h3>\n\n\n\n
                                                                    \n
                                                                  • What it does:<\/strong> Maps a public IP to a private IP<\/strong> on a VNIC (the private IP is what the instance\/service actually uses inside the VCN).<\/li>\n
                                                                  • Why it matters:<\/strong> Public reachability is controlled centrally and explicitly.<\/li>\n
                                                                  • Practical benefit:<\/strong> You can move the public endpoint without changing private addressing.<\/li>\n
                                                                  • Limitations\/caveats:<\/strong><\/li>\n
                                                                  • Association rules vary by resource type (compute vs LB vs other services). Verify specifics per service.<\/li>\n<\/ul>\n\n\n\n

                                                                    Feature 4: Unassigning\/reassigning public IPs (lifecycle management)<\/h3>\n\n\n\n
                                                                      \n
                                                                    • What it does:<\/strong> Detaches a reserved public IP from one private IP and attaches to another (where supported).<\/li>\n
                                                                    • Why it matters:<\/strong> Enables operational patterns such as fast cutover, controlled migrations, and incident mitigation.<\/li>\n
                                                                    • Practical benefit:<\/strong> Reduce reliance on DNS TTL changes during urgent events.<\/li>\n
                                                                    • Limitations\/caveats:<\/strong><\/li>\n
                                                                    • Not all reassignment patterns are supported for all services; verify before designing HA around it.<\/li>\n<\/ul>\n\n\n\n

                                                                      Feature 5: Secondary private IPs on VNICs (where supported)<\/h3>\n\n\n\n
                                                                        \n
                                                                      • What it does:<\/strong> Adds additional private IPs to a VNIC.<\/li>\n
                                                                      • Why it matters:<\/strong> Supports multi-IP workloads, virtual appliances, and some HA patterns.<\/li>\n
                                                                      • Practical benefit:<\/strong> Separate services can bind to different IPs on the same interface.<\/li>\n
                                                                      • Limitations\/caveats:<\/strong><\/li>\n
                                                                      • Limits apply per VNIC\/subnet; verify in OCI service limits.<\/li>\n
                                                                      • Application\/OS configuration must bind to the secondary IP.<\/li>\n<\/ul>\n\n\n\n

                                                                        Feature 6: Compartment-based governance<\/h3>\n\n\n\n
                                                                          \n
                                                                        • What it does:<\/strong> Places IP resources in compartments and controls access through IAM policies.<\/li>\n
                                                                        • Why it matters:<\/strong> Reduces blast radius and supports separation between environments\/teams.<\/li>\n
                                                                        • Practical benefit:<\/strong> Platform team can control production IP assignment tightly.<\/li>\n
                                                                        • Limitations\/caveats:<\/strong><\/li>\n
                                                                        • Poor compartment design leads to policy sprawl; plan hierarchy carefully.<\/li>\n<\/ul>\n\n\n\n

                                                                          Feature 7: Tagging (defined and free-form tags)<\/h3>\n\n\n\n
                                                                            \n
                                                                          • What it does:<\/strong> Adds metadata for cost allocation, ownership, and automation.<\/li>\n
                                                                          • Why it matters:<\/strong> Public IPs are scarce and sometimes chargeable\u2014tags help manage them responsibly.<\/li>\n
                                                                          • Practical benefit:<\/strong> Reports like \u201cunused reserved public IPs by owner.\u201d<\/li>\n
                                                                          • Limitations\/caveats:<\/strong><\/li>\n
                                                                          • Tag governance requires discipline and possibly Tag Defaults.<\/li>\n<\/ul>\n\n\n\n

                                                                            Feature 8: API\/CLI\/SDK automation<\/h3>\n\n\n\n
                                                                              \n
                                                                            • What it does:<\/strong> Manages public\/private IP resources programmatically.<\/li>\n
                                                                            • Why it matters:<\/strong> Enables repeatable IaC workflows and reduces manual mistakes.<\/li>\n
                                                                            • Practical benefit:<\/strong> CI\/CD can allocate and bind IPs during deployments with approvals.<\/li>\n
                                                                            • Limitations\/caveats:<\/strong><\/li>\n
                                                                            • Requires careful IAM and audit controls to prevent automation misuse.<\/li>\n<\/ul>\n\n\n\n

                                                                              Feature 9: Auditability with OCI Audit<\/h3>\n\n\n\n
                                                                                \n
                                                                              • What it does:<\/strong> Records control-plane events (create\/update\/delete\/attach) for IP resources.<\/li>\n
                                                                              • Why it matters:<\/strong> Helps with investigations and compliance reporting.<\/li>\n
                                                                              • Practical benefit:<\/strong> Trace who reassigned a production IP and when.<\/li>\n
                                                                              • Limitations\/caveats:<\/strong><\/li>\n
                                                                              • Audit retention and access should be reviewed for compliance needs.<\/li>\n<\/ul>\n\n\n\n

                                                                                Feature 10: BYOIP (Bring Your Own IP) (advanced, if enabled)<\/h3>\n\n\n\n
                                                                                  \n
                                                                                • What it does:<\/strong> Allows you to use IP ranges you own within OCI (subject to OCI support and validation).<\/li>\n
                                                                                • Why it matters:<\/strong> Reputation continuity, regulatory, routing control, IP ownership.<\/li>\n
                                                                                • Practical benefit:<\/strong> Maintain consistent IP identity across providers or migrations.<\/li>\n
                                                                                • Limitations\/caveats:<\/strong><\/li>\n
                                                                                • Requires ownership validation and has operational\/routing requirements.<\/li>\n
                                                                                • Not all accounts\/regions are eligible; verify in official docs.<\/li>\n<\/ul>\n\n\n\n
                                                                                  \n\n\n\n

                                                                                  7. Architecture and How It Works<\/h2>\n\n\n\n

                                                                                  High-level architecture<\/h3>\n\n\n\n

                                                                                  OCI IP Management is primarily control-plane orchestration<\/strong> over networking address objects:<\/p>\n\n\n\n

                                                                                    \n
                                                                                  1. You create a Reserved Public IP<\/strong> in a compartment.<\/li>\n
                                                                                  2. You identify the Private IP<\/strong> on a VNIC that should be internet-reachable.<\/li>\n
                                                                                  3. You associate (assign) the reserved public IP to that private IP.<\/li>\n
                                                                                  4. Routing and security controls (route tables, security lists\/NSGs, gateways) determine whether traffic can actually reach the workload.<\/li>\n<\/ol>\n\n\n\n

                                                                                    Request\/data\/control flow<\/h3>\n\n\n\n
                                                                                      \n
                                                                                    • Control plane:<\/strong> You (or automation) calls OCI APIs (Console\/CLI\/SDK) to create and attach IP resources.<\/li>\n
                                                                                    • Data plane:<\/strong> Internet traffic to the public IP is routed by OCI to the mapped private IP, then enforced by:<\/li>\n
                                                                                    • Subnet routing (IGW\/NAT\/SGW as appropriate)<\/li>\n
                                                                                    • Security lists and\/or NSGs<\/li>\n
                                                                                    • Host firewall and application listeners<\/li>\n<\/ul>\n\n\n\n

                                                                                      Integrations with related services<\/h3>\n\n\n\n

                                                                                      Common integrations in the Networking, Edge, and Connectivity<\/strong> ecosystem:<\/p>\n\n\n\n

                                                                                        \n
                                                                                      • VCN\/Subnets\/Route tables:<\/strong> Determine reachability.<\/li>\n
                                                                                      • Internet Gateway (IGW):<\/strong> Required for inbound internet traffic to public subnets.<\/li>\n
                                                                                      • NAT Gateway:<\/strong> Common for stable outbound egress from private subnets (with NAT gateway\u2019s public IP behavior; verify details for your region and current OCI implementation).<\/li>\n
                                                                                      • Load Balancer \/ Network Load Balancer:<\/strong> Often the correct way to present stable public endpoints at scale.<\/li>\n
                                                                                      • DNS (OCI DNS or external):<\/strong> Typically maps hostnames to public IPs.<\/li>\n
                                                                                      • OCI Bastion:<\/strong> Preferred over permanently exposing SSH\/RDP publicly (reduces need for public IP on instances).<\/li>\n
                                                                                      • IAM + Audit + Logging:<\/strong> Governance and traceability.<\/li>\n<\/ul>\n\n\n\n

                                                                                        Dependency services<\/h3>\n\n\n\n

                                                                                        You usually need:<\/p>\n\n\n\n

                                                                                          \n
                                                                                        • A VCN<\/strong> and subnet<\/strong><\/li>\n
                                                                                        • A target resource with a VNIC and private IP<\/strong> (compute instance, LB, etc.)<\/li>\n
                                                                                        • Network path and controls: IGW<\/strong>, route tables, security lists\/NSGs<\/li>\n<\/ul>\n\n\n\n

                                                                                          Security\/authentication model<\/h3>\n\n\n\n
                                                                                            \n
                                                                                          • Authentication is via OCI IAM<\/strong> (users, groups, dynamic groups, instance principals).<\/li>\n
                                                                                          • Authorization is via IAM policies<\/strong> granting rights to public-ips<\/code> (and related networking resources).<\/li>\n
                                                                                          • All changes are captured in OCI Audit<\/strong>.<\/li>\n<\/ul>\n\n\n\n

                                                                                            Networking model<\/h3>\n\n\n\n

                                                                                            OCI networking is VCN-based. A public IP is not \u201cattached to the instance\u201d directly; it is associated to a private IP object<\/strong>, which is associated to a VNIC in a subnet.<\/p>\n\n\n\n

