You created a public subnet and an internet gateway in your virtual cloud network (VCN) of Oracle Cloud Infrastructure.
The public subnet has an associated route table and security list.
However, after creating several compute instances in the public subnet, none can reach the Internet.
Which two are possible reasons for the connectivity issue? (Choose two.)
Click on the arrows to vote for the correct answer
A. B. C. D. E.AD.
Sure, I'd be happy to help!
In this scenario, you have created a public subnet and an internet gateway in your virtual cloud network (VCN) in Oracle Cloud Infrastructure (OCI). You have also associated a route table and security list with the public subnet. However, after creating several compute instances in the public subnet, you are unable to reach the internet. Let's discuss the possible reasons for this connectivity issue.
A. The route table has no default route for routing traffic to the internet gateway. The route table in OCI is used to define the rules for routing network traffic within your VCN and to other networks outside your VCN, such as the internet. By default, when you create a VCN, OCI creates a default route table that contains a default route rule for routing traffic to the internet gateway. However, if you have created a custom route table and have not added a default route rule, the traffic from the compute instances in the public subnet will not be able to reach the internet gateway. Therefore, the absence of a default route in the custom route table can be a reason for the connectivity issue.
B. There is no stateful egress rule in the security list associated with the public subnet. The security list in OCI is used to define the ingress and egress rules for network traffic to and from the resources within your VCN. By default, when you create a VCN, OCI creates a default security list that allows all traffic to and from the resources within your VCN. However, if you have created a custom security list and have not added a stateful egress rule that allows outbound traffic to the internet, the compute instances in the public subnet will not be able to reach the internet. Therefore, the absence of a stateful egress rule in the custom security list can be a reason for the connectivity issue.
C. There is no dynamic routing gateway (DRG) associated with the VCN. A dynamic routing gateway (DRG) in OCI is used to enable private connectivity between your VCN and other networks outside your VCN, such as your on-premises network or another VCN in a different region. However, in this scenario, the issue is with the compute instances in the public subnet being unable to reach the internet. Therefore, the absence of a DRG is not a possible reason for the connectivity issue.
D. There is no stateful ingress rule in the security list associated with the public subnet. As mentioned earlier, the security list in OCI is used to define the ingress and egress rules for network traffic to and from the resources within your VCN. In this scenario, the issue is with the compute instances in the public subnet being unable to reach the internet. Therefore, the absence of a stateful ingress rule in the custom security list is not a possible reason for the connectivity issue.
E. A NAT gateway is needed to enable the communication flow to internet. A network address translation (NAT) gateway in OCI is used to enable the compute instances in your private subnet to access the internet without exposing their private IP addresses to the public. However, in this scenario, the compute instances are in the public subnet, which has a public IP address range associated with it. Therefore, the absence of a NAT gateway is not a possible reason for the connectivity issue.
To summarize, the possible reasons for the connectivity issue could be the absence of a default route in the custom route table and the absence of a stateful egress rule in the custom security list associated with the public subnet.