MySQL DB system endpoints are not public. To connect to a DB system, create a virtual cloud network (VCN) and add ingress rules. You can then use a compute instance, a Bastion session, or a VPN connection to connect to the DB system.

Do the following to configure networking:

1. Create a virtual cloud network: If you do not have a VCN with a private or public regional subnet already present in your tenancy, create a VCN. See Creating a Virtual Cloud Network.
2. Add ingress rules: Add ingress rules to allow traffic from authorized IP addresses. See Adding Ingress Rules for a Compute Instance, Bastion Session or VPN Connection.

Networking Considerations

While creating a VCN, adhere to the following:

• Security rules: To enable communication between your local network or a compute and the DB system, configure the subnets of the VCN subnets with security rules. These rules permit traffic from specific IP addresses and ports, or ranges of IP addresses and ports, between resources. See Network Security Rules.
• IP address requirements: When you define the CIDR block, note the IP address requirements:
  • The Networking service: Reserves three IP addresses in each subnet. See Reserved IP Addresses.
  • Standalone DB system: Requires three IP addresses for the following: the DB system, the compute instance hosting the MySQL instance, and for maintenance and upgrade tasks on the MySQL instance.
  • High availability DB system: Requires up to seven IP addresses for the following: the DB system, one per compute instance hosting the MySQL instance (three in total), and one per MySQL instance for maintenance and upgrade tasks (up to three in total).
  • Read replica: Requires three IP addresses for the following: the read replica, the compute instance hosting the MySQL instance, and for maintenance and upgrade tasks on the MySQL instance.
  • Read replica load balancer: Requires one IP address.