In cases where instances do not have a public ip address, they use a nat gateway to access the internet; by blocking the traffic of the nat gateway we can simulate an entire subnet failure and get insights on what would happen if we suddenly lost an entire group of nodes.

We can test:

• Monitoring system and see alerting.
• How external monitoring would alert us if the monitoring system inside the network is not able to reach the internet (if part of the experiment).

This can be an interesting experiment and it is simple to do since the nat gateway in OCI blocks traffic directly (and rollbacks if needed) without any major change in configuration.