What is the best way to allow IP addresses for Oracle servers?
If static IP addresses are allowed for the Oracle servers and the IP range happens to change, there might be serious impacts to any integrations or CRON jobs that depend on open communication between a customer's site and Oracle servers. Oracle Cloud Operations can never guarantee that all site related communication will always originate within specific IP addresses. Hardware maintenance, server failover, server rotation, network appliance failover and many other factors can contribute to communications originating from differing IP addresses over time. Additionally, there are times when a site can be migrated to a different pod with considerably varying IP addresses, either to mitigate loading issues or at the customer's request.
It is best to use the Oracle domains for allowing Oracle servers. This will assure that the traffic between the Oracle servers and other locations will be uninterrupted in the event that the Oracle server IPs change due to any of the above listed reasons. The domains will be covered in the environmental section of your documentation. (See the Network Requirements section of the Infrastructure Requirements for the version your site is running in Oracle B2C Service Infrastructure Requirements.) It is best to use the domains in the allow list to assure that all Oracle IPs are covered and any future Oracle IP changes will not impact the communications. Since Oracle has absolutely no control over the customer's network appliances or infrastructure, there is no other reliable way to assure uninterrupted communications.
As an example, a CRON job runs to retrieve contact information from the site and update a customer side system or server. In typical situations, an SFTP server is maintained or a SOAP endpoint is exposed. If the allow list on the customer's side is for only a few static Oracle IP addresses and for some reason the pool of utility servers for the CRON job expands on the Oracle Cloud, the IP addresses that might be attempting to communicate with the customer's server could be different than in the past. The communication will then be blocked by the customer's network appliances or firewalls because all of the Oracle IP addresses are not within the allowed address space due to the static IPs allowed.