diff --git a/oci.locals.tf b/oci.locals.tf
index ffa4df5..8bf9966 100644
--- a/oci.locals.tf
+++ b/oci.locals.tf
@@ -5,4 +5,6 @@ locals {
     "iac/source"    = var.iac_project_source
     "iac/component" = var.iac_project_name
   }
+  # vcn dns label must be only alphanumeric and max 15 chars
+  vcn_dns_label   = substr(replace(join("", [var.prefix, "vcn"]), "/(?i)[^0-9a-z]/", ""), 0, 15)
 }
diff --git a/oci.networking.tf b/oci.networking.tf
index e69de29..129ee4a 100644
--- a/oci.networking.tf
+++ b/oci.networking.tf
@@ -0,0 +1,50 @@
+resource "oci_core_vcn" "vcn" {
+  compartment_id = oci_identity_compartment.compartment.id
+  cidr_block     = var.vcn_cidr
+  is_ipv6enabled = var.enable_ipv6
+  display_name   = join("", [var.prefix, "vcn"])
+  dns_label      = local.vcn_dns_label
+  freeform_tags  = local.freeform_tags
+}
+
+resource "oci_core_internet_gateway" "igw" {
+  compartment_id = oci_identity_compartment.compartment.id
+  vcn_id         = oci_core_vcn.vcn.id
+  display_name   = join("", [var.prefix, "igw"])
+  freeform_tags  = local.freeform_tags
+}
+
+# https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/terraformbestpractices_topic-vcndefaults.htm
+
+resource "oci_core_default_route_table" "rt" {
+  compartment_id             = oci_identity_compartment.compartment.id
+  manage_default_resource_id = oci_core_vcn.vcn.default_route_table_id
+  freeform_tags              = local.freeform_tags
+  route_rules {
+    network_entity_id = oci_core_internet_gateway.igw.id
+    destination       = "0.0.0.0/0"
+  }
+}
+
+resource "oci_core_security_list" "open_ports" {
+  compartment_id = oci_identity_compartment.compartment.id
+  vcn_id         = oci_core_vcn.vcn.id
+  display_name   = "all-open"
+  freeform_tags  = local.freeform_tags
+  egress_security_rules {
+    destination = "0.0.0.0/0"
+    protocol    = "all"
+  }
+  egress_security_rules {
+    destination = "::/0"
+    protocol    = "all"
+  }
+  ingress_security_rules {
+    source   = "0.0.0.0/0"
+    protocol = "all"
+  }
+  ingress_security_rules {
+    source   = "::/0"
+    protocol = "all"
+  }
+}
diff --git a/terraform.outputs.tf b/terraform.outputs.tf
index 2a3bc3b..373656a 100644
--- a/terraform.outputs.tf
+++ b/terraform.outputs.tf
@@ -56,3 +56,18 @@ output "api_key_fingerprint" {
   description = "The fingerprint of the admin user API key"
   value       = try(oci_identity_api_key.admin[0].fingerprint, null)
 }
+
+output "vcn_cidr_blocks" {
+  description = "The CIDR block for the VCN"
+  value       = oci_core_vcn.vcn.cidr_blocks
+}
+
+output "vcn_ipv6_cidr_blocks" {
+  description = "The IPv6 CIDR block for the VCN"
+  value       = oci_core_vcn.vcn.ipv6cidr_blocks
+}
+
+output "vcn_ipv6_cidr_private_blocks" {
+  description = "The IPv6 CIDR block for the VCN"
+  value       = oci_core_vcn.vcn.ipv6private_cidr_blocks
+}
diff --git a/terraform.variables.tf b/terraform.variables.tf
index 340946d..4d1fe21 100644
--- a/terraform.variables.tf
+++ b/terraform.variables.tf
@@ -48,3 +48,15 @@ variable "admin_create_credentials" {
   }
   description = "Types of credentials to create for the admin user"
 }
+
+variable "vcn_cidr" {
+  description = "The CIDR block for the VCN"
+  type        = string
+  default     = "10.0.0.0/16"
+}
+
+variable "enable_ipv6" {
+  description = "Enable IPv6 for the VCN"
+  type        = bool
+  default     = true
+}