                                                                                            Monitoring\/logging\/governance<\/h3>\n\n\n\n
                                                                                              \n
                                                                                            • Audit logs<\/strong> show control-plane changes (who allocated\/assigned an IP).<\/li>\n
                                                                                            • VCN flow logs<\/strong> (if enabled) and service logs<\/strong> can help troubleshoot traffic.<\/li>\n
                                                                                            • Tagging<\/strong> is critical for governance and cost controls.<\/li>\n<\/ul>\n\n\n\n

                                                                                              Simple architecture diagram (Mermaid)<\/h3>\n\n\n\n
                                                                                              flowchart LR\n  User[Admin \/ CI Pipeline] -->|Console \/ CLI \/ API| OCI[OCI Control Plane]\n  OCI -->|Create Reserved Public IP| PubIP[(Reserved Public IP)]\n  OCI -->|Associate to| PrivIP[(Private IP on VNIC)]\n  Internet((Internet)) -->|Traffic to Public IP| PubIP\n  PubIP --> PrivIP --> App[Compute Instance \/ Service]\n<\/code><\/pre>\n\n\n\n
                                                                                              Production-style architecture diagram (Mermaid)<\/h3>\n\n\n\n
                                                                                              This example shows a common production pattern: stable public entry via a managed front door, private backends, and controlled administration of public IPs.<\/p>\n\n\n\n
                                                                                              flowchart TB\n  subgraph Internet\n    C[Clients]\n  end\n\n  subgraph OCI_Region[OCI Region]\n    subgraph Edge[Edge \/ Public Zone]\n      WAF[WAF or Edge Policy\\n(optional, verify service availability)]\n      LB[Public Load Balancer \/ NLB\\nwith Stable Public Endpoint]\n      IPM[IP Management\\n(Reserved Public IP inventory)]\n    end\n\n    subgraph VCN[VCN]\n      subgraph PublicSubnet[Public Subnet]\n        IGW[Internet Gateway]\n      end\n      subgraph PrivateSubnet[Private Subnet]\n        APP1[App VM\/Node 1\\nPrivate IP]\n        APP2[App VM\/Node 2\\nPrivate IP]\n        DB[(Database)]\n      end\n\n      NSG[NSGs \/ Security Lists]\n      RT[Route Tables]\n      AUD[Audit Logs]\n    end\n  end\n\n  C --> WAF --> LB\n  IPM --- LB\n  LB -->|Backend traffic| APP1\n  LB -->|Backend traffic| APP2\n  APP1 --> DB\n  APP2 --> DB\n\n  IGW --- LB\n  NSG --- APP1\n  NSG --- APP2\n  RT --- PublicSubnet\n  RT --- PrivateSubnet\n  AUD --- IPM\n<\/code><\/pre>\n\n\n\n
                                                                                              \n
                                                                                              Notes:\n– Whether a load balancer uses \u201creserved public IPs\u201d directly or exposes stable IPs through its own lifecycle depends on the OCI load balancer type and configuration\u2014verify the current behavior in OCI documentation for the specific load balancer service you use.\n– WAF integration varies by OCI service offerings and region; verify in official docs.<\/p>\n<\/blockquote>\n\n\n\n
                                                                                              \n\n\n\n
                                                                                              8. Prerequisites<\/h2>\n\n\n\n
                                                                                              Tenancy\/account requirements<\/h3>\n\n\n\n
                                                                                                \n
                                                                                              • An active Oracle Cloud (OCI) tenancy<\/strong><\/li>\n
                                                                                              • Access to the OCI Console<\/strong> and\/or ability to use OCI CLI<\/strong><\/li>\n
                                                                                              • A compartment structure where you can create networking resources<\/li>\n<\/ul>\n\n\n\n
                                                                                                Permissions \/ IAM policies<\/h3>\n\n\n\n
                                                                                                You need permissions to manage:\n– VCN, subnets, route tables, gateways (as applicable)\n– Public IPs\n– Compute instance networking (if you\u2019ll attach to an instance)<\/p>\n\n\n\n
                                                                                                Typical IAM policy patterns (examples; adjust to your org). Verify exact resource names and policy grammar in OCI IAM docs<\/strong>:<\/p>\n\n\n\n
                                                                                                  \n
                                                                                                • Allow network admins to manage public IPs:<\/li>\n
                                                                                                • Allow group NetworkAdmins to manage public-ips in compartment <compartment-name><\/code><\/li>\n
                                                                                                • Allow app team to use, but not broadly manage networking (principle of least privilege):<\/li>\n
                                                                                                • Might involve permissions to read networking and to use specific resources.<\/li>\n<\/ul>\n\n\n\n
                                                                                                  Billing requirements<\/h3>\n\n\n\n
                                                                                                    \n
                                                                                                  • Some public IP usage may incur charges depending on OCI\u2019s current pricing and your contract.<\/li>\n
                                                                                                  • Ensure your account has billing enabled if required.<\/li>\n<\/ul>\n\n\n\n
                                                                                                    Tools needed<\/h3>\n\n\n\n
                                                                                                      \n
                                                                                                    • OCI Console<\/strong> (web)<\/li>\n
                                                                                                    • Optional but recommended:<\/li>\n
                                                                                                    • OCI CLI<\/strong>: https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/API\/Concepts\/cliconcepts.htm (verify URL if Oracle reorganizes docs)<\/li>\n
                                                                                                    • A shell environment (Cloud Shell or local terminal)<\/li>\n
                                                                                                    • ssh<\/code> client (if you launch a compute instance)<\/li>\n<\/ul>\n\n\n\n
                                                                                                      Region availability<\/h3>\n\n\n\n
                                                                                                        \n
                                                                                                      • IP Management basics (public IPs) are broadly available, but quotas and features vary by region.<\/li>\n
                                                                                                      • BYOIP<\/strong> and certain edge integrations may be region- or account-dependent. Verify in official docs.<\/li>\n<\/ul>\n\n\n\n
                                                                                                        Quotas\/limits to check<\/h3>\n\n\n\n
                                                                                                        Before designing or running the lab, check:\n– Public IP address limits per region\/compartment\n– VNIC and private IP limits per instance type\n– Any tenancy-wide IPv4 constraints<\/p>\n\n\n\n
                                                                                                        Prerequisite services for the lab<\/h3>\n\n\n\n
                                                                                                          \n
                                                                                                        • VCN (or use the VCN Wizard)<\/li>\n
                                                                                                        • Compute instance (for a simple demonstration)<\/li>\n
                                                                                                        • Internet Gateway and route rule (for public access)<\/li>\n<\/ul>\n\n\n\n
                                                                                                          \n\n\n\n
                                                                                                          9. Pricing \/ Cost<\/h2>\n\n\n\n
                                                                                                          Pricing model (how costs usually work)<\/h3>\n\n\n\n
                                                                                                          OCI IP Management as an administrative capability is not typically billed as a standalone \u201cservice.\u201d Costs generally come from the underlying billable resources, commonly:<\/p>\n\n\n\n
                                                                                                            \n
                                                                                                          • Public IPv4 addresses<\/strong> (reserved and\/or in-use): pricing and billing dimensions may vary by region and over time.<\/li>\n
                                                                                                          • Network egress (data transfer out)<\/strong>: often a major cost driver for internet-facing services.<\/li>\n
                                                                                                          • Load balancers, NAT gateways, compute instances<\/strong>: if used as part of your design.<\/li>\n<\/ul>\n\n\n\n
                                                                                                            Because pricing changes and depends on region and contract, do not rely on static numbers<\/strong>. Use official sources:<\/p>\n\n\n\n
                                                                                                              \n
                                                                                                            • OCI Pricing page: https:\/\/www.oracle.com\/cloud\/pricing\/<\/li>\n
                                                                                                            • OCI Cost Estimator: https:\/\/www.oracle.com\/cloud\/costestimator.html (verify if Oracle changes URL)<\/li>\n<\/ul>\n\n\n\n
                                                                                                              Pricing dimensions to understand<\/h3>\n\n\n\n
                                                                                                              When estimating IP-related costs, consider:<\/p>\n\n\n\n
                                                                                                                \n
                                                                                                              1. \n
                                                                                                                Public IPv4 allocation<\/strong>\n   – Are you charged per public IPv4 per hour\/month<\/strong>?\n   – Is the rate different for reserved but unassigned<\/strong> IPs?\n   – Are ephemeral IPs charged differently than reserved?\n   – Verify in official pricing<\/strong> for \u201cPublic IP\u201d or \u201cIP address\u201d billing items.<\/p>\n<\/li>\n
                                                                                                              2. \n
                                                                                                                Data transfer<\/strong>\n   – Internet egress can be charged by GB.\n   – Cross-region and interconnect egress may also apply depending on architecture.<\/p>\n<\/li>\n
                                                                                                              3. \n
                                                                                                                Supporting services<\/strong>\n   – Load balancers<\/strong>: billed by shape\/capacity and data processed (varies by LB type).\n   – NAT gateways<\/strong>: may have hourly and data processing charges (verify current pricing).\n   – Compute<\/strong>: instance cost is often larger than the IP cost in labs, but in production IP inventory can be meaningful.<\/p>\n<\/li>\n<\/ol>\n\n\n\n
                                                                                                                Free tier considerations<\/h3>\n\n\n\n
                                                                                                                Oracle Cloud has a Free Tier program, but whether public IP-related charges are included or excluded depends on current terms and specific SKUs. Verify Free Tier eligibility and current limits<\/strong>:\n– https:\/\/www.oracle.com\/cloud\/free\/<\/p>\n\n\n\n
                                                                                                                Cost drivers (common)<\/h3>\n\n\n\n
                                                                                                                  \n
                                                                                                                • Keeping many reserved public IPs<\/strong> allocated but unused<\/li>\n
                                                                                                                • Scaling out many public endpoints instead of using a shared front door (LB\/API gateway)<\/li>\n
                                                                                                                • High internet egress (downloads, media, APIs with large responses)<\/li>\n
                                                                                                                • Long-lived \u201ctemporary\u201d environments that never get cleaned up<\/li>\n<\/ul>\n\n\n\n
                                                                                                                  Hidden or indirect costs<\/h3>\n\n\n\n
                                                                                                                    \n
                                                                                                                  • Operational cost<\/strong>: mismanaged IPs lead to outages and incident time.<\/li>\n
                                                                                                                  • Security cost<\/strong>: accidental public exposure can trigger incident response and compliance remediation.<\/li>\n
                                                                                                                  • Reputation cost<\/strong>: changing IPs can affect allowlists and integrations.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                    How to optimize cost<\/h3>\n\n\n\n
                                                                                                                      \n
                                                                                                                    • Prefer load balancers<\/strong> or managed front doors rather than many public IPs on instances.<\/li>\n
                                                                                                                    • Use OCI Bastion<\/strong> instead of exposing SSH\/RDP on public IPs (where feasible).<\/li>\n
                                                                                                                    • Implement tag-based reporting to identify:<\/li>\n
                                                                                                                    • Unused reserved public IPs<\/li>\n
                                                                                                                    • IPs without owners<\/li>\n
                                                                                                                    • IPs in non-production compartments that should be released<\/li>\n
                                                                                                                    • Automate cleanup in dev\/test.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                      Example low-cost starter estimate (no fabricated numbers)<\/h3>\n\n\n\n
                                                                                                                      A low-cost lab typically uses:\n– 1 small compute instance\n– 1 VCN with 1 public subnet\n– 1 reserved public IP for a short time<\/p>\n\n\n\n
