Virtual Cloud Network

(VCN): Use IPv6 as a tool to

overcome VCN IPv4 CIDR
overlaps in a private
environment
Lab 5-1 Practices
Get Started

Overview
In this lab, you will interconnect two VCNs in the same region that have overlapping IPv4 CIDR
blocks. The Dynamic Routing Gateway (DRG) will be used because the Local Peering Gateway
does not allow peering two VCNs that have overlapping CIDRs. The DRG does allow the
attachment of two VCNs with overlapping CIDRs.

The objective is to bypass the IPv4 CIDR block overlap limitation and be able to communicate
two compute instances, one in each VCN, with each other without changing the VMs IPv4
private addresses. These two VMs should be able to communicate privately via the DRG with
IPv6. Ping6 will be used for testing the success of the lab.

For this, the VCNs, subnets, and compute instances’ vNICs need to be enabled for IPv6
addressing.

In addition, the compute instances’ internal OS firewall needs to be configured for IPv6. After
enabling IPv6 on all OCI components that require it, you will SSH to both VMs and run the
following commands:

$ sudo firewall-cmd --permanent --add-service=dhcpv6-client

$ sudo firewall-cmd --reload
$ sudo dhclient -6 ens3

Copyright © 2023, Oracle and/or its affiliates.

60 Virtual Cloud Network (VCN): Use IPv6 as a tool to overcome VCN IPv4 CIDR overlaps in a private environment
Set up environment: Create VCNs and instances

As a prerequisite for this lab, you’ll first build two VCNs in the same region and in the same
compartment. They must have an overlapping IPv4 CIDRs (10.0.0.0/16) with a public subnet
in each VCN, with access to the internet. It also requires two compute instances, one in each
subnet.

Two VCNs:
Names: IAD–AP–LAB05-1–VCN–01, IAD–AP–LAB05-1–VCN–02
CIDR Block: 10.0.0.0/16
Public Subnet
CIDR Block: 10.0.0.0/24

Two Compute Instances:

Names: IAD–AP–LAB05-1–VM–01, IAD–AP–LAB05-1–VM–02
Image: Oracle Linux 8
Shape: VM.Standard.A1.Flex with 1 OCPU and 6 GB

You’ll set these up, then proceed with the lab.

Create the first virtual cloud network

1. Log into your tenancy and compartment on the Cloud Console.

2. In the main menu, in Networking, click Virtual Cloud Networks.

3. Make sure that under the Compartments field you select the correct compartment.

4. Click Create VCN. Fill in the fields:

a. Name: IAD–AP–LAB05-1–VCN–01

b. IPv4 CIDR block: 10.0.0.0/16

c. Leave all other fields as they are

5. Click Create VCN. The VCN will open. Click Create Subnet and fill in the fields:

a. Name: IAD-AP-LAB05-1-VCN-01-SNT-01

b. Subnet type: Regional

Copyright © 2023, Oracle and/or its affiliates.

Virtual Cloud Network (VCN): Use IPv6 as a tool to overcome VCN IPv4 CIDR overlaps in a private environment 61
 c. IPv4 CIDR block: 10.0.0.0/24

d. Subnet Access: Public

e. Leave all the other fields as they are.

6. Click Create Subnet.

7. Under Resources in the left navigation pane, click Internet Gateways. Click Create
Internet Gateway, and fill in the fields:

a. Name: IAD-AP-LAB05-1-VCN-01-IG-01

b. Make sure that the compartment is the same one as the VCN compartment.

8. Click Create Internet Gateway.

9. Under Resources in the left navigation pane, click Route Tables. Click Default Route
Table for IAD–AP–LAB05-1–VCN–01.

10. Click Add Route Rules and fill in the information:

a. Target Type: Internet Gateway

b. Destination CIDR block: 0.0.0.0/0

c. Target Internet Gateway: IAD-AP-LAB05-1-VCN-01-IG-01

d. Click Add Route Rules.

The Route Table screen will remain open after the rule is configured. This completes this VCN.
Now you’ll create the second VCN. In the breadcrumbs link at the top left, click Virtual Cloud
Networks.

Create the second virtual cloud network

1. Make sure that under the Compartments field you select the correct compartment.

2. Click Create VCN. Fill in the fields:

a. Name: IAD–AP–LAB05-1–VCN–02

b. IPv4 CIDR block: 10.0.0.0/16

Copyright © 2023, Oracle and/or its affiliates.

62 Virtual Cloud Network (VCN): Use IPv6 as a tool to overcome VCN IPv4 CIDR overlaps in a private environment
 c. Leave all other fields as they are

3. Click Create VCN. The VCN will open. Click Create Subnet and fill in the fields:

a. Name: IAD-AP-LAB05-1-VCN-02-SNT-01

b. Subnet type: Regional

c. IPv4 CIDR block: 10.0.0.0/24

d. Subnet Access: Public

e. Leave all the other fields as they are.

