Summary
BYOIP moves the customer's public IP addresses (IPv4 and IPv6) into OCI. The regional internet registry needs to notified of the new arrangement in order to direct BGP routing away from the customer towards OCI ASN.
Reference
IP Management: BYOIP
Bring Your Own IP (BYOIP) allows the customer to import public IP addresses that the customer owns into OCI for use by resources, such as load balancer listeners and compute instance public IP addresses. The customer needs to liaise with both Oralce and the Regional Internet Registry that assigned those addresses.
BYOIP Use Cases
- Migration
- Hard-coded IP addresses can be migrated to OCI.
- IP Pool Management
- Allows pools of contiguous IP addresses instead of isolated IP addresses allocated by OCI
- IP reputation
- Published Internet services sometimes rely on contiguous IP addresses.
BYOIP Limits
- Can only be imported into a single region
- IPv4 CIDR block ranges from /8 to /24
- Ipv6 prefix must be /48 or larger
- Up to 20 IPv4 CIDR blocks or IPv6 prefixes or a combination to an OCI account
- An address range can only be assigned to a single compartment
- Can assign up to 5 IPv6 prefixes per VCN and up to one per subnet. Can assign IPv4 addresses from one prefix to a VNIC
IP Management: Reserved Public IPs
Public IP Addresses
A compute instance can communicate with the Internet by:
- Placement in a public subnet of a VCN with an Internet Gateway attached. Security rules need to be established to allow this.
- Allowing OCI to assign a public IP address to a VNIC
Reserved Public IPs
A public is either:
- Ephemeral
- Temporary public IP address assigned to a compute instance or load balancer listener for the lifetime of that resource.
- Reserved
- Persistent public IP address that is assigned to a resource by the customer.
Public IP Comparison
| Characteristic | Ephemeral Public IPs | Reserved Public Ips |
|---|---|---|
| Allowed assignment |
To VNICs primary private IP only Limits:
|
To either a primary or secondary private IP Limit: 32 per VNIC |
| Creation | Optionally created and assigned during instance launch or secondary VNIC creation. You can create and assign one later if the VNIC doesn't already have one. | You can create one at any time. You can then assign it when you like. Limit: You can create 50 per region. |
| Unassignment | You can unassign it at any time, which deletes it. | You can unassign it at any time, which returns it to your tenancy's pool of reserved public IPs. |
| Moving to a different resource | You cannot move an ephermeral public IP address to a different private IP address | You can move it (unassign and then reassign it) at any time to another private IP in the same region |
| Automatic deletion | Its lifetime is tied to the private IP on the VM instance. | Never. Exists until you delete it. |
| Scope | Availability doamin | Regional (can be assigned to a private IP in any AD in the region) |
IP Management: IP Pools
Public IP Pools
A public IP pool is simply a set of IPv4 CIDR blocks alocated to a tenacny. These CIDR blocks can be all or part of a BYOIP CIDR block. Public IP CIDR blocks assigned to a pool are available only for your tenancy. Public IP pools are available as a source for IP allocation when launching a NAT gateway, load balancer, or compute instance. You can add more IP CIDR blocks to a public IP pool at any time.
Public IP Pools: Use Cases
- Create Reserved IP
- Addresses from a public IP pool can be reserved, and then attached to resources, as required.
- Direct launch from pool
- Resources can be launched from a pool without previously reserving an IP adddress
- Delete CIDR blocks and pools
- Entire pools or CIDR blocks within a pool can be deleted if there are no resources using any of those addresses.
BYOIP Process Overview
BYOIP Process Overview shows the following overview:
There are seven (7) steps in the above swimlane diagram to import a BYOIP range:
- The customer submits a request to OCI to import either a public IPv4 CIDR block or IPv6 prefix
- Oracle issues a verification token
- The customer submits the verification token and the required IP address block to the Regional Internet Registry (RIR)
- The customer negotiates a Route Origin Authorisation (ROA) with the RIR so that OCI can host the IP block/prefix
- The customer asks OCI to complete the import process
- Oracle assigns the IP block/prefix to the selected compartment
- The customer then manages the BYOIP resource