                                                                                                                      The cost depends on:\n– Whether your compute instance is always-free eligible\n– Whether public IPv4 addresses are billed in your region\n– How long you keep the reserved IP allocated\n– Egress traffic you generate (keep it minimal)<\/p>\n\n\n\n
                                                                                                                      Use the OCI Cost Estimator and select your region to produce an accurate estimate.<\/p>\n\n\n\n
                                                                                                                      Example production cost considerations<\/h3>\n\n\n\n
                                                                                                                      In production, costs can rise due to:\n– Multiple environments each keeping pools of reserved IPs\n– Multiple public load balancers with fixed endpoints\n– Significant egress traffic\n– Multi-region designs duplicating endpoints<\/p>\n\n\n\n
                                                                                                                      A good practice is to maintain an \u201cIP budget\u201d (count and cost) per environment and enforce it with quotas and governance.<\/p>\n\n\n\n
                                                                                                                      \n\n\n\n
                                                                                                                      10. Step-by-Step Hands-On Tutorial<\/h2>\n\n\n\n
                                                                                                                      Objective<\/h3>\n\n\n\n
                                                                                                                      Create and manage a Reserved Public IP<\/strong> using OCI IP Management<\/strong>, attach it to a compute instance<\/strong>, verify connectivity, then safely clean up to avoid ongoing charges.<\/p>\n\n\n\n
                                                                                                                      Lab Overview<\/h3>\n\n\n\n
                                                                                                                      You will:<\/p>\n\n\n\n
                                                                                                                        \n
                                                                                                                      1. Create a VCN with a public subnet (using the VCN Wizard).<\/li>\n
                                                                                                                      2. Launch a small compute instance in the public subnet.<\/li>\n
                                                                                                                      3. Allocate a Reserved Public IP in IP Management<\/strong>.<\/li>\n
                                                                                                                      4. Associate the Reserved Public IP to the instance\u2019s private IP.<\/li>\n
                                                                                                                      5. Validate the public endpoint.<\/li>\n
                                                                                                                      6. Troubleshoot common issues.<\/li>\n
                                                                                                                      7. Clean up (release IP and delete resources).<\/li>\n<\/ol>\n\n\n\n
                                                                                                                        This lab is designed to be beginner-friendly<\/strong> and low-risk<\/strong>. Costs depend on region and pricing for public IPs\u2014keep the lab short and clean up afterward.<\/p>\n\n\n\n
                                                                                                                        \n\n\n\n
                                                                                                                        Step 1: Create a compartment (optional but recommended)<\/h3>\n\n\n\n
                                                                                                                        Console steps<\/strong>\n1. Open the OCI Console.\n2. Go to Identity & Security<\/strong> \u2192 Compartments<\/strong>.\n3. Create a compartment such as:\n   – Name: lab-ip-management<\/code>\n   – Description: IP Management lab resources<\/code><\/p>\n\n\n\n
                                                                                                                        Expected outcome<\/strong>\n– A dedicated compartment for isolation and easy cleanup.<\/p>\n\n\n\n
                                                                                                                        \n\n\n\n
                                                                                                                        Step 2: Create a VCN with internet connectivity<\/h3>\n\n\n\n
                                                                                                                        Use the VCN Wizard so you don\u2019t miss routing or gateways.<\/p>\n\n\n\n
                                                                                                                        Console steps<\/strong>\n1. Navigate to Networking<\/strong> \u2192 Virtual Cloud Networks<\/strong>.\n2. Select the compartment lab-ip-management<\/code>.\n3. Click Start VCN Wizard<\/strong>.\n4. Choose VCN with Internet Connectivity<\/strong> (wording may vary slightly).\n5. Enter:\n   – VCN name: vcn-ipm-lab<\/code>\n   – CIDR: accept default (for example, 10.0.0.0\/16<\/code>) or choose your own\n   – Public subnet: accept defaults<\/p>\n\n\n\n
                                                                                                                          \n
                                                                                                                        1. Create the VCN.<\/li>\n<\/ol>\n\n\n\n
                                                                                                                          Expected outcome<\/strong>\n– A VCN with:\n  – 1 public subnet\n  – Internet Gateway (IGW)\n  – Route table with default route to IGW\n  – Security list allowing basic traffic (review rules carefully)<\/p>\n\n\n\n
                                                                                                                          Verification<\/strong>\n– In the VCN details, confirm an Internet Gateway<\/strong> exists and is enabled.\n– Confirm the public subnet route table contains a route rule to the IGW (0.0.0.0\/0).<\/p>\n\n\n\n
                                                                                                                          \n\n\n\n
                                                                                                                          Step 3: Launch a compute instance in the public subnet<\/h3>\n\n\n\n
                                                                                                                          Console steps<\/strong>\n1. Go to Compute<\/strong> \u2192 Instances<\/strong> \u2192 Create instance<\/strong>.\n2. Choose:\n   – Name: vm-ipm-lab<\/code>\n   – Compartment: lab-ip-management<\/code>\n   – Placement: choose an Availability Domain (if prompted)\n   – Image: Oracle Linux (or another supported image)\n   – Shape: choose a small\/low-cost shape (and Always Free eligible if available)\n3. Under networking:\n   – Select VCN: vcn-ipm-lab<\/code>\n   – Select public subnet created by the wizard\n   – Ensure Assign a public IPv4 address<\/strong> is enabled (this may assign an ephemeral public IP initially)<\/p>\n\n\n\n
                                                                                                                            \n
                                                                                                                          1. Create SSH keys or upload your public key.<\/li>\n
                                                                                                                          2. Create the instance and wait until it is Running<\/strong>.<\/li>\n<\/ol>\n\n\n\n
                                                                                                                            Expected outcome<\/strong>\n– Instance is running and has:\n  – A private IP in the public subnet\n  – Possibly an ephemeral public IP<\/strong> assigned automatically<\/p>\n\n\n\n
                                                                                                                            Verification<\/strong>\n– Open the instance details page and note:\n  – Public IP (if present)\n  – Private IP\n– Try SSH (if port 22 is allowed and you configured keys):\n  bash\n  ssh -i \/path\/to\/private_key opc@<public-ip><\/code><\/p>\n\n\n\n
                                                                                                                            \n
                                                                                                                            Security note: If SSH is open to the internet, restrict the source CIDR to your IP only. Prefer OCI Bastion for production.<\/p>\n<\/blockquote>\n\n\n\n
                                                                                                                            \n\n\n\n
                                                                                                                            Step 4: Allocate a Reserved Public IP (IP Management)<\/h3>\n\n\n\n
                                                                                                                            Now you will create a public IP that persists until you release it.<\/p>\n\n\n\n
                                                                                                                            Console steps<\/strong>\n1. Go to Networking<\/strong> \u2192 IP Management<\/strong> (menu naming may vary by Console version).\n2. Find Public IPs<\/strong> (or Reserved Public IPs<\/strong>).\n3. Click Create reserved public IP<\/strong>.\n4. Choose:\n   – Compartment: lab-ip-management<\/code>\n   – Name: ipm-lab-reserved-ip<\/code>\n   – (Optional) Tags: Owner=yourname<\/code>, Env=Lab<\/code><\/p>\n\n\n\n
                                                                                                                              \n
                                                                                                                            1. Create it.<\/li>\n<\/ol>\n\n\n\n
                                                                                                                              Expected outcome<\/strong>\n– A Reserved Public IP<\/strong> resource exists in your compartment.\n– Its lifecycle state should show as available\/allocated (wording varies).<\/p>\n\n\n\n
                                                                                                                              Verification<\/strong>\n– In the public IP list, ensure ipm-lab-reserved-ip<\/code> exists and note the IP address and OCID.<\/p>\n\n\n\n
                                                                                                                              \n\n\n\n
                                                                                                                              Step 5: Associate the Reserved Public IP with the instance private IP<\/h3>\n\n\n\n
                                                                                                                              In OCI, a public IP is associated with a private IP<\/strong> object.<\/p>\n\n\n\n
                                                                                                                              Console steps<\/strong>\n1. Go to your instance vm-ipm-lab<\/code>.\n2. Open Attached VNICs<\/strong> \u2192 click the primary VNIC.\n3. Click the Private IP address<\/strong> entry (primary private IP).\n4. Look for an option like Assign public IP<\/strong> \/ Edit<\/strong> \/ Associate public IP<\/strong> (Console wording can differ).\n5. Choose Reserved public IP<\/strong> and select ipm-lab-reserved-ip<\/code>.\n6. Save\/confirm.<\/p>\n\n\n\n
                                                                                                                              Expected outcome<\/strong>\n– The instance is now reachable at the reserved<\/strong> public IP.\n– The original ephemeral public IP (if any) may be removed or replaced depending on OCI behavior for that resource\u2014verify in the instance networking details.<\/p>\n\n\n\n
                                                                                                                              Verification<\/strong>\n– From your machine:\n  bash\n  ssh -i \/path\/to\/private_key opc@<reserved-public-ip><\/code>\n– If you have a web server listening (optional), you can test:\n  bash\n  curl -I http:\/\/<reserved-public-ip><\/code><\/p>\n\n\n\n
                                                                                                                              \n\n\n\n
                                                                                                                              Step 6 (Optional): Perform the same actions with OCI CLI (automation view)<\/h3>\n\n\n\n
                                                                                                                              This step shows how IP Management can be automated.<\/p>\n\n\n\n
                                                                                                                              \n
                                                                                                                              If you use OCI Cloud Shell, OCI CLI is typically preinstalled. Otherwise, install and configure OCI CLI first.<\/p>\n<\/blockquote>\n\n\n\n
                                                                                                                              1) Set variables<\/strong><\/p>\n\n\n\n
                                                                                                                              export COMPARTMENT_OCID=\"<your_compartment_ocid>\"\nexport INSTANCE_OCID=\"<your_instance_ocid>\"\n<\/code><\/pre>\n\n\n\n
                                                                                                                              2) Find the VNIC and private IP<\/strong><\/p>\n\n\n\n
                                                                                                                              # List VNICs attached to the instance\noci compute instance list-vnics --instance-id \"$INSTANCE_OCID\"\n\n# Use the returned VNIC OCID:\nexport VNIC_OCID=\"<vnic_ocid>\"\n\n# List private IPs on the VNIC\noci network private-ip list --vnic-id \"$VNIC_OCID\"\n# Capture the primary private IP OCID:\nexport PRIVATE_IP_OCID=\"<private_ip_ocid>\"\n<\/code><\/pre>\n\n\n\n
                                                                                                                              3) Create a reserved public IP<\/strong><\/p>\n\n\n\n
                                                                                                                              oci network public-ip create \\\n  --compartment-id \"$COMPARTMENT_OCID\" \\\n  --lifetime RESERVED \\\n  --display-name \"ipm-lab-reserved-ip-cli\"\n<\/code><\/pre>\n\n\n\n
                                                                                                                              Capture the returned public IP OCID:<\/p>\n\n\n\n
                                                                                                                              export PUBLIC_IP_OCID=\"<public_ip_ocid>\"\n<\/code><\/pre>\n\n\n\n
                                                                                                                              4) Associate the reserved public IP to the private IP<\/strong>\nDepending on the CLI\/API model, you either create it already associated or update it. A common approach is updating the public IP with a private IP association:<\/p>\n\n\n\n
                                                                                                                              oci network public-ip update \\\n  --public-ip-id \"$PUBLIC_IP_OCID\" \\\n  --private-ip-id \"$PRIVATE_IP_OCID\"\n<\/code><\/pre>\n\n\n\n
                                                                                                                              Expected outcome<\/strong>\n– The reserved public IP is now mapped to the instance\u2019s private IP.<\/p>\n\n\n\n
                                                                                                                              Verification<\/strong><\/p>\n\n\n\n
                                                                                                                              oci network public-ip get --public-ip-id \"$PUBLIC_IP_OCID\"\n<\/code><\/pre>\n\n\n\n
                                                                                                                              \n
                                                                                                                              If CLI parameters differ in your CLI version, verify the current syntax with:\nbash\noci network public-ip --help<\/code><\/p>\n<\/blockquote>\n\n\n\n
                                                                                                                              \n\n\n\n
                                                                                                                              Validation<\/h3>\n\n\n\n
