create

Description

Creates a new virtual cloud network (VCN). For more information, see VCNs and Subnets.

For the VCN you must specify a single, contiguous IPv4 CIDR block. Oracle recommends using one of the private IP address ranges specified in RFC 1918 (10.0.0.0/8, 172.16/12, and 192.168/16). Example: 172.16.0.0/16. The CIDR block can range from /16 to /30, and it must not overlap with your on-premises network. You can't change the size of the VCN after creation.

For the purposes of access control, you must provide the OCID of the compartment where you want the VCN to reside. Consult an Oracle Cloud Infrastructure administrator in your organization if you're not sure which compartment to use. Notice that the VCN doesn't have to be in the same compartment as the subnets or other Networking Service components. For more information about compartments and access control, see Overview of the IAM Service. For information about OCIDs, see Resource Identifiers.

You may optionally specify a display name for the VCN, otherwise a default is provided. It does not have to be unique, and you can change it. Avoid entering confidential information.

You can also add a DNS label for the VCN, which is required if you want the instances to use the Interent and VCN Resolver option for DNS in the VCN. For more information, see DNS in Your Virtual Cloud Network.

The VCN automatically comes with a default route table, default security list, and default set of DHCP options. The OCID for each is returned in the response. You can't delete these default objects, but you can change their contents (that is, change the route rules, security list rules, and so on).

The VCN and subnets you create are not accessible until you attach an internet gateway or set up an IPSec VPN or FastConnect. For more information, see Overview of the Networking Service.

Usage

oci network vcn create [OPTIONS]

Required Parameters

--cidr-block [text]

The CIDR IP address block of the VCN.

Example:

10.0.0.0/16
--compartment-id, -c [text]

The OCID of the compartment to contain the VCN.

Optional Parameters

--defined-tags [complex type]

Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags.

Example:

{"Operations": {"CostCenter": "42"}}

This is a complex type whose value must be valid JSON. The value can be provided as a string on the command line or passed in as a file using the file://path/to/file syntax.

The --generate-param-json-input option can be used to generate an example of the JSON which must be provided. We recommend storing this example in a file, modifying it as needed and then passing it back in via the file:// syntax.

--display-name [text]

A user-friendly name. Does not have to be unique, and it's changeable. Avoid entering confidential information.

--dns-label [text]

A DNS label for the VCN, used in conjunction with the VNIC's hostname and subnet's DNS label to form a fully qualified domain name (FQDN) for each VNIC within this subnet (for example, bminstance-1.subnet123.vcn1.oraclevcn.com). Not required to be unique, but it's a best practice to set unique DNS labels for VCNs in your tenancy. Must be an alphanumeric string that begins with a letter. The value cannot be changed.

You must set this value if you want instances to be able to use hostnames to resolve other instances in the VCN. Otherwise the Internet and VCN Resolver will not work.

For more information, see DNS in Your Virtual Cloud Network.

Example:

vcn1
--freeform-tags [complex type]

Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags.

Example:

{"Department": "Finance"}

This is a complex type whose value must be valid JSON. The value can be provided as a string on the command line or passed in as a file using the file://path/to/file syntax.

The --generate-param-json-input option can be used to generate an example of the JSON which must be provided. We recommend storing this example in a file, modifying it as needed and then passing it back in via the file:// syntax.

--from-json [text]

Provide input to this command as a JSON document from a file using the file://path-to/file syntax.

The --generate-full-command-json-input option can be used to generate a sample json file to be used with this command option. The key names are pre-populated and match the command option names (converted to camelCase format, e.g. compartment-id --> compartmentId), while the values of the keys need to be populated by the user before using the sample file as an input to this command. For any command option that accepts multiple values, the value of the key can be a JSON array.

Options can still be provided on the command line. If an option exists in both the JSON document and the command line then the command line specified value will be used.

For examples on usage of this option, please see our "using CLI with advanced JSON options" link: https://docs.cloud.oracle.com/iaas/Content/API/SDKDocs/cliusing.htm#AdvancedJSONOptions

--ipv6-cidr-block [text]

If you enable IPv6 for the VCN (see isIpv6Enabled), you may optionally provide an IPv6 /48 CIDR block from the supported ranges (see IPv6 Addresses. The addresses in this block will be considered private and cannot be accessed from the internet. The documentation refers to this as a custom CIDR for the VCN.

If you don't provide a custom CIDR for the VCN, Oracle assigns the VCN's IPv6 /48 CIDR block.

Regardless of whether you or Oracle assigns the ipv6CidrBlock, Oracle also assigns the VCN an IPv6 CIDR block for the VCN's public IP address space (see the ipv6PublicCidrBlock of the Vcn object). If you do not assign a custom CIDR, Oracle uses the same Oracle-assigned CIDR for both the private IP address space (ipv6CidrBlock in the Vcn object) and the public IP addreses space (ipv6PublicCidrBlock in the Vcn object). This means that a given VNIC might use the same IPv6 IP address for both private and public (internet) communication. You control whether an IPv6 address can be used for internet communication by using the isInternetAccessAllowed attribute in the Ipv6 object.

For important details about IPv6 addressing in a VCN, see IPv6 Addresses.

Example:

2001:0db8:0123::/48
--is-ipv6-enabled [boolean]

Whether IPv6 is enabled for the VCN. Default is false. You cannot change this later. For important details about IPv6 addressing in a VCN, see IPv6 Addresses.

Example:

true
--max-wait-seconds [integer]

The maximum time to wait for the resource to reach the lifecycle state defined by --wait-for-state. Defaults to 1200 seconds.

--wait-for-state [text]

This operation creates, modifies or deletes a resource that has a defined lifecycle state. Specify this option to perform the action and then wait until the resource reaches a given lifecycle state. Multiple states can be specified, returning on the first state. For example, --wait-for-state SUCCEEDED --wait-for-state FAILED would return on whichever lifecycle state is reached first. If timeout is reached, a return code of 2 is returned. For any other error, a return code of 1 is returned.

Accepted values are:

AVAILABLE, PROVISIONING, TERMINATED, TERMINATING
--wait-interval-seconds [integer]

Check every --wait-interval-seconds to see whether the resource to see if it has reached the lifecycle state defined by --wait-for-state. Defaults to 30 seconds.