How many IP addresses does OCI reserve in each subnet?

OCI reserves the first two addresses (network address and a reserved address) and the last address (broadcast) in each subnet, totaling three reserved addresses. For example, a /24 subnet has 253 usable addresses out of 256. This is fewer reserved addresses than AWS (which reserves five), giving you slightly more usable IPs per subnet in OCI.

Should I use regional subnets or AD-specific subnets?

Oracle recommends regional subnets for most workloads. Regional subnets span all availability domains in a region, simplifying management and providing more flexibility for resource placement. AD-specific subnets are scoped to a single availability domain and are primarily needed for legacy configurations. Regional subnets also make it easier to use regional load balancers and simplify CIDR planning since you need fewer subnets.

Can I add more CIDR blocks to an existing VCN?

Yes, OCI supports up to five CIDR blocks per VCN, and you can add or remove secondary CIDR blocks after VCN creation without downtime. The new CIDR block cannot overlap with existing VCN CIDRs or with CIDRs of peered VCNs. This feature is useful for extending address space when your original CIDR runs out of room for new subnets.

OCI VCN CIDR Planner

NetworkingOCI

Plan VCN and subnet CIDR allocation with availability domain awareness.

Last verified: May 2026

VCN Subnet Configuration

VCN CIDR Block

Number of Subnets

Subnet Prefix Length

Subnet Type

OCI reserves 3 IPs per subnet: network address, default gateway, and broadcast address. VCN CIDR must be between /16 and /30.

Raw Output

Output will appear here...

See It in Action

Your team is designing a 3-tier VCN in OCI with separate subnets for web, app, and database tiers across 3 ADs. The planner takes input: VCN CIDR 10.0.0.0/16, web tier needs 100 instances, app tier 500, db tier 50. Output: 3 regional /22 subnets (1024 IPs each) for the 3 tiers, leaving 60% headroom for growth. Terraform generates with all 3 subnets correctly tagged, route table associations, and security list bindings. Total VCN setup time: 30 minutes vs the half-day of CIDR math + ARM template debugging it would otherwise take.

What This Tool Does

Planning CIDR blocks for OCI Virtual Cloud Networks requires careful consideration of subnet sizes, route aggregation, peering constraints, and future growth. OCI VCNs support multiple CIDR blocks (up to five per VCN) and subnets can be regional or availability-domain-specific. The VCN CIDR Planner helps you design IP address schemes that avoid overlapping ranges, accommodate required subnet sizes for each tier, and leave room for expansion. It calculates usable addresses per subnet (accounting for OCI's reserved addresses) and validates that your plan supports VCN peering and on-premises connectivity.

Technical Details

The planner takes inputs (VCN parent CIDR(s), required subnet count + size for each tier, availability domain count, on-prem CIDRs to avoid) and generates a hierarchical subnet allocation. It validates that subnets fit within the parent CIDR, don't overlap with each other or with on-prem ranges, and accommodate OCI's 3 reserved IPs per subnet. Output is an annotated allocation table plus Terraform oci_core_vcn + oci_core_subnet resource definitions.

Common Use Cases

1Designing a multi-tier VCN layout with separate subnets for web, application, and database tiers across three availability domains
2Planning non-overlapping CIDR blocks for multiple VCNs that will be connected via Local Peering Gateways or a DRG
3Calculating subnet sizes that accommodate expected instance counts plus headroom for autoscaling and future growth
4Validating that planned VCN CIDRs do not conflict with on-premises address ranges connected via FastConnect or IPSec VPN

Common Questions

How many IP addresses does OCI reserve in each subnet?: OCI reserves the first two addresses (network address and a reserved address) and the last address (broadcast) in each subnet, totaling three reserved addresses. For example, a /24 subnet has 253 usable addresses out of 256. This is fewer reserved addresses than AWS (which reserves five), giving you slightly more usable IPs per subnet in OCI.
Should I use regional subnets or AD-specific subnets?: Oracle recommends regional subnets for most workloads. Regional subnets span all availability domains in a region, simplifying management and providing more flexibility for resource placement. AD-specific subnets are scoped to a single availability domain and are primarily needed for legacy configurations. Regional subnets also make it easier to use regional load balancers and simplify CIDR planning since you need fewer subnets.
Can I add more CIDR blocks to an existing VCN?: Yes, OCI supports up to five CIDR blocks per VCN, and you can add or remove secondary CIDR blocks after VCN creation without downtime. The new CIDR block cannot overlap with existing VCN CIDRs or with CIDRs of peered VCNs. This feature is useful for extending address space when your original CIDR runs out of room for new subnets.

Expert Tips

TIP

OCI VCNs allow up to 5 CIDR blocks per VCN, so you can extend address space if needed without recreating. But CIDRs added later cannot overlap with peered VCN CIDRs — plan your global address scheme up front to avoid having to renumber a peered VCN later.

TIP

Regional subnets are the right default for new VCNs. AD-specific subnets are a legacy concept that complicates resource placement and offers no real advantage in modern OCI deployments. Only use AD-specific if you have a hard requirement (e.g., specific availability constraints or legacy app pinning).

TIP

OCI reserves 3 IPs per subnet (vs AWS's 5), so subnets are slightly more space-efficient. A /28 in OCI gives you 13 usable IPs vs AWS's 11. For tight subnet sizing this matters — but in practice, always size subnets generously with /24 or larger for production.

Related Learning Guides

OCI VCN Networking Deep Dive25 min read

Was this tool helpful?

Disclaimer: This tool runs entirely in your browser. No data is sent to our servers. Always verify outputs before using them in production. AWS, Azure, and GCP are trademarks of their respective owners.