                                                                                                                              Use this checklist:<\/p>\n\n\n\n
                                                                                                                                \n
                                                                                                                              1. Public IP exists<\/strong> in Networking \u2192 IP Management \u2192 Public IPs.<\/li>\n
                                                                                                                              2. The public IP shows an association to the instance\u2019s private IP<\/strong> (where visible).<\/li>\n
                                                                                                                              3. You can reach the instance:\n   – SSH works (if enabled)\n   – Ping may be blocked (ICMP often restricted), so don\u2019t use ping as the only test<\/li>\n
                                                                                                                              4. Route table has 0.0.0.0\/0 \u2192 IGW<\/strong> for the public subnet.<\/li>\n
                                                                                                                              5. Security list \/ NSG allows required inbound port(s) from your source CIDR.<\/li>\n<\/ol>\n\n\n\n
                                                                                                                                \n\n\n\n
                                                                                                                                Troubleshooting<\/h3>\n\n\n\n
                                                                                                                                Issue: SSH times out to the reserved public IP<\/h4>\n\n\n\n
                                                                                                                                Common causes and fixes:\n– No IGW route:<\/strong> Ensure the public subnet route table has 0.0.0.0\/0 to the Internet Gateway.\n– Security list\/NSG blocks port 22:<\/strong> Add an ingress rule for TCP\/22 from your IP (not 0.0.0.0\/0 for production).\n– Host firewall blocks SSH:<\/strong> On Oracle Linux, confirm sshd<\/code> is running and firewall allows it.\n– Wrong username:<\/strong> Oracle Linux commonly uses opc<\/code>. Other images differ.<\/p>\n\n\n\n
                                                                                                                                Issue: Reserved public IP cannot be associated<\/h4>\n\n\n\n
                                                                                                                                  \n
                                                                                                                                • Ensure you have permission to manage public-ips<\/code> and read\/modify the relevant private IP.<\/li>\n
                                                                                                                                • Verify the private IP is eligible for association (some service-managed interfaces have constraints).<\/li>\n
                                                                                                                                • Check compartment boundaries (public IP and private IP operations might require permissions in both contexts).<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                  Issue: The instance still shows the old ephemeral IP<\/h4>\n\n\n\n
                                                                                                                                    \n
                                                                                                                                  • OCI behavior varies by resource type and workflow. Confirm which public IP is actually associated with the private IP you\u2019re targeting.<\/li>\n
                                                                                                                                  • Use the private IP details<\/strong> view to see the associated public IP.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                    Issue: You can connect, but application traffic fails (HTTP\/HTTPS)<\/h4>\n\n\n\n
                                                                                                                                      \n
                                                                                                                                    • Open the correct port in NSG\/security list (80\/443).<\/li>\n
                                                                                                                                    • Ensure the application listens on 0.0.0.0<\/code> (all interfaces) and the expected port.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                      \n\n\n\n
                                                                                                                                      Cleanup<\/h3>\n\n\n\n
                                                                                                                                      To avoid ongoing charges and reduce exposure, delete resources when done.<\/p>\n\n\n\n
                                                                                                                                      1) Unassign and release reserved public IPs<\/strong>\n– Go to Networking \u2192 IP Management \u2192 Public IPs<\/strong>\n– For each reserved IP you created:\n  – Unassign it (if required by Console workflow)\n  – Delete\/release it<\/p>\n\n\n\n
                                                                                                                                      2) Terminate the compute instance<\/strong>\n– Compute \u2192 Instances \u2192 vm-ipm-lab<\/code> \u2192 Terminate<\/strong>\n– Confirm termination<\/p>\n\n\n\n
                                                                                                                                      3) Delete the VCN<\/strong>\n– Networking \u2192 VCNs \u2192 vcn-ipm-lab<\/code> \u2192 Delete<\/strong>\n– The wizard-created VCN includes multiple dependent objects; OCI usually handles dependencies, but you may need to delete sub-resources first if prompted.<\/p>\n\n\n\n
                                                                                                                                      4) Delete the compartment (optional)<\/strong>\n– Only if it contains no resources.<\/p>\n\n\n\n
                                                                                                                                      \n\n\n\n
                                                                                                                                      11. Best Practices<\/h2>\n\n\n\n
                                                                                                                                      Architecture best practices<\/h3>\n\n\n\n
                                                                                                                                        \n
                                                                                                                                      • Use reserved public IPs<\/strong> for production endpoints that must not change.<\/li>\n
                                                                                                                                      • Prefer managed front doors<\/strong> (load balancers, API gateways, WAF where applicable) over public IPs on individual instances.<\/li>\n
                                                                                                                                      • Keep most workloads in private subnets<\/strong>; expose only the minimum required edge.<\/li>\n
                                                                                                                                      • Design for change<\/strong>: rebuild instances freely, keep endpoints stable via IP or LB.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                        IAM\/security best practices<\/h3>\n\n\n\n
                                                                                                                                          \n
                                                                                                                                        • Separate duties:<\/li>\n
                                                                                                                                        • Network team manages public IP allocation\/assignment.<\/li>\n
                                                                                                                                        • App teams consume endpoints but don\u2019t get broad manage<\/code> permissions.<\/li>\n
                                                                                                                                        • Use compartments:<\/li>\n
                                                                                                                                        • Prod-Network<\/code>, Prod-Apps<\/code>, NonProd<\/code>, etc.<\/li>\n
                                                                                                                                        • Use least privilege<\/strong> policies and prefer dynamic groups\/instance principals for automation.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                          Cost best practices<\/h3>\n\n\n\n
                                                                                                                                            \n
                                                                                                                                          • Track and review reserved IP inventory regularly.<\/li>\n
                                                                                                                                          • Use tags like:<\/li>\n
                                                                                                                                          • Owner<\/code>, CostCenter<\/code>, Environment<\/code>, ExpiryDate<\/code><\/li>\n
                                                                                                                                          • Automate cleanup of unused reserved IPs in non-production.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                            Performance best practices<\/h3>\n\n\n\n
                                                                                                                                              \n
                                                                                                                                            • IP Management doesn\u2019t tune throughput, but performance architectures benefit from:<\/li>\n
                                                                                                                                            • Load balancing instead of single-instance public endpoints<\/li>\n
                                                                                                                                            • Reduced hop count and correct subnet\/routing design<\/li>\n
                                                                                                                                            • Avoiding overuse of NAT instances (prefer managed gateways where appropriate)<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                              Reliability best practices<\/h3>\n\n\n\n
                                                                                                                                                \n
                                                                                                                                              • Avoid \u201csingle VM with public IP\u201d as your only production design.<\/li>\n
                                                                                                                                              • Put stable public endpoints on highly available services (LB\/NLB) where possible.<\/li>\n
                                                                                                                                              • Keep a documented runbook for:<\/li>\n
                                                                                                                                              • IP reassignment procedures (if used)<\/li>\n
                                                                                                                                              • DNS update procedures (TTL strategy)<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                Operations best practices<\/h3>\n\n\n\n
                                                                                                                                                  \n
                                                                                                                                                • Monitor:<\/li>\n
                                                                                                                                                • Audit events for IP changes<\/li>\n
                                                                                                                                                • Flow logs (if enabled) for traffic patterns<\/li>\n
                                                                                                                                                • Maintain an IP registry:<\/li>\n
                                                                                                                                                • At minimum: IP \u2192 owner \u2192 purpose \u2192 environment \u2192 expiration date<\/li>\n
                                                                                                                                                • Use IaC (Terraform for OCI is common) for repeatable networking baselines; keep manual exceptions minimal.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                  Governance\/tagging\/naming best practices<\/h3>\n\n\n\n
                                                                                                                                                    \n
                                                                                                                                                  • Naming convention examples:<\/li>\n
                                                                                                                                                  • pip-prod-api-01<\/code><\/li>\n
                                                                                                                                                  • pip-nonprod-webhook-01<\/code><\/li>\n
                                                                                                                                                  • Tagging convention examples:<\/li>\n
                                                                                                                                                  • Environment=Prod|NonProd<\/code><\/li>\n
                                                                                                                                                  • DataClassification=Public|Internal|Confidential<\/code><\/li>\n
                                                                                                                                                  • OwnerEmail=team@example.com<\/code><\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                    \n\n\n\n
                                                                                                                                                    12. Security Considerations<\/h2>\n\n\n\n
                                                                                                                                                    Identity and access model<\/h3>\n\n\n\n
                                                                                                                                                      \n
                                                                                                                                                    • Access is controlled through OCI IAM<\/strong> policies.<\/li>\n
                                                                                                                                                    • Key controls:<\/li>\n
                                                                                                                                                    • Who can create reserved public IPs?<\/li>\n
                                                                                                                                                    • Who can assign them to private IPs?<\/li>\n
                                                                                                                                                    • Who can list inventory across compartments?<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                      Encryption<\/h3>\n\n\n\n
                                                                                                                                                        \n
                                                                                                                                                      • IP addresses themselves are control-plane metadata; encryption considerations typically apply to:<\/li>\n
