Subnet Size Requirements and Security Rules for Recovery Service Subnet

The security rules are necessary to allow backup traffic between a database and Recovery Service.

Note

Select an IPv4-only subnet for Recovery Service in your database VCN. Do not select an IPv6-enabled subnet as Recovery Service does not support using an IPv6-enabled subnet. See Creating a Subnet to learn more.

Table 2-6 Subnet size requirements and ingress rules for a private subnet used by Recovery Service

Item Requirements

Minimum subnet size

/24 (256 IP addresses)

General ingress rule 1: Allow HTTPS traffic from Anywhere

This rule allows backup traffic from your Oracle Cloud Infrastructure Database to Recovery Service.

  • Stateless: No (all rules must be stateful)
  • Source Type: CIDR
  • Source CIDR: CIDR of the VCN where the database resides
  • IP Protocol: TCP
  • Source Port Range: All
  • Destination Port Range: 8005

General ingress rule 2: Allows SQLNet Traffic from Anywhere

This rule allows recovery catalog connections and real-time data protection from your Oracle Cloud Infrastructure Database to Recovery Service.

  • Stateless: No (all rules must be stateful)
  • Source Type: CIDR
  • Source CIDR: CIDR of the VCN where the database resides
  • IP Protocol: TCP
  • Source Port Range: All
  • Destination Port Range: 2484
Note

If you use network security groups (NSG) to implement security rules or if your database VCN restricts network traffic between subnets, then ensure to add an egress rule for ports 2484 and 8005 from the database NSG or subnet to the Recovery Service NSG or subnet that you create.