Configuring SR-IOV for Virtual Networking

Single root I/O virtualization (SR-IOV) technology enables virtual machines to achieve low latency and high throughput simultaneously on 1 or more physical links. Oracle Private Cloud Appliance supports up to 84 Virtual Functions (VFs) per compute node. For more information see the SR-IOV section in the Oracle Private Cloud Appliance Concepts Guide.

This section describes how to configure SR-IOV networking.

  1. Ensure you have the OraclePCA.networkType tag defined on the system. See "Network Configuration for SR-IOV" in Creating OraclePCA Tags.

    Setting the OraclePCA.networkType:VFIO tag enables SR-IOV functionality.

    Note:

    When you update a VCN or DRG that has the OraclePCA.networkType:VFIO tag applied, that tag cannot be changed or removed from the VCN or DRG. If you want this VCN or DRG to no longer be configured for SR-IOV, then delete the VCN or DRG and create new ones that do not have the OraclePCA.networkType:VFIO tag set.

  2. Create a VCN with SR-IOV functionality enabled.

    Create a VCN as described in Creating a VCN. In the Tagging section, add the OraclePCA.networkType tag with the value VFIO.

    You must create a VCN with SR-IOV support enabled: the OraclePCA.networkType tag applied with value VFIO. You cannot add SR-IOV functionality to an existing VCN.

  3. If you plan to use a DRG in your SR-IOV configuration, you must create a DRG with SR-IOV functionalty. Only SR-IOV DRGs can attach to SR-IOV VCNs.

    1. Create a DRG as described in Create a Dynamic Routing Gateway. In the Tagging section, add the OraclePCA.networkType tag with the value VFIO.

      You must create a DRG with SR-IOV support enabled: the OraclePCA.networkType tag applied with value VFIO. You cannot add SR-IOV functionality to an existing DRG.

    2. Attach the SR-IOVs VCNs to the DRG as described in Attach VCNs to a Dynamic Routing Gateway.

  4. Prepare an instance for SR-IOV functionality.

    1. Create and launch an instance. See Creating an Instance.
    2. Create and attach a secondary VNIC to the instance to use as the SR-IOV network interface. The primary VNIC of the instance cannot be the SR-IOV VNIC. See Assigning a Secondary Private IP Address in Configuring VNICs and IP Addressing.
    3. Configure the network bond interfaces, including the secondary IP address on a SR-IOV bond port, using the configure_vfio script provided in the Oracle systems blog Automating SR-IOV/VFIO bond creation on Oracle Compute Cloud@Customer and Private Cloud Appliance.

Note the following when working with SR-IOV components:

  • Instances configured with SR-IOV networking are non-migratable instances. These types of instances can't be live migrated. If you need to migrate these instances, you must manually shut down the instance before migration. For more information, see Migrating Instances from a Compute Node.

  • You can't create these VCN components in an SR-IOV VCN:

    • Internet Gateways

    • NAT Gateways

    • Local Peering Gateways

    • Service Gateways

    • Security Lists. You can't add new entries to a default security list belonging to an SR-IOV VCN. By default, the SR-IOV VCN has open ingress and egress, with just 1 rule each.

    • DHCP Options

    • Network Security Groups

    • Route Tables. You can only add a default route with the target as an SR-IOV DRG in the default route table of an SR-IOV VCN.

    • You can't create the following objects using an SR-IOV VCN/subnet: Load Balancer, Network Load Balancer, Mount Targets, OKE clusters.