                                                                                                                                                      • Application traffic (TLS)<\/li>\n
                                                                                                                                                      • Secrets used by automation tools<\/li>\n
                                                                                                                                                      • Logs and audit storage<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                        Network exposure<\/h3>\n\n\n\n
                                                                                                                                                          \n
                                                                                                                                                        • A public IP makes a target reachable from the internet if routing and security rules permit<\/em>.<\/li>\n
                                                                                                                                                        • Reduce exposure by:<\/li>\n
                                                                                                                                                        • Restricting ingress CIDRs<\/li>\n
                                                                                                                                                        • Using NSGs to tightly scope rules<\/li>\n
                                                                                                                                                        • Avoiding public SSH\/RDP in production<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                          Secrets handling<\/h3>\n\n\n\n
                                                                                                                                                            \n
                                                                                                                                                          • If you automate IP assignment with CI\/CD, store OCI API keys\/secrets securely:<\/li>\n
                                                                                                                                                          • OCI Vault (where applicable)<\/li>\n
                                                                                                                                                          • Use instance principals\/dynamic groups when possible to avoid static keys<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                            Audit\/logging<\/h3>\n\n\n\n
                                                                                                                                                              \n
                                                                                                                                                            • Enable and monitor OCI Audit<\/strong> for:<\/li>\n
                                                                                                                                                            • Public IP create\/update\/delete<\/li>\n
                                                                                                                                                            • Changes to route tables\/IGW<\/li>\n
                                                                                                                                                            • Security list\/NSG changes<\/li>\n
                                                                                                                                                            • Consider alerting on:<\/li>\n
                                                                                                                                                            • Creation of public IPs in production<\/li>\n
                                                                                                                                                            • Attachment of public IPs to unexpected subnets\/resources<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                              Compliance considerations<\/h3>\n\n\n\n
                                                                                                                                                                \n
                                                                                                                                                              • Maintain evidence of:<\/li>\n
                                                                                                                                                              • Who approved public exposure<\/li>\n
                                                                                                                                                              • Which services use public IPs<\/li>\n
                                                                                                                                                              • Change history (audit logs)<\/li>\n
                                                                                                                                                              • Use tags and compartments to support compliance reporting and least privilege.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                Common security mistakes<\/h3>\n\n\n\n
                                                                                                                                                                  \n
                                                                                                                                                                • Leaving SSH open to the world (0.0.0.0\/0<\/code>)<\/li>\n
                                                                                                                                                                • Allocating many reserved IPs and forgetting them<\/li>\n
                                                                                                                                                                • No ownership tagging, leading to \u201cmystery endpoints\u201d<\/li>\n
                                                                                                                                                                • Treating ephemeral IPs as stable identifiers in allowlists<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                  Secure deployment recommendations<\/h3>\n\n\n\n
                                                                                                                                                                    \n
                                                                                                                                                                  • Put edge services behind managed front doors when feasible.<\/li>\n
                                                                                                                                                                  • Use OCI Bastion<\/strong> for administrative access rather than permanent public IPs on instances.<\/li>\n
                                                                                                                                                                  • Implement policy guardrails:<\/li>\n
                                                                                                                                                                  • Only allow public IP creation\/assignment in specific compartments.<\/li>\n
                                                                                                                                                                  • Require defined tags on public IP resources (tag enforcement where possible).<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                    \n\n\n\n
                                                                                                                                                                    13. Limitations and Gotchas<\/h2>\n\n\n\n
                                                                                                                                                                    Known limitations (common patterns)<\/h3>\n\n\n\n
                                                                                                                                                                      \n
                                                                                                                                                                    • Not a full enterprise IPAM:<\/strong> OCI IP Management is primarily public IP lifecycle management within OCI. For enterprise IP planning and hybrid IPAM, use dedicated tools and integrate.<\/li>\n
                                                                                                                                                                    • IPv4 scarcity:<\/strong> Public IPv4 is limited; quotas apply and may require requests.<\/li>\n
                                                                                                                                                                    • Resource constraints:<\/strong> Some managed services\/interfaces have constraints on how public IPs can be attached.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                      Quotas<\/h3>\n\n\n\n
                                                                                                                                                                        \n
                                                                                                                                                                      • Public IP quotas vary by tenancy and region. Check Service Limits<\/strong> in OCI.<\/li>\n
                                                                                                                                                                      • VNIC\/private IP limits vary by instance shape and OCI limits.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                        Regional constraints<\/h3>\n\n\n\n
                                                                                                                                                                          \n
                                                                                                                                                                        • Feature availability (including BYOIP) and quotas can differ by region.<\/li>\n
                                                                                                                                                                        • Always validate in the region where you deploy.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                          Pricing surprises<\/h3>\n\n\n\n
                                                                                                                                                                            \n
                                                                                                                                                                          • Reserved public IPs that remain allocated but unused can still cost (depending on current OCI pricing rules).<\/li>\n
                                                                                                                                                                          • Egress traffic typically costs more than the IP itself.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                            Compatibility issues<\/h3>\n\n\n\n
                                                                                                                                                                              \n
                                                                                                                                                                            • Some \u201cfloating IP\u201d HA patterns that work on-prem may not map 1:1 in cloud.<\/li>\n
                                                                                                                                                                            • Reassignment behaviors differ by resource type. Verify supported reassignment workflows before relying on them for HA.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                              Operational gotchas<\/h3>\n\n\n\n
                                                                                                                                                                                \n
                                                                                                                                                                              • Confusing \u201cpublic IP on the instance\u201d with \u201cpublic IP associated to private IP object.\u201d<\/li>\n
                                                                                                                                                                              • Updating DNS without accounting for TTL and client caching.<\/li>\n
                                                                                                                                                                              • Forgetting to update allowlists (partners\/customers) after changes.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                                Migration challenges<\/h3>\n\n\n\n
                                                                                                                                                                                  \n
                                                                                                                                                                                • Lifting-and-shifting systems that require fixed IPs for licensing or allowlists needs careful design.<\/li>\n
                                                                                                                                                                                • BYOIP migrations add complexity (validation, routing, governance).<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                                  Vendor-specific nuances<\/h3>\n\n\n\n
                                                                                                                                                                                    \n
                                                                                                                                                                                  • OCI networking uses specific constructs (VCN, NSG, DRG). Be cautious when translating patterns from other clouds.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                                    \n\n\n\n
                                                                                                                                                                                    14. Comparison with Alternatives<\/h2>\n\n\n\n
                                                                                                                                                                                    Nearest services in the same cloud (Oracle Cloud)<\/h3>\n\n\n\n
                                                                                                                                                                                      \n
                                                                                                                                                                                    • OCI Load Balancing \/ Network Load Balancer:<\/strong> Often a better production front door than assigning public IPs directly to instances.<\/li>\n
                                                                                                                                                                                    • OCI DNS:<\/strong> Manages name-to-IP mapping; can reduce dependency on fixed IP reassignment if DNS-based failover is acceptable.<\/li>\n
                                                                                                                                                                                    • OCI Bastion:<\/strong> Reduces need for public IPs on administrative endpoints.<\/li>\n
                                                                                                                                                                                    • NAT Gateway:<\/strong> Helps provide controlled outbound connectivity without public IPs on instances (verify exact outbound IP behavior and billing).<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                                      Nearest services in other clouds<\/h3>\n\n\n\n
                                                                                                                                                                                        \n
                                                                                                                                                                                      • AWS VPC IPAM:<\/strong> A dedicated IPAM service for planning and tracking IPs across VPCs and accounts.<\/li>\n