4. Click Create Subnet.

5. Under Resources in the left navigation pane, click Internet Gateways. Click Create
Internet Gateway, and fill in the fields:

a. Name: IAD-AP-LAB05-1-VCN-02-IG-01

b. Make sure that the compartment is the same one as the VCN compartment.

6. Click Create Internet Gateway.

7. Under Resources in the left navigation pane, click Route Tables. Click Default Route
Table for IAD–AP–LAB05-1–VCN–02.

8. Click Add Route Rules and fill in the information:

a. Target Type: Internet Gateway

b. Destination CIDR block: 0.0.0.0/0

c. Target Internet Gateway: IAD-AP-LAB05-1-VCN-02-IG-01

d. Click Add Route Rules

Create your first compute instance

1. In the main menu, under Compute, click Instances.

2. Make sure that under the Compartments field you select the correct compartment.

Copyright © 2023, Oracle and/or its affiliates.

Virtual Cloud Network (VCN): Use IPv6 as a tool to overcome VCN IPv4 CIDR overlaps in a private environment 63
3. Click Create Instance, and fill in the fields:

a. Name: IAD–AP–LAB05-1–VM–01

b. In the Create in compartment picklist make sure that you select the correct
compartment.

c. Placement: AD1

d. Image: Oracle Linux 8 (Latest release)

e. For Shape, click Change Shape. Click Ampere, and select VM.Standard.A1.Flex with
1 OCPU and 6 GB .

f. Click Select Shape.

4. Under Networking, click Select existing virtual cloud network and choose IAD–AP–
LAB05-1–VCN–01.

5. Under Networking, click Select existing subnet and choose IAD-AP-LAB05-1-VCN-01-

SNT-01.

6. Under Networking, click Assign a public IPv4 address.

7. Under Add SSH keys, proceed with the best option for you.

8. Leave other fields as they are.

9. Click Create.

This completes the first instance. Now, you’ll create the second one. In the breadcrumbs link to
the top left click Instances.

Create your second compute instance

1. In the main menu, under Compute, click Instances.

2. Make sure that under the Compartments field you select the correct compartment.

3. Click Create Instance, and fill in the fields:

a. Name: IAD–AP–LAB05-1–VM–02

Copyright © 2023, Oracle and/or its affiliates.

64 Virtual Cloud Network (VCN): Use IPv6 as a tool to overcome VCN IPv4 CIDR overlaps in a private environment
 b. In the Create in compartment picklist make sure that you select the correct
compartment

c. Placement: AD2

d. Image: Oracle Linux 8 (Latest release)

e. For Shape, click Change Shape. Click Ampere, and select VM.Standard.A1.Flex with
1 OCPU and 6 GB .

f. Click Select Shape.

4. Under Networking, click Select existing virtual cloud network and choose IAD–AP–
LAB05-1–VCN–02.

5. Under Networking, click Select existing subnet and choose IAD-AP-LAB05-1-VCN-02-

SNT-01.

6. Under Networking, click Assign a public IPv4 address.

7. Under Add SSH keys, proceed with the best option for you.

8. Leave other fields as they are

9. Click Create.

Copyright © 2023, Oracle and/or its affiliates.

Virtual Cloud Network (VCN): Use IPv6 as a tool to overcome VCN IPv4 CIDR overlaps in a private environment 65
Enable IPv6 on virtual cloud networks and subnets

Tasks

1. In the main menu, in Networking, click Virtual Cloud Networks.

2. Select existing Virtual Cloud Network IAD-AP-LAB05-1-VCN-01.

3. In the left navigation pane, under Resources, select CIDR Blocks/Prefixes.

4. Click Add CIDR Block/IPv6 Prefix.

5. Under IPv6 Prefixes, check the Assign an Oracle allocated IPv6 /56 prefix checkbox

6. Click Add CIDR Blocks/Prefixes.

7. In the left navigation pane, under Resources, click Subnets.

8. Click the public subnet, IAD-AP-LAB05-1-VCN-01-SNT-01.

9. In the left navigation pane, under Resources, select IPv6 Prefixes.

10. Click Add IPv6 Prefix.

11. Check the Assign an Oracle allocated IPv6 /64 prefix checkbox.

12. Complete the IPv6 CIDR prefix by entering two hexadecimal digits between 00 and FF –
for example, 7E.

13. Click Add IPv6 Prefix.

14. Repeat steps 2-13 for IAD-AP-LAB05-1-VCN-02 and add the subnet IAD-AP-LAB05-1-
VCN-02-SNT-01.

Copyright © 2023, Oracle and/or its affiliates.

66 Virtual Cloud Network (VCN): Use IPv6 as a tool to overcome VCN IPv4 CIDR overlaps in a private environment
Enable IPv6 on compute instances

Tasks

1. In the main menu, under Compute, click Instances.

2. Select existing compute instance IAD-AP-LAB05-VM-01.

3. Scroll down. Under Resources click Attached VNICs.

4. Click IAD-AP-LAB05-VM-01.

5. Under Resources, click IPv6 Addresses.

6. Click Assign IPv6 Address.

7. Select Automatically assign IPv6 addresses from prefix.

8. Click Assign.

9. SSH to IAD-AP-LAB05-VM-01 (use the provided private SSH Key) using the public IP
address.

10. Type the following commands:

$ sudo firewall-cmd --permanent --add-service=dhcpv6-client
$ sudo firewall-cmd --reload
$ sudo dhclient -6 ens3

11. Repeat steps 2-10 for VM-02.

Copyright © 2023, Oracle and/or its affiliates.

