Explanation
References: https://docs.cloud.oracle.com/en-us/iaas/Content/Network/Concepts/fastconnectoverview.htm You use a DRG when connecting your existing on-premises network to your virtual cloud network (VCN) with one (or both) of these:
IPSec VPN
Oracle Cloud Infrastructure FastConnect
You also use a DRG when peering a VCN with a VCN in a different region:
Remote VCN Peering (Across Regions)

Reference:
https://docs.cloud.oracle.com/en-us/iaas/Content/Object/Tasks/usingversioning.htm

Explanation
When creating a compartment, you must provide a name for it (maximum 100 characters, including letters, numbers, periods, hyphens, and underscores) that is unique within its parent compartment. You must also provide a description, which is a non-unique, changeable description for the compartment, from 1 through 400 characters.
After creating a compartment, you need to write at least one policy for it, otherwise no one can access it (except administrators or users who have permissions set at the tenancy level). When creating a compartment inside another compartment, the compartment inherits access permissions from compartments higher up its hierarchy.
When you create an access policy, you need to specify which compartment to attach it to. This controls who can later modify or delete the policy. Depending on how you've designed your compartment hierarchy, you might attach it to the tenancy, a parent, or to the specific compartment itself.

When you create a subnet, by default it's considered public, which means instances in that subnet are allowed to have public IP addresses. Whoever launches the instance chooses whether it will have a public IP address. You can override that behavior when creating the subnet and request that it be private, which means instances launched in the subnet are prohibited from having public IP addresses. Network administrators can therefore ensure that instances in the subnet have no internet access, even if the VCN has a working internet gateway, and security rules and firewall rules allow the traffic.
There are two optional gateways (virtual routers) that you can add to your VCN depending on the type of internet access you need:
Internet gateway: For resources with public IP addresses that need to be reached from the internet (example: a web server) or need to initiate connections to the internet.
NAT gateway: For resources without public IP addresses that need to initiate connections to the internet (example: for software updates) but need to be protected from inbound connections from the internet.
Just having an internet gateway alone does not expose the instances in the VCN's subnets directly to the internet. The following requirements must also be met:
The internet gateway must be enabled (by default, the internet gateway is enabled upon creation).
The subnet must be public.
The subnet must have a route rule that directs traffic to the internet gateway.
The subnet must have security list rules that allow the traffic (and each instance's firewall must allow the traffic).
The instance must have a public IP address.