                                                                                                                                                                                      • Azure IP address management offerings:<\/strong> Azure has IP address features and governance; dedicated IPAM-like capabilities vary and may rely on integrations.<\/li>\n
                                                                                                                                                                                      • Google Cloud IP address management patterns:<\/strong> Primarily address reservation\/assignment; enterprise IPAM typically via partners\/tools.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                                        Open-source or self-managed alternatives<\/h3>\n\n\n\n
                                                                                                                                                                                          \n
                                                                                                                                                                                        • NetBox (open-source):<\/strong> Popular for enterprise IPAM\/DCIM; can be integrated with OCI via automation.<\/li>\n
                                                                                                                                                                                        • phpIPAM:<\/strong> Another IPAM tool for IP tracking.<\/li>\n
                                                                                                                                                                                        • Commercial: Infoblox, BlueCat (verify product fit and integration approach for OCI).<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                                          Comparison table<\/h3>\n\n\n\n
                                                                                                                                                                                          \n\n\n\n\n\n\n\n\n\n\n
                                                                                                                                                                                          Option<\/th>\nBest For<\/th>\nStrengths<\/th>\nWeaknesses<\/th>\nWhen to Choose<\/th>\n<\/tr>\n<\/thead>\n
                                                                                                                                                                                          OCI IP Management (Public IPs\/Private IP associations)<\/strong><\/td>\nManaging OCI public IP lifecycle and assignments<\/td>\nNative, IAM-integrated, auditable, automatable<\/td>\nNot a full enterprise IPAM; scope is OCI-centric<\/td>\nYou need stable OCI public endpoints and governance<\/td>\n<\/tr>\n
                                                                                                                                                                                          OCI Load Balancer \/ Network Load Balancer<\/strong><\/td>\nProduction ingress at scale<\/td>\nHA, TLS features, backend pooling, stable front door patterns<\/td>\nExtra service cost and configuration<\/td>\nMost internet-facing production apps<\/td>\n<\/tr>\n
                                                                                                                                                                                          OCI DNS<\/strong><\/td>\nName-based routing and indirection<\/td>\nDecouples clients from IP changes<\/td>\nTTL and caching delays<\/td>\nWhen failover\/cutovers can tolerate DNS propagation<\/td>\n<\/tr>\n
                                                                                                                                                                                          OCI Bastion<\/strong><\/td>\nSecure admin access<\/td>\nReduces public exposure<\/td>\nRequires bastion workflow adoption<\/td>\nAvoid public SSH\/RDP on instances<\/td>\n<\/tr>\n
                                                                                                                                                                                          AWS VPC IPAM<\/strong><\/td>\nMulti-account AWS IP planning<\/td>\nPurpose-built IPAM features<\/td>\nAWS-specific<\/td>\nYou need enterprise IPAM inside AWS<\/td>\n<\/tr>\n
                                                                                                                                                                                          NetBox \/ phpIPAM (self-managed)<\/strong><\/td>\nEnterprise IP inventory across hybrid\/multi-cloud<\/td>\nRich IP planning, ownership, automation<\/td>\nYou operate it; integration work required<\/td>\nYou need full IPAM beyond OCI capabilities<\/td>\n<\/tr>\n
                                                                                                                                                                                          Infoblox\/BlueCat (commercial)<\/strong><\/td>\nLarge enterprise IPAM\/DNS\/DHCP<\/td>\nMature enterprise features<\/td>\nLicensing cost; integration effort<\/td>\nRegulated, large-scale hybrid environments<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n
                                                                                                                                                                                          \n\n\n\n
                                                                                                                                                                                          15. Real-World Example<\/h2>\n\n\n\n
                                                                                                                                                                                          Enterprise example: regulated financial services API modernization<\/h3>\n\n\n\n
                                                                                                                                                                                            \n
                                                                                                                                                                                          • Problem:<\/strong> A bank modernizes customer APIs on OCI. Clients and partners require strict allowlists and stable endpoints. The bank also needs audit trails and separation of duties.<\/li>\n
                                                                                                                                                                                          • Proposed architecture:<\/strong><\/li>\n
                                                                                                                                                                                          • Public entry through OCI Load Balancer<\/strong> (or equivalent managed edge)<\/li>\n
                                                                                                                                                                                          • Reserved\/stable public endpoints tracked in IP Management<\/strong><\/li>\n
                                                                                                                                                                                          • Backends in private subnets; database in private subnet<\/li>\n
                                                                                                                                                                                          • IAM policies restrict public IP creation\/assignment to NetSec group<\/li>\n
                                                                                                                                                                                          • Tags required: System<\/code>, Owner<\/code>, DataClassification<\/code>, ChangeTicket<\/code><\/li>\n
                                                                                                                                                                                          • Audit log monitoring for all IP and route changes<\/li>\n
                                                                                                                                                                                          • Why IP Management was chosen:<\/strong><\/li>\n
                                                                                                                                                                                          • Native control of public IP inventory with compartment scoping<\/li>\n
                                                                                                                                                                                          • Auditability for compliance<\/li>\n
                                                                                                                                                                                          • Stable endpoints for allowlisting and change management<\/li>\n
                                                                                                                                                                                          • Expected outcomes:<\/strong><\/li>\n
                                                                                                                                                                                          • Fewer incidents due to IP changes<\/li>\n
                                                                                                                                                                                          • Faster, safer releases (stable endpoints)<\/li>\n
                                                                                                                                                                                          • Improved compliance evidence via audit logs and tagging<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                                            Startup\/small-team example: SaaS webhook receiver with partner allowlisting<\/h3>\n\n\n\n
                                                                                                                                                                                              \n
                                                                                                                                                                                            • Problem:<\/strong> A startup integrates with an enterprise partner that only sends webhooks to allowlisted IPs. The startup frequently rebuilds infrastructure.<\/li>\n
                                                                                                                                                                                            • Proposed architecture:<\/strong><\/li>\n
                                                                                                                                                                                            • Single small service behind a minimal public endpoint<\/li>\n
                                                                                                                                                                                            • Allocate a reserved public IP<\/strong> for the ingress endpoint<\/li>\n
                                                                                                                                                                                            • Keep DNS constant and avoid changing IP on rebuild<\/li>\n
                                                                                                                                                                                            • Use NSG rules to restrict inbound to partner IP ranges<\/li>\n
                                                                                                                                                                                            • Why IP Management was chosen:<\/strong><\/li>\n
                                                                                                                                                                                            • Simple and low operational overhead<\/li>\n
                                                                                                                                                                                            • Meets partner\u2019s fixed-IP requirement<\/li>\n
                                                                                                                                                                                            • Expected outcomes:<\/strong><\/li>\n
                                                                                                                                                                                            • Fewer partner integration failures<\/li>\n
                                                                                                                                                                                            • Faster rebuilds without coordination headaches<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                                              \n\n\n\n
                                                                                                                                                                                              16. FAQ<\/h2>\n\n\n\n
                                                                                                                                                                                              1) Is \u201cIP Management\u201d a standalone OCI service?<\/h3>\n\n\n\n
                                                                                                                                                                                              In OCI, IP Management<\/strong> is commonly a Console section and set of capabilities<\/strong> for managing IP address resources (especially public IPs). It is not necessarily a separate, SKU-like service branded as \u201cIPAM.\u201d Verify current OCI Console structure and docs for your region.<\/p>\n\n\n\n
                                                                                                                                                                                              2) What\u2019s the difference between a reserved and ephemeral public IP?<\/h3>\n\n\n\n
                                                                                                                                                                                              A reserved<\/strong> public IP stays allocated until you release it. An ephemeral<\/strong> public IP is generally temporary and may be released when the associated resource is terminated or reconfigured (behavior varies by resource\u2014verify in docs).<\/p>\n\n\n\n
                                                                                                                                                                                              3) Why should I avoid ephemeral IPs in production?<\/h3>\n\n\n\n
                                                                                                                                                                                              Because they can change, breaking:\n– Customer and partner allowlists\n– DNS assumptions\n– Firewall rules\nUse reserved IPs or a managed front door.<\/p>\n\n\n\n
                                                                                                                                                                                              4) Can I move a reserved public IP from one instance to another?<\/h3>\n\n\n\n
                                                                                                                                                                                              Often yes by re-associating it to a different private IP, subject to OCI constraints and permissions. Validate the exact supported reassignment workflow in OCI docs for your resource type.<\/p>\n\n\n\n
                                                                                                                                                                                              5) Does associating a public IP automatically open my service to the internet?<\/h3>\n\n\n\n
                                                                                                                                                                                              Not by itself. You also need:\n– A route to an Internet Gateway (for inbound)\n– Security list\/NSG rules allowing the traffic\n– The host and application listening on the port<\/p>\n\n\n\n
                                                                                                                                                                                              6) Where do I see what private IP a public IP maps to?<\/h3>\n\n\n\n
                                                                                                                                                                                              In the public IP or private IP details pages in the Console, or via CLI\/API (public-ip get<\/code>, private-ip get\/list<\/code>).<\/p>\n\n\n\n
                                                                                                                                                                                              7) How do compartments help with IP Management?<\/h3>\n\n\n\n