Virtual Cloud Network (VCN): Use IPv6 as a tool to overcome VCN IPv4 CIDR overlaps in a private environment 67
Create a dynamic routing gateway and attach the VCNs

Tasks

1. In the main menu, in Networking and Customer Connectivity, click Dynamic Routing
Gateway.

2. Click Create Dynamic Routing Gateway.

3. Name it IAD-AP-LAB05-1-DRG-01.

4. Wait for the DRG status to change to Available.

5. Under Resources, click Virtual Cloud Networks Attachments.

6. Name it IAD-AP-LAB05-1-VCN-01-ATCH.

7. From the Select a Virtual Cloud Network list, select IAD-AP-LAB05-1-VCN-01.

8. Under Resources, click Virtual Cloud Networks Attachments.

9. Name it IAD-AP-LAB05-1-VCN-02-ATCH.

10. From the Select a Virtual Cloud Network list, select IAD-AP-LAB05-1-VCN-02.

11. Under Resources click DRG Route Tables.

12. Click Autogenerated DRG Route Table for VCN attachments.

13. Click Get All Route Rules.

14. Notice how there is an IPv4 conflict, and how IPv6 is fine.

15. Under Destination CIDR, copy into memory or notepad the IPv6 CIDR prefixes, making
sure you keep track to which VCN each one corresponds.

Copyright © 2023, Oracle and/or its affiliates.

68 Virtual Cloud Network (VCN): Use IPv6 as a tool to overcome VCN IPv4 CIDR overlaps in a private environment
Add route rules to both VCNs’ route tables

Tasks

1. In the main menu, under Networking, click Virtual Cloud Networks.

2. Select existing Virtual Cloud Network IAD-AP-LAB05-1-VCN-01.

3. Under Resources, click Route Tables.

4. Click on Default Route Table for IAD-AP-LAB05-1-VCN-01.

5. Click Add Route Rules.

6. Under Protocol Version, click IPv6 radius.

7. Select a target type of Dynamic Routing Gateway.

8. In the Destination CIDR Block field, enter the VCN-2 IPv6 CIDR prefix you copied in step
15 of the previous task (Create a dynamic routing gateway and attach the VCNs).

9. Click Add Route Rules.

10. Repeat steps 2-9 for VCN-02 with the appropriate route table and IPv6 CIDR prefixes.

Copyright © 2023, Oracle and/or its affiliates.

Virtual Cloud Network (VCN): Use IPv6 as a tool to overcome VCN IPv4 CIDR overlaps in a private environment 69
Add route rules to both VCNs’ security lists

1. In the main menu, under Networking, click Virtual Cloud Networks.

2. Select existing Virtual Cloud Network IAD-AP-LAB05-1-VCN-01.

3. Under Resources, click Security Lists.

4. Click Default Security List for IAD-AP-LAB05-1-VCN-01.

5. Click Egress Rules, then Add Egress Rules.

6. In the Destination CIDR field, type ::/0

7. In the IP Protocol list, select All Protocols.

8. Click Add Egress Rules.

9. Under Resources, click Ingress Rules.

10. Click Add Ingress Rules.

11. In the Source CIDR field, enter the VCN-02 IPv6 CIDR prefix you copied in step 15 of the
previous task, Create a dynamic routing gateway, and attach the VCNs.

12. In the IP Protocol list, select IPv6-ICMP.

13. Click Add Ingress Rules.

14. Repeat steps 2-13 for IAD-AP-LAB05-1-VCN-02.

Copyright © 2023, Oracle and/or its affiliates.

70 Virtual Cloud Network (VCN): Use IPv6 as a tool to overcome VCN IPv4 CIDR overlaps in a private environment
Test your configuration

1. SSH to compute instance IAD–AP–LAB05-1–VM–01 using the public IP address.

2. Ping the IPv6 address IAD–AP–LAB05-1–VM–02 using the command ping6.

Example: ping6 2603:c020:400c:6d7e:d0ee:b9a1:2a58:d185

3. Repeat steps 1 and 2 for your IAD–AP–LAB05-1–VM–02 compute instance and ping6 IAD–
AP–LAB05-1–VM–02.

Copyright © 2023, Oracle and/or its affiliates.

Virtual Cloud Network (VCN): Use IPv6 as a tool to overcome VCN IPv4 CIDR overlaps in a private environment 71
 Copyright © 2023, Oracle and/or its affiliates.

72 Virtual Cloud Network (VCN): Use IPv6 as a tool to overcome VCN IPv4 CIDR overlaps in a private environment