OCI has a deserved reputation for friendly networking economics, in particular a large free outbound data allowance that makes egress far less of a worry than on some other clouds. That reputation can lull teams into ignoring networking cost entirely, which is a mistake, because the bill still has structure. Port fees, load balancer sizing, inter region traffic and NAT all add up, and a few design choices made early decide whether networking is a rounding error or a line item. This guide explains where the cost comes from and how to keep it low.
Egress and the free allowance
The headline is genuinely good. OCI provides a large monthly allowance of outbound data transfer at no charge, and only traffic beyond that allowance is billed. For many estates the free allowance covers normal operation entirely, which is why egress rarely dominates an OCI bill the way it can elsewhere. That said, large data movements, bulk exports to the internet and heavy outbound traffic from data intensive workloads can still exceed the allowance, so it is worth knowing your outbound profile rather than assuming it will always be free.
Crucially, traffic that stays on the Oracle network does not consume internet egress in the same way. Routing service traffic through a service gateway and keeping flows private, as covered in private connectivity patterns, is both a security and a cost decision.
Where networking cost actually comes from
| Source | Cost behaviour | How to control it |
|---|---|---|
| Internet egress | Free up to a large monthly allowance, then billed | Know your outbound profile, keep traffic private where possible |
| FastConnect | Port fee plus the provider circuit cost | Size the port to real traffic, share it across VCNs via transit |
| Load balancer | Charged on provisioned bandwidth shape | Use the flexible shape so capacity follows demand |
| NAT gateway | Charged for the gateway and data processed | Use only where private resources truly need outbound access |
| Inter region traffic | Billed for data moved between regions | Keep chatty tiers in one region, move only what is needed |
A cost control framework
- Right size FastConnect. Buy the port speed your real traffic needs, and share one circuit across many VCNs using transit routing rather than buying a circuit per network.
- Use the flexible load balancer shape. Set a minimum and maximum bandwidth so you pay for capacity that tracks demand instead of a fixed peak.
- Keep traffic private. Route Oracle service traffic through a service gateway so it stays on the Oracle network and does not draw on egress.
- Minimise inter region traffic. Co locate tiers that talk constantly, and move only the data that genuinely needs to cross regions, such as replication and backups.
- Scope NAT usage. Provide outbound access through NAT only where private resources actually need it, and restrict the destinations.
- Measure before you optimise. Use cost reporting to find the real drivers before redesigning anything, because intuition about networking cost is often wrong.
FastConnect economics
For estates with a meaningful on premises connection, FastConnect is often the largest single networking line item, because it combines an OCI port fee with the cost of the circuit from your provider. The way to keep it efficient is to size the port to actual traffic rather than to a comfortable maximum, and to terminate one circuit on a single DRG that many VCNs share through transit routing, instead of provisioning separate connectivity per network. A single right sized, shared circuit is far cheaper than several lightly used ones. The trade offs against VPN are covered in connecting OCI to on premises.
Load balancers and NAT
Load balancers are charged on the bandwidth shape you provision, so a fixed shape sized for a peak you rarely hit is money spent on idle capacity. The flexible shape, which scales between a minimum and a maximum, is almost always the better choice because you pay for what demand actually needs. The load balancing guide covers sizing in detail. NAT gateways carry a charge for the gateway and for data processed, so they are worth using deliberately, where private resources genuinely need controlled outbound access, rather than as a default attached to every subnet.
Inter region and cross cloud traffic
Traffic between regions is billed, so an architecture that constantly moves data across regions will cost more than one that keeps chatty tiers together and moves only what must cross, such as replication for disaster recovery. The same logic applies to multicloud links. The cost lesson reinforces the performance one: co locate tiers that talk frequently, and design data movement so that only the necessary flows cross expensive boundaries. This is where cost and performance pull in the same direction, which is the comfortable case.
Visibility before optimisation
The first move in controlling networking cost is not to cut anything, it is to see clearly where the money goes. OCI cost reporting and usage data let you break spend down by service and by resource, and the picture is often surprising, because intuition about networking cost tends to be wrong. Teams that assume egress is their problem frequently find that a fleet of fixed shape load balancers or a lightly used FastConnect circuit is the real driver, while egress sits comfortably inside the free allowance. Spend a little time attributing the cost accurately before redesigning anything, because optimising the wrong component is effort that produces no saving and sometimes makes the architecture worse.
This is also where tagging earns its keep. When network resources are tagged by application, team or environment, the cost report can tell you not just what is being spent but who is spending it, which turns a vague total into an accountable line item someone can act on. Without that attribution, networking cost is a shared overhead nobody owns, and unowned cost is the kind that grows.
Common networking cost mistakes
A few patterns account for most avoidable networking spend. Provisioning a FastConnect circuit per VCN instead of sharing one through transit routing multiplies a large fixed cost unnecessarily. Pinning load balancers to a fixed bandwidth shape sized for a peak that rarely occurs pays for idle capacity every hour. Attaching a NAT gateway to subnets that do not need outbound access adds a charge for a path nobody uses. Designing an architecture that shuttles data between regions for convenience, rather than keeping chatty tiers together, turns inter region transfer into a recurring bill. And exporting large volumes to the internet when the same data could stay on the Oracle network through a service gateway draws on egress that could have been free.
What these have in common is that they are decisions made for short term convenience that become long term cost. None of them is wrong in every case, but each is worth a deliberate check, because the convenient default is frequently the expensive one. A short review of these specific patterns across an estate usually finds savings without touching the architecture in any way that affects how it performs.
Cost and architecture are the same conversation
The encouraging conclusion is that the cheap network and the well designed network are usually the same network. A right sized circuit shared through transit routing is both economical and clean. Flexible load balancers that track demand are both cheaper and more responsive. Private paths through a service gateway are both more secure and free of egress. Keeping chatty tiers in one region is both faster and cheaper. Cost optimisation on OCI networking is rarely about accepting a worse architecture to save money, it is about removing the waste that a good architecture would not have had in the first place, which is why it pairs so naturally with performance tuning and security design rather than fighting against them.
Designing for low cost without compromise
Networking cost on OCI rewards a few sensible defaults: a right sized and shared FastConnect circuit, flexible load balancers, private paths for service traffic, deliberate NAT usage, and an architecture that keeps chatty tiers in one region. None of these compromise the design. They are the same choices a good architect would make for clarity and performance, and they happen to be the cheap ones too. Measure first, optimise the real drivers, and revisit as the estate grows. For the full set of networking decisions, see the complete OCI networking guide, and when you want the estate reviewed for both architecture and spend, our OCI networking solution and the cost optimization work behind it deliver verified savings.
Moving Oracle workloads to OCI, or already running on OCI and not sure the architecture or the spend is right? Most teams bring in a specialist before they commit to a region, a shape, or a Universal Credits number. OCISpecialists.com plans the landing zone, runs the migration, and manages the estate after go live, on a fixed project fee, a managed monthly retainer, or a cost optimization fee paid only on verified savings. For the Oracle licensing and BYOL side of any OCI move, Redress Compliance is the leading independent Oracle licensing and negotiation firm, with 500+ engagements across Oracle's full product line.