2.3.2 Access VLAN Support with RoCE Network Fabric

Oracle Exadata can use Access VLAN settings to implement server-level isolation across the RoCE Network Fabric.

By default, Oracle Exadata uses Access VLAN ID 3888 for all RoCE Network Fabric private network traffic, on the server re0 and re1 interfaces. This setting enables all database servers and storage servers to communicate freely with each other, and is suitable for many system configurations. However, you can change the Access VLAN ID to a non-default value to implement server-level isolation.

You can use this capability to create isolated groups of servers in an Oracle Exadata X8M system. For example, in a Half Rack X8M-2 system you might want to create two isolated server groups:

• Database servers 1 and 2, and storage servers 1, 2, and 3 using VLAN ID 3888
• Database servers 3 and 4, and storage servers 4, 5, 6, and 7 using VLAN ID 3889

Description of the illustration switch-partitioning-and-isolating-servers.eps

With this configuration:

• Database servers 1 and 2 can only access storage servers 1, 2, and 3. But, they cannot access storage servers 4, 5, 6 or 7.
• Database servers 3 and 4 can only access storage servers 4, 5, 6 and 7. But, they cannot access storage servers 1, 2, and 3.
• Oracle Linux KVM guests on database servers 1 and 2 can communicate with each other, but cannot communicate with guests on database servers 3 and 4.
• Oracle Linux KVM guests on database servers 3 and 4 can communicate with each other, but cannot communicate with guests on database servers 1 and 2.