                                                                                                                                                                                              Compartments allow:\n– Separation of environments (prod vs dev)\n– Delegated administration\n– Cleaner policies and reporting<\/p>\n\n\n\n
                                                                                                                                                                                              8) Are public IPs charged in OCI?<\/h3>\n\n\n\n
                                                                                                                                                                                              They can be, depending on OCI\u2019s current pricing rules, your region, and contract terms. Always check the official pricing page and cost estimator.<\/p>\n\n\n\n
                                                                                                                                                                                              9) What\u2019s the best practice for production ingress: public IP on instances or load balancer?<\/h3>\n\n\n\n
                                                                                                                                                                                              For most production systems, prefer a load balancer<\/strong> (or equivalent managed edge) and keep instances in private subnets. Use public IPs on instances only when justified and controlled.<\/p>\n\n\n\n
                                                                                                                                                                                              10) Can I use IP Management for IPv6?<\/h3>\n\n\n\n
                                                                                                                                                                                              OCI supports IPv6 in certain contexts, but \u201cIP Management\u201d workflows may differ. Verify IPv6 support and management steps in the official OCI Networking documentation.<\/p>\n\n\n\n
                                                                                                                                                                                              11) How do I avoid \u201corphaned\u201d reserved public IPs?<\/h3>\n\n\n\n
                                                                                                                                                                                                \n
                                                                                                                                                                                              • Use tags (Owner<\/code>, ExpiryDate<\/code>)<\/li>\n
                                                                                                                                                                                              • Run periodic inventory checks<\/li>\n
                                                                                                                                                                                              • Add governance so unused IPs are flagged and released<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                                                12) How does BYOIP relate to IP Management?<\/h3>\n\n\n\n
                                                                                                                                                                                                BYOIP (if supported for your region\/tenancy) extends IP Management by allowing you to use customer-owned address ranges. It comes with additional validation and routing considerations.<\/p>\n\n\n\n
                                                                                                                                                                                                13) What logs should I monitor for IP-related changes?<\/h3>\n\n\n\n
                                                                                                                                                                                                  \n
                                                                                                                                                                                                • OCI Audit<\/strong> for create\/update\/delete\/attach operations<\/li>\n
                                                                                                                                                                                                • VCN Flow Logs (if enabled) for traffic troubleshooting<\/li>\n
                                                                                                                                                                                                • Security rule change events (route tables, NSGs, security lists)<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                                                  14) Can I fully manage IP assignments using Terraform?<\/h3>\n\n\n\n
                                                                                                                                                                                                  Terraform can manage many OCI networking resources, including public IP resources in many cases. Confirm provider support for your specific workflow and resource types.<\/p>\n\n\n\n
                                                                                                                                                                                                  15) What\u2019s the safest way to provide SSH access without public IPs?<\/h3>\n\n\n\n
                                                                                                                                                                                                  Use OCI Bastion<\/strong> (where available and appropriate), and keep instances in private subnets.<\/p>\n\n\n\n
                                                                                                                                                                                                  \n\n\n\n
                                                                                                                                                                                                  17. Top Online Resources to Learn IP Management<\/h2>\n\n\n\n
                                                                                                                                                                                                  \n\n\n\n\n\n\n\n\n\n\n\n\n\n
                                                                                                                                                                                                  Resource Type<\/th>\nName<\/th>\nWhy It Is Useful<\/th>\n<\/tr>\n<\/thead>\n
                                                                                                                                                                                                  Official documentation<\/td>\nOCI Networking documentation<\/td>\nPrimary reference for VCN, subnets, public IPs, routing, NSGs. Start here: https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Network\/Concepts\/overview.htm (verify if Oracle reorganizes docs)<\/td>\n<\/tr>\n
                                                                                                                                                                                                  Official documentation<\/td>\nOCI CLI documentation<\/td>\nLearn to automate IP Management tasks via CLI: https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/API\/Concepts\/cliconcepts.htm<\/td>\n<\/tr>\n
                                                                                                                                                                                                  Official docs (Networking tasks)<\/td>\nPublic IP addresses \/ managing public IPs (OCI)<\/td>\nOperational steps for reserved\/ephemeral IPs (use Oracle docs search if URL changes): https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Network\/Tasks\/managingpublicIPs.htm<\/td>\n<\/tr>\n
                                                                                                                                                                                                  Official docs (IAM)<\/td>\nOCI IAM policy reference<\/td>\nRequired to securely delegate IP operations: https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Identity\/Concepts\/policygetstarted.htm<\/td>\n<\/tr>\n
                                                                                                                                                                                                  Official docs (Audit)<\/td>\nOCI Audit<\/td>\nTrack changes to public IP resources: https:\/\/docs.oracle.com\/en-us\/iaas\/Content\/Audit\/Concepts\/auditoverview.htm<\/td>\n<\/tr>\n
                                                                                                                                                                                                  Official pricing<\/td>\nOracle Cloud Pricing<\/td>\nUnderstand public IP, networking, and egress costs: https:\/\/www.oracle.com\/cloud\/pricing\/<\/td>\n<\/tr>\n
                                                                                                                                                                                                  Official calculator<\/td>\nOCI Cost Estimator<\/td>\nModel your region-specific costs: https:\/\/www.oracle.com\/cloud\/costestimator.html<\/td>\n<\/tr>\n
                                                                                                                                                                                                  Official architecture<\/td>\nOCI Architecture Center<\/td>\nReference architectures involving networking and edge designs: https:\/\/docs.oracle.com\/en\/solutions\/<\/td>\n<\/tr>\n
                                                                                                                                                                                                  Official tutorials\/labs<\/td>\nOCI Tutorials<\/td>\nGuided labs (search for networking\/public IPs): https:\/\/docs.oracle.com\/en\/learn\/<\/td>\n<\/tr>\n
                                                                                                                                                                                                  Community (reputable)<\/td>\nOracle Cloud user communities and blogs<\/td>\nPractical tips; validate against official docs to avoid outdated guidance: https:\/\/community.oracle.com\/<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n
                                                                                                                                                                                                  \n\n\n\n
                                                                                                                                                                                                  18. Training and Certification Providers<\/h2>\n\n\n\n
                                                                                                                                                                                                  \n\n\n\n\n\n\n\n\n
                                                                                                                                                                                                  Institute<\/th>\nSuitable Audience<\/th>\nLikely Learning Focus<\/th>\nMode<\/th>\nWebsite URL<\/th>\n<\/tr>\n<\/thead>\n
                                                                                                                                                                                                  DevOpsSchool.com<\/td>\nDevOps engineers, SREs, platform teams<\/td>\nOCI + DevOps foundations, automation, infrastructure practices<\/td>\nCheck website<\/td>\nhttps:\/\/www.devopsschool.com\/<\/td>\n<\/tr>\n
                                                                                                                                                                                                  ScmGalaxy.com<\/td>\nBeginners to intermediate engineers<\/td>\nDevOps\/SCM concepts supporting cloud operations<\/td>\nCheck website<\/td>\nhttps:\/\/www.scmgalaxy.com\/<\/td>\n<\/tr>\n
                                                                                                                                                                                                  CLoudOpsNow.in<\/td>\nCloud operations teams<\/td>\nCloud operations and runbooks; cloud reliability practices<\/td>\nCheck website<\/td>\nhttps:\/\/www.cloudopsnow.in\/<\/td>\n<\/tr>\n
                                                                                                                                                                                                  SreSchool.com<\/td>\nSREs, production engineers<\/td>\nSRE practices: reliability, incident response, monitoring<\/td>\nCheck website<\/td>\nhttps:\/\/www.sreschool.com\/<\/td>\n<\/tr>\n
                                                                                                                                                                                                  AiOpsSchool.com<\/td>\nOps\/SRE teams adopting AIOps<\/td>\nAIOps concepts, monitoring automation and analytics<\/td>\nCheck website<\/td>\nhttps:\/\/www.aiopsschool.com\/<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n
                                                                                                                                                                                                  \n\n\n\n
                                                                                                                                                                                                  19. Top Trainers<\/h2>\n\n\n\n
                                                                                                                                                                                                  \n\n\n\n\n\n\n\n
                                                                                                                                                                                                  Platform\/Site<\/th>\nLikely Specialization<\/th>\nSuitable Audience<\/th>\nWebsite URL<\/th>\n<\/tr>\n<\/thead>\n
                                                                                                                                                                                                  RajeshKumar.xyz<\/td>\nDevOps\/cloud training content (verify current offerings)<\/td>\nBeginners to intermediate<\/td>\nhttps:\/\/rajeshkumar.xyz\/<\/td>\n<\/tr>\n
                                                                                                                                                                                                  devopstrainer.in<\/td>\nDevOps tools and practices (verify OCI coverage)<\/td>\nDevOps engineers<\/td>\nhttps:\/\/www.devopstrainer.in\/<\/td>\n<\/tr>\n
                                                                                                                                                                                                  devopsfreelancer.com<\/td>\nFreelance DevOps guidance and services (verify scope)<\/td>\nTeams seeking practical implementation help<\/td>\nhttps:\/\/www.devopsfreelancer.com\/<\/td>\n<\/tr>\n
                                                                                                                                                                                                  devopssupport.in<\/td>\nDevOps support and training resources (verify offerings)<\/td>\nOps and DevOps teams<\/td>\nhttps:\/\/www.devopssupport.in\/<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n
                                                                                                                                                                                                  \n\n\n\n
                                                                                                                                                                                                  20. Top Consulting Companies<\/h2>\n\n\n\n
                                                                                                                                                                                                  \n\n\n\n\n\n\n
                                                                                                                                                                                                  Company Name<\/th>\nLikely Service Area<\/th>\nWhere They May Help<\/th>\nConsulting Use Case Examples<\/th>\nWebsite URL<\/th>\n<\/tr>\n<\/thead>\n
                                                                                                                                                                                                  cotocus.com<\/td>\nCloud\/DevOps consulting (verify current practice areas)<\/td>\nArchitecture, implementation, operationalization<\/td>\nNetwork baseline, secure ingress\/egress, automation guardrails<\/td>\nhttps:\/\/cotocus.com\/<\/td>\n<\/tr>\n
