Oracle Cloud Infrastructure Documentation

Configuring SR-IOV for Virtual Networking

On a Roving Edge device, single root I/O virtualization (SR-IOV) technology enables instances to achieve low latency and high throughput simultaneously on 1 or more physical links. This technology is ideal for low-latency workloads such as video streaming, real-time applications, and large or clustered databases. Hardware-assisted (SR-IOV) networking uses the VFIO driver framework.

VCNs and instances must be configured and enabled for SR-IOV.

You configure a VCN to support SR-IOV by adding three keys in the OraclePCA defined tag namespace:

  • networkType:VFIO

  • vfioPcieSlot:[0,2,3]

  • vfioPortIndex:[0,1,2,3]

One VCN can only be associated to one slot and one port.

You can't add these tags to an existing VCN. These tags can't be changed or removed from the VCN. The only way to remove these tags is to delete the VCN.

Linux instances natively support SR-IOV, however, you must configure a secondary VNIC on your instance, in addition to the primary network interface, as a path to the physical NIC. Only secondary vNICs can be used for SR-IOV connectivity. The vNIC type is determined by the VCN's networkType tags. The guest has direct access to the virtual function and can use it immediately. However, because SR-IOV vNICs can only serve as secondary vNICs, you must set up the IP address either manually or with a script available here: https://docs.oracle.com/en-us/iaas/Content/Network/Tasks/managingVNICs.htm#Linux.

You can't create these VCN components in an SR-IOV VCN:

  • Internet Gateways

  • NAT Gateways

  • Local Peering Gateways

  • Service Gateways

  • Security Lists. You can't add new entries to a default security list belonging to an SR-IOV VCN. By default, the SR-IOV VCN has open ingress and egress, with just 1 rule each.

  • DHCP Options

  • Network Security Groups

  • Route Tables. You can only add a default route with the target as an SR-IOV DRG in the default route table of an SR-IOV VCN.

  • You can't create the following objects using an SR-IOV VCN/subnet: Load Balancer, Network Load Balancer, Mount Targets, OKE clusters.

Guidelines and Limitations

  • Roving Edge supports up to 32 Physical Functions (PFs) per compute node.

  • VFIO vNICs are limited by the shape, up to 27. If additional devices (PV vNICs, GPUs, etc) are attached to the VM, then the absolute limit of VFIO vNICs is reduced accordingly.

  • IPv4 and IPv6 SR-IOV vNICs are not supported on Suse Linux.

Configure SR-IOV Networking

  1. Ensure you have the networkType: VFIO, vfioPcieSlot:[0,2,3] , and vfioPortIndex : [0,1,2,3] tags defined in the OraclePCA defined tag namespace. See Using OraclePCA Defined Tags for Extended Functionality.

    Setting the networkType: VFIO, vfioPcieSlot:[0,2,3] , and vfioPortIndex : [0,1,2,3] tags enables SR-IOV functionality.

    Note

    When you update a VCN that has the networkType: VFIO, vfioPcieSlot:[0,2,3] , and vfioPortIndex : [0,1,2,3] tags applied, those tags can't be changed or removed from the VCN . If you want this VCN to no longer be configured for SR-IOV, then delete the VCN and create new ones that don't have the networkType: VFIO, vfioPcieSlot:[0,2,3] , and vfioPortIndex : [0,1,2,3] tags set.

  2. Enable SR-IOV on the slot and port you want to use.

    The available options are vfioPcieSlot=[0,2,3] and vfioPortIndex=[0,1,2,3]. See Identify Front and Rear Panel Items for slot and port locations.

    RED2-ADMIN> updateSrIovAllowedPorts srIovAllowedPorts=slot0port1
Command: updateSrIovAllowedPorts srIovAllowedPorts=slot0port1
Status: Success
Time: 2025-12-22 19:09:36,169 UTC
Data: 
  status = Success

    Confirm the port is enabled.

    RED2-ADMIN> getSrIovAllowedPorts                                 
Command: getSrIovAllowedPorts
Status: Success
Time: 2025-12-22 19:09:42,519 UTC
Data: 
  status = Success
  data = Allowed ports: slot0port1
         slot0port1 is not in use

  3. Create a VCN with SR-IOV functionality enabled.

    Create a VCN using the port you enabled in step 2. See Creating a VCN. In the Tagging section, add the OraclePCA.networkType tags with these values, for this example: networkType:VFIO, vfioPcieSlot:0 , and vfioPortIndex:1 tags.

    You must create a VCN with SR-IOV support enabled, you can't convert an existing VCN to include SR-IOV functionality.

  4. Prepare an instance for SR-IOV functionality.

    1. Create and launch an instance. See Creating an Instance.
    2. Attach a VFIO vNIC to the instance by specifying the subnet created from previously mentioned VFIO VCN. The primary VNIC of the instance can't be the SR-IOV VNIC. See Creating and Attaching a Secondary VNIC.
    3. Configure the secondary IP address on an SR-IOV interface either manually or with a script available here: https://docs.oracle.com/en-us/iaas/Content/Network/Tasks/managingVNICs.htm#Linux

  5. If you need to remove SR-IOV functionality from a port, use this command.

    RED2-ADMIN> updateSrIovAllowedPorts srIovAllowedPorts=,                     
Command: updateSrIovAllowedPorts srIovAllowedPorts=,
Status: Success
Time: 2025-12-22 19:12:22,242 UTC
Data: 
  status = Success

RED2-ADMIN> getSrIovAllowedPorts                        
Command: getSrIovAllowedPorts
Status: Success
Time: 2025-12-22 19:12:25,275 UTC
Data: 
  status = Success