Multiple Private Interconnects and Oracle Linux

Certain scanning software may recommend setting rp_filter to 1 for security purposes. While it is acceptable to set this value for public networks, it does not apply to Oracle RAC interconnects. Oracle recommends setting rp_filter for private interconnects to 0 or 2.

Note:

You must set the rp_filter value for the private interconnects to either 0 (no filtering) or 2 (loose filtering). Setting the private interconnect NIC to strict filtering (1) can cause connection issues on the private interconnect. It is safe to disable or relax this filtering, because the private interconnect should be on a private and isolated network.
This requirement applies to all systems running Linux kernel 2.6.32 or later, including Exadata systems. Without these rp_filter parameter settings, interconnect packets can be blocked or discarded.

For example, where eth1 and eth2 are the private interconnect NICs, and eth0 is the public network NIC, set the rp_filter of the private address to 2 (loose filtering), the public address to 1 (strict filtering), using the following entries in /etc/sysctl.conf: 

# private interconnects
net.ipv4.conf.eth2.rp_filter = 2
net.ipv4.conf.eth1.rp_filter = 2
# public network rp_filter may be set to 1
net.ipv4.conf.eth0.rp_filter = 1

See Also:

My Oracle Support note 1286796.1 for more information about rp_filter for multiple private interconnects and Linux Kernel 2.6.32+

Parent topic: Configuring Networks for Oracle Grid Infrastructure and Oracle RAC