Removing or Changing a Service Gateway's Service CIDR label
Remove or change a specified service CIDR label from the specified service gateway.
Because Object Storage is covered by both OCI <region> Object Storage and All <region> Services in Oracle Services Network, a service gateway can use only one of those service CIDR labels. Likewise, a route table can have a single rule for one of the service CIDR labels. It cannot have two separate rules, one for each label.
If the service gateway is configured to use All <region> Services in Oracle Services Network, the route rule can use either CIDR label. However, if the service gateway is configured to use OCI <region> Object Storage and the route rule uses All <region> Services in Oracle Services Network, traffic to services in the Oracle Services Network except Object Storage will be blackholed. The Console prohibits you from configuring the service gateway and corresponding route table in that manner.
If you want to switch the service gateway to use a different service CIDR label, see When You Switch to a Different Service CIDR Label.
Once you have assigned a service CIDR label to a service gateway, the Console will allow you to switch to the other label, but the service gateway must always have a service CIDR label. The API and CLI will allow you to remove the service CIDR label completely.
You can't completely remove the service CIDR label using the Console after you've assigned this option. This operation is available in the CLI and API. The steps below can be used to change the assigned service CIDR label to the other option provided.
- In the Console, confirm you're viewing the compartment that contains the VCN with the SGW you're interested in. For information about compartments and access control, see Access Control.
- Open the navigation menu, click Networking, and then click Virtual cloud networks.
- Click the name of the VCN that has the service gateway that you're interested in.
- Under Resources, click Service Gateways.
-
For the service gateway that you're interested in, click the Actions menu (
), and then select
Edit.
- In the Services: field, choose the other service CIDR label. Without a service CIDR label enabled for the gateway, no traffic flows through it.
- Click Save changes.
What's Next
- Remove any route rules for that service CIDR label and gateway. Do this for the route tables for any subnets that no longer need to access the service CIDR label through the gateway. See instructions in Task 2: Update routing for the subnet.
- Remove any security rules for that service CIDR label. Do this for the security lists for any subnets that no longer need to access the service CIDR label. See instructions in Task 3: (Optional) Update security rules.
Use the network service-gateway detach command and required parameters to remove a service CIDR label from a service gateway:
oci network service-gateway detach --service-gateway-id sgw-ocid --service-id service-ocid ... [OPTIONS]The service gateway can only have one service CIDR label at a time. If you're trying to change the service CIDR label, remove the old service CIDR label and then use the network service-gateway attach command and required parameters to add the desired service CIDR label to the service gateway:
oci network service-gateway attach --service-gateway-id sgw-ocid --service-id service-ocid ... [OPTIONS]For a complete list of parameters and values for CLI commands, see the CLI Command Reference.
Run the DetachServiceId operation to remove a service CIDR label for a service gateway.
The service gateway can only have one service CIDR label at a time. If you're trying to change the service CIDR label, first remove the old service CIDR label and then run the AttachServiceId operation to add a new service CIDR label to a service gateway.
Use ListServices to determine the available service CIDR labels. GetService: Gets the details for a particular service CIDR label.