What could cause a problem with an integration between Oracle services and our own tenancy?
Environment:
OCI, Integrations, Oracle Service Gateway
Issue:
- Route rule with the Target Type set as internet gateway.
- Route rule with the Destination Service set as All <region> Services in Oracle Services Network and the Target Type set as service gateway.
Resolution:
One way to resolve this issue is to add a static route from your VCN to the Oracle NAT Gateway via your Internet Gateway and not the SGW.
Another resolution is to remove the route rule that has the Destination Service set as All <region> Services in Oracle Services Network and the Target Type set as service gateway. Revert to the configuration you used before adopting the service gateway for Oracle Services Network. With this change, your public instances retain access to all Oracle services through the internet gateway. Oracle services can continue to access your public instances.
However, your instances in the public subnet can continue to access Object Storage through the service gateway. Update the subnet's route table to include a route rule with Destination Service set as OCI <region> Object Storage and the Target set to the VCN's service gateway.
This known issue applies only to public subnets that have access to an internet gateway. Regarding private subnets: you can still configure a private subnet's route table to provide access to All <region> Services in Oracle Services Network or to OCI <region> Object Storage through the VCN's service gateway.
Additional Resources:
Access to Oracle Services: Service Gateway
Virtual Cloud Network (VCN) FAQ