                                                                                                                                                                                                  DevOpsSchool.com<\/td>\nDevOps\/cloud consulting and training (verify current offerings)<\/td>\nDelivery acceleration, DevOps enablement<\/td>\nIaC implementation, governance and tagging strategy, CI\/CD integration for networking<\/td>\nhttps:\/\/www.devopsschool.com\/<\/td>\n<\/tr>\n
                                                                                                                                                                                                  DEVOPSCONSULTING.IN<\/td>\nDevOps consulting (verify scope and services)<\/td>\nPlatform operations, automation<\/td>\nIP governance runbooks, cost controls, policy design<\/td>\nhttps:\/\/www.devopsconsulting.in\/<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n
                                                                                                                                                                                                  \n\n\n\n
                                                                                                                                                                                                  21. Career and Learning Roadmap<\/h2>\n\n\n\n
                                                                                                                                                                                                  What to learn before IP Management<\/h3>\n\n\n\n
                                                                                                                                                                                                  To use OCI IP Management effectively, first learn:<\/p>\n\n\n\n
                                                                                                                                                                                                    \n
                                                                                                                                                                                                  • Networking fundamentals: IPv4, CIDR, NAT, routing, DNS, TLS<\/li>\n
                                                                                                                                                                                                  • OCI basics: tenancies, regions, compartments<\/li>\n
                                                                                                                                                                                                  • OCI Networking: VCNs, subnets, route tables, IGW, NAT gateway, NSGs\/security lists<\/li>\n
                                                                                                                                                                                                  • Basic Linux administration and SSH (if using compute instances)<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                                                    What to learn after IP Management<\/h3>\n\n\n\n
                                                                                                                                                                                                    Build depth and production readiness with:<\/p>\n\n\n\n
                                                                                                                                                                                                      \n
                                                                                                                                                                                                    • OCI Load Balancing and resilient ingress architectures<\/li>\n
                                                                                                                                                                                                    • OCI Bastion and zero-trust administrative access patterns<\/li>\n
                                                                                                                                                                                                    • Infrastructure as Code (Terraform with OCI)<\/li>\n
                                                                                                                                                                                                    • Observability: audit, logging, flow logs, monitoring<\/li>\n
                                                                                                                                                                                                    • Security engineering: least privilege IAM, threat modeling, hardening<\/li>\n
                                                                                                                                                                                                    • Hybrid connectivity: DRG, VPN, FastConnect (as needed)<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                                                      Job roles that use it<\/h3>\n\n\n\n
                                                                                                                                                                                                        \n
                                                                                                                                                                                                      • Cloud Engineer \/ Cloud Network Engineer<\/li>\n
                                                                                                                                                                                                      • DevOps Engineer \/ Platform Engineer<\/li>\n
                                                                                                                                                                                                      • Site Reliability Engineer (SRE)<\/li>\n
                                                                                                                                                                                                      • Security Engineer (NetSec \/ CloudSec)<\/li>\n
                                                                                                                                                                                                      • Solutions Architect<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                                                        Certification path (if available)<\/h3>\n\n\n\n
                                                                                                                                                                                                        Oracle offers OCI certifications, but the exact certification names and tracks change. Use Oracle University to find current paths:\n– https:\/\/education.oracle.com\/ (verify current certification catalog and OCI tracks)<\/p>\n\n\n\n
                                                                                                                                                                                                        Project ideas for practice<\/h3>\n\n\n\n
                                                                                                                                                                                                          \n
                                                                                                                                                                                                        • Build a production-like front door:<\/li>\n
                                                                                                                                                                                                        • Reserved IP + public load balancer + private backend + restricted NSGs<\/li>\n
                                                                                                                                                                                                        • Create an \u201cIP inventory\u201d script:<\/li>\n
                                                                                                                                                                                                        • List public IPs by compartment, show tags, flag unassigned reserved IPs<\/li>\n
                                                                                                                                                                                                        • Implement a governance policy set:<\/li>\n
                                                                                                                                                                                                        • Only NetSec can assign public IPs in prod compartments<\/li>\n
                                                                                                                                                                                                        • Enforce required tags for public IPs (where feasible)<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                                                          \n\n\n\n
                                                                                                                                                                                                          22. Glossary<\/h2>\n\n\n\n
                                                                                                                                                                                                            \n
                                                                                                                                                                                                          • OCI (Oracle Cloud Infrastructure):<\/strong> Oracle Cloud\u2019s IaaS\/PaaS platform.<\/li>\n
                                                                                                                                                                                                          • Networking, Edge, and Connectivity:<\/strong> OCI category covering VCN, gateways, load balancing, DNS, and edge connectivity.<\/li>\n
                                                                                                                                                                                                          • VCN (Virtual Cloud Network):<\/strong> A private network in OCI, similar to a VPC in other clouds.<\/li>\n
                                                                                                                                                                                                          • Subnet:<\/strong> A range of IP addresses within a VCN.<\/li>\n
                                                                                                                                                                                                          • VNIC:<\/strong> Virtual network interface attached to a compute instance or service.<\/li>\n
                                                                                                                                                                                                          • Private IP:<\/strong> IP address within the VCN\/subnet assigned to a VNIC.<\/li>\n
                                                                                                                                                                                                          • Public IP:<\/strong> Internet-routable IPv4 address mapped to a private IP.<\/li>\n
                                                                                                                                                                                                          • Reserved Public IP:<\/strong> Public IP that remains allocated until you release it.<\/li>\n
                                                                                                                                                                                                          • Ephemeral Public IP:<\/strong> Public IP that may be automatically assigned\/released based on lifecycle.<\/li>\n
                                                                                                                                                                                                          • IGW (Internet Gateway):<\/strong> Provides inbound\/outbound internet connectivity for public subnets (when routes and security allow).<\/li>\n
                                                                                                                                                                                                          • NSG (Network Security Group):<\/strong> Stateful virtual firewall rules applied to VNICs.<\/li>\n
                                                                                                                                                                                                          • Security List:<\/strong> Subnet-level firewall rules.<\/li>\n
                                                                                                                                                                                                          • Compartment:<\/strong> OCI logical container for organizing resources and IAM boundaries.<\/li>\n
                                                                                                                                                                                                          • Tagging:<\/strong> Metadata used for cost allocation, ownership, automation, and governance.<\/li>\n
                                                                                                                                                                                                          • IAM Policy:<\/strong> Rules defining who can do what in OCI.<\/li>\n
                                                                                                                                                                                                          • Audit Logs:<\/strong> Records of control-plane API actions for traceability.<\/li>\n
                                                                                                                                                                                                          • BYOIP:<\/strong> Bring Your Own IP; using customer-owned IP ranges in OCI (if supported).<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                                                            \n\n\n\n
                                                                                                                                                                                                            23. Summary<\/h2>\n\n\n\n
                                                                                                                                                                                                            IP Management (Oracle Cloud)<\/strong> is the practical set of OCI Networking capabilities used to allocate, reserve, assign, and govern IP addresses<\/strong>, especially public IPs<\/strong> and their association to private IPs<\/strong> on VNICs inside a VCN. It matters because stable IP endpoints reduce outages, simplify allowlisting, and improve operational control in production environments.<\/p>\n\n\n\n
                                                                                                                                                                                                            From a cost perspective, watch for public IPv4 charges (if applicable)<\/strong> and, more importantly, internet egress costs<\/strong>. From a security perspective, treat public IP assignment as a high-risk action: lock it down with least-privilege IAM<\/strong>, compartments, and auditing, and avoid exposing SSH\/RDP directly.<\/p>\n\n\n\n
                                                                                                                                                                                                            Use IP Management when you need stable endpoints<\/strong> and controlled IP lifecycle. Prefer managed front doors (load balancers, bastion) for production-grade designs. Next, deepen your skills by learning OCI Load Balancing, OCI Bastion, and Terraform-based automation for repeatable network governance.<\/p>\n","protected":false},"excerpt":{"rendered":"
                                                                                                                                                                                                            Networking, Edge, and Connectivity<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[74,62],"tags":[],"class_list":["post-945","post","type-post","status-publish","format-standard","hentry","category-networking-edge-and-connectivity","category-oracle-cloud"],"_links":{"self":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts\/945","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/comments?post=945"}],"version-history":[{"count":0,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts\/945\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/media?parent=945"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/categories?post=945"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/tags?post=945"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}