Build Dynamic Routing Gateway route tables and import distribution configurations.
Last verified: May 2026
Build Dynamic Routing Gateway route tables and import distribution configurations.
Required Fields
compartmentIddrgIddisplayNamerouteRulesOutput will appear here...The Dynamic Routing Gateway (DRG) is OCI's central hub for routing traffic between VCNs, on-premises networks (via IPSec VPN or FastConnect), and remote peering connections. DRG route tables control how traffic is forwarded between attachments, enabling hub-and-spoke topologies, transit routing, and network segmentation. This builder helps you configure DRG route tables with static routes, import/export route distributions, and attachment associations for complex multi-VCN and hybrid networking architectures.
Your team is consolidating 12 VCNs across 3 environments (prod, staging, dev) onto a single DRG with hub-and-spoke routing. The builder generates: 3 DRG route tables (one per environment), import distributions filtering attachments by tag (env=prod attachments → prod route table only), static routes from each environment to the central inspection VCN. Result: prod traffic CANNOT route to dev workloads even if someone misconfigures IAM — the network layer enforces the boundary. Adding a new VCN: tag with env=prod, attach to DRG, routes auto-distribute via the policy.
Multiple route tables per DRG is the killer feature for network segmentation. Production VCNs route through one table, dev VCNs through another, on-prem through a third — each with its own route distribution policy. This enforces 'prod can't reach dev' at the network layer, not just IAM.
Static routes ALWAYS win over distributed routes. If you're getting unexpected traffic flows, check static routes first — they override BGP-distributed routes silently. Document static routes carefully and prefer distribution policies for large-scale routing where possible.
Use route distribution policies for SCALABLE network architecture. Manually adding routes to N route tables when a new VCN is added is error-prone and doesn't scale. Distribution policies (e.g., 'import all routes from VCN attachments tagged production') auto-configure routing as new attachments are added.
The builder constructs OCI DRG route table configurations with: DRG resource (compartment, name), route table resource (with import distribution policy and is_ecmp_enabled flag), route distribution policies (with statements for matching attachments by attachment type or specific OCID), static routes (CIDR + next hop attachment OCID), and attachment-to-route-table associations. Output is generated as oci network drg-route-table commands and Terraform oci_core_drg_route_table + oci_core_drg_route_distribution + oci_core_drg_attachment resources.
Was this tool helpful?
Disclaimer: This tool runs entirely in your browser. No data is sent to our servers. Always verify outputs before using them in production. AWS, Azure, and GCP are trademarks of their respective owners.