On OCI, secondary VNICs currently get static-only config. This means:
- Only
ipv6Addresses[0] is configured, additional IPv6 addresses are dropped (DHCPv6 gets enabled only on no-IPv4 primaries, which does yield all configured addreses)
- No routing-policy rules, so outbound traffic from secondary VNIC IPs exits the primary interface and gets dropped by OCI's anti-spoofing (this affects IPv4 and IPv6)
- Users must hand-write a second netplan file for routes, routing-policy, and additional IPs
Tested on VM.Standard.A1.Flex (Ubuntu 22.04, 24.04):
- OCI does not serve DHCPv4 on secondary VNICs (tested on multiple instances, no response)
- OCI serves DHCPv6 on all VNICs — secondary VNICs get all assigned IPv6 addresses automatically
- OCI's IMDS reports all IPv4 and IPv6 addresses per VNIC, plus subnet CIDRs
- Routing-policy (
from: <ip>, table: <N>) is required for secondary VNICs or outbound traffic is dropped
The EC2 datasource already handles all of this (DataSourceEc2.py:1065-1186):
dhcp4: true on every NIC, not just primarydhcp6: true when IPv6 addresses exist- Per-IP routing-policy rules on non-primary NICs with
table: 100 + nic_idx
- Additional static addresses via
get_secondary_addresses()
- Single-NIC cleanup (strips unnecessary overrides)
Oracle's datasource could follow the same pattern, adapted for OCI's DHCP behavior (no DHCPv4 on secondary, DHCPv6 on all).
We have a working v2-based implementation locally. Happy to PR if there's interest.
On OCI, secondary VNICs currently get static-only config. This means:
ipv6Addresses[0]is configured, additional IPv6 addresses are dropped (DHCPv6 gets enabled only on no-IPv4 primaries, which does yield all configured addreses)Tested on VM.Standard.A1.Flex (Ubuntu 22.04, 24.04):
from: <ip>, table: <N>) is required for secondary VNICs or outbound traffic is droppedThe EC2 datasource already handles all of this (
DataSourceEc2.py:1065-1186):dhcp4: trueon every NIC, not just primarydhcp6: truewhen IPv6 addresses existtable: 100 + nic_idxget_secondary_addresses()Oracle's datasource could follow the same pattern, adapted for OCI's DHCP behavior (no DHCPv4 on secondary, DHCPv6 on all).
We have a working v2-based implementation locally. Happy to PR if there's interest.