53_ N‐W ‐ NAT GW ‐ connect Private instance with one way connectivity to internet - Nirvan-Pandey/OCI_DOC GitHub Wiki

53_1: Introduction

In Oracle Cloud Infrastructure (OCI), instances in a private subnet do not have direct internet access. However, certain use cases require these instances to access the internet for software updates, patches, and API calls without being publicly accessible. To achieve this, we use a NAT Gateway (Network Address Translation Gateway).

A NAT Gateway allows outbound internet access for instances in a private subnet, while blocking any inbound connections. This ensures security while enabling essential network functions.

53_2: Use Case

  • Private compute instances need internet access for OS updates, software downloads, and API calls.

  • Security mandates that instances do not have public IP addresses.

  • A one-way connectivity setup where private instances can reach the internet, but the internet cannot reach them.

53_3: Steps to Set Up a NAT Gateway

Step1: Create a NAT Gateway

1: Ping google.com(Unsucccessful)

image

2: Navigate to Networking > Virtual Cloud Networks (VCNs)

image

  1. Click on NAT Gateways. Click Create NAT Gateway, provide a name, and associate it with your VCN.

image image

  1. NAT Gateway is created, and automatically a public IP has been assigned. image

Step2: Update the Route Table

  1. Go to Networking > Virtual Cloud Networks (VCNs)> Private Subnet VCN
  2. Go to the Private-Subnet in the Spoke VCN

image

  1. Click on Route Tables.

image

  1. Add the Route Table.

image

  1. Choose the gateway and take IP of the google.com

image

image

image

Step3: Verify Connectivity

Ping is successful.

image

53_4: Conclusion

By setting up a NAT Gateway, private instances can securely access the internet without exposing them to inbound traffic. This is ideal for scenarios requiring software updates, license verifications, or API calls while maintaining a secure private network.

Key Takeaways:

✔ One-way internet access for private instances.

✔ No need for a public IP on the private instance.

✔ More secure than using an Internet Gateway.

✔ Route table must be updated for traffic to flow through the NAT Gateway.

This setup ensures secure, controlled, and efficient internet access for your OCI private instances