Direct NFS uses a configuration file,
oranfstab, to determine the available mount points.
oranfstab file with the following attributes for each NFS server that you want to access using Direct NFS Client:
The NFS server name.
For NFS setup with Kerberos authentication, the
serverattribute name must be the fully-qualified name of the NFS server. This
serverattribute name is used to create service principal for Ticket Granting Service (TGS) request from the Kerberos server. If you are configuring external storage snapshot cloning, then the NFS
servername should be a valid host name. For all other scenarios, the NFS
servername can be any unique name.
Up to four paths on the database host, specified by IP address or by name, as displayed using the
ifconfigcommand run on the database host.
Up to four network paths to the NFS server, specified either by IP address, or by name, as displayed using the
ifconfigcommand on the NFS server.
The exported path from the NFS server.
The corresponding local mount point for the exported volume.
Specifies (in seconds) the time Direct NFS Client should wait for a successful mount before timing out. This parameter is optional. The default timeout is 10 minutes (600).
Specifies the NFS protocol version used by Direct NFS Client. Possible values are NFSv3, NFSv4, NFSv4.1, and pNFS. The default version is NFSv3. If you select NFSv4.x, then you must configure the value in
pNFS, if you want to use Direct NFS with Parallel NFS. Direct NFS supports only the default
syssecurity authentication with Parallel NFS. Direct NFS does not support Parallel NFS when combined with any of the Kerberos authentication parameters.
Specifies the default security mode applicable for all the exported NFS server paths for a server entry. This parameter is optional.
sysis the default value. See the description of the security parameter for the supported security levels for the security_default parameter.
Specifies the security level, to enable security using Kerberos authentication protocol with Direct NFS Client. This optional parameter can be specified per export-mount pair. The supported security levels for the security_default and security parameters are:
sys: UNIX level security AUTH_UNIX authentication based on user identifier (UID) and group identifier (GID) values. This is the default value for security parameters.
krb5: Direct NFS runs with plain Kerberos authentication. Server is authenticated as the real server which it claims to be.
krb5i: Direct NFS runs with Kerberos authentication and NFS integrity. Server is authenticated and each of the message transfers is checked for integrity.
krb5p: Direct NFS runs with Kerberos authentication and NFS privacy. Server is authenticated, and all data is completely encrypted.
The security parameter, if specified, takes precedence over the security_default parameter. If neither of these parameters are specified, then sys is the default authentication.
For NFS server Kerberos security setup, review the relevant NFS server documentation. For Kerberos client setup, review the relevant operating system documentation.
Specifies that outgoing messages should not be routed by the operating system, but instead sent using the IP address to which they are bound.
dontrouteoption is a POSIX option, which sometimes does not work on Linux systems with multiple paths in the same subnet.
Enables Direct NFS Client to use the management interface for SNMP queries. You can use this parameter if SNMP is running on separate management interfaces on the NFS server. The default value is the server parameter value.
Specifies the community string for use in SNMP queries. Default value is
The following examples show three possible NFS server entries in
oranfstab. A single
oranfstab can have multiple NFS server entries.
Example 8-1 Using Local and Path NFS Server Entries
The following example uses both local and path. Because they are in different subnets, you do not have to specify
export: /vol/oradata1 mount: /mnt/oradata1
Example 8-2 Using Local and Path in the Same Subnet, with dontroute
Local and path in the same subnet, where
dontroute is specified:
export: /vol/oradata2 mount: /mnt/oradata2
Example 8-3 Using Names in Place of IP Addresses, with Multiple Exports, management and community
export: /vol/oradata3 mount: /mnt/oradata3
export: /vol/oradata4 mount: /mnt/oradata4
export: /vol/oradata5 mount: /mnt/oradata5
export: /vol/oradata6 mount: /mnt/oradata6
Example 8-4 Using Kerberos Authentication with Direct NFS Export
security parameter overrides
export: /private/oracle1/logs mount: /logs security: krb5
export: /private/oracle1/data mount: /data security: krb5p
export: /private/oracle1/archive mount: /archive security: sys
export: /private/oracle1/data1 mount: /data1