Oracle Cloud Infrastructure Documentation
Try Free Tier

Configuring SR-IOV for Virtual Networking

On Compute Cloud@Customer, single root I/O virtualization (SR-IOV) technology enables instances to achieve low latency and high throughput simultaneously on 1 or more physical links. This technology is ideal for low-latency workloads such as video streaming, real-time applications, and large or clustered databases. Hardware-assisted (SR-IOV) networking uses the VFIO driver framework.

VCNs, DRGs, and instances must be configured and enabled for SR-IOV.

You configure a VCN to support SR-IOV by adding the networkType: VFIO tag in the OraclePCA defined tag namespace. You can't add this tag to an existing VCN. This tag can't be changed or removed from the VCN. The only way to remove the tag is to delete the VCN.

DRGs compatible with SR-IOV support also use the networkType: VFIO tag in the OraclePCA defined tag namespace. You can't add this tag to an existing DRG. This tag can't be changed or removed from the DRG. The only way to remove the tag is to delete the DRG. Only SR-IOV DRGs can attach to SR-IOV VCNs.

Linux instances natively support SR-IOV, however, you must configure a secondary VNIC on your instance, in addition to the primary network interface, as a path to the physical NIC. Only secondary vNICs can be used for SR-IOV connectivity. The vNIC type is determined by the VCN's networkType tag. You can use the script available in the Oracle blog Automating SR-IOV/VFIO bond creation on PCA/C3 available at https://blogs.oracle.com/oracle-systems/post/automating-sriovvfio-bond-creation-on-oracle-compute-cloudcustomer-and-private-cloud-appliance to automate creation of the network bond interfaces taking into account the variability in hardware type and SR-IOV/VFIO type VNIC count.

Important

Instances configured with SR-IOV networking are non-migratable instances. These types of instances can't be live migrated. Compute Cloud@Customer infrastructure upgrades can't migrate SR-IOV instances. You must manually shut down these types of instance before an upgrade. If you have SR-IOV instances, inform Oracle before Compute Cloud@Customer infrastructure is upgraded.See Creating a Support Request. To access support, sign in to the Oracle Cloud Console as described in Sign In to the OCI Console.

You can't create these VCN components in an SR-IOV VCN:

  • Internet Gateways

  • NAT Gateways

  • Local Peering Gateways

  • Service Gateways

  • Security Lists. You can't add new entries to a default security list belonging to an SR-IOV VCN. By default, the SR-IOV VCN has open ingress and egress, with just 1 rule each.

  • DHCP Options

  • Network Security Groups

  • Route Tables. You can only add a default route with the target as an SR-IOV DRG in the default route table of an SR-IOV VCN.

  • You can't create the following objects using an SR-IOV VCN/subnet: Load Balancer, Network Load Balancer, Mount Targets, OKE clusters.

Compute Cloud@Customer supports up to 84 Virtual Functions (VFs) per compute node.

Configure SR-IOV Networking

  1. Ensure you have the OraclePCA.networkType tag defined on the system. See Creating OraclePCA Tags.

    Setting the OraclePCA.networkType:VFIO tag enables SR-IOV functionality.

    Note

    When you update a VCN or DRG that has the OraclePCA.networkType:VFIO tag applied, that tag can't be changed or removed from the VCN or DRG. If you want this VCN or DRG to no longer be configured for SR-IOV, then delete the VCN or DRG and create new ones that don't have the OraclePCA.networkType:VFIO tag set.

  2. Create a VCN with SR-IOV functionality enabled.

    Create a VCN. See Creating a VCN. In the Tagging section, add the OraclePCA.networkType tag with the value VFIO.

    You must create a VCN with SR-IOV support enabled, you can't convert an existing VCN to include SR-IOV functionality.

  3. If you plan to use a DRG in your SR-IOV configuration, you must create a DRG with SR-IOV functionality. Only SR-IOV DRGs can attach to SR-IOV VCNs.

    1. Create a DRG as described in Creating a Dynamic Routing Gateway. In the Tagging section, add the OraclePCA.networkType tag with the value VFIO.

      You must create a DRG with SR-IOV support enabled: the OraclePCA.networkType tag applied with value VFIO. You can't add SR-IOV functionality to an existing DRG.

    2. Attach the SR-IOVs VCNs to the DRG as described in Attaching VCNs to a Dynamic Routing Gateway.

  4. Prepare an instance for SR-IOV functionality.

    1. Create and launch an instance. See Creating an Instance.
    2. Create and attach a secondary VNIC to the instance to use as the SR-IOV network interface. The primary VNIC of the instance can't be the SR-IOV VNIC. See Creating and Attaching a Secondary VNIC.
    3. Configure the network bond interfaces, including the secondary IP address on an SR-IOV bond port, using the configure_vfio script provided in the Oracle Systems blog Automating SR-IOV/VFIO bond creation on Oracle Compute Cloud@Customer and Private Cloud Appliance.

Was this article helpful?