Dhiraj Kumar's Blog

Integrating SNMP with Oracle Direct NFS (dNFS): Why SNMPv3 Is Not Supported

Oracle Direct NFS (dNFS) is widely used for high-performance NFS I/O between Oracle databases and storage systems. When using Hybrid Columnar Compression (HCC) with dNFS on Oracle ZFS Storage Appliance (ZFSSA) or similar devices, Oracle relies on SNMP queries to validate that the storage system supports the required features.

As organizations move toward stricter security standards, SNMPv3 adoption has increased due to its authentication and encryption features. However, when it comes to Oracle dNFS, the integration story is not as straightforward.

dNFS and SNMP: How It Works

When HCC is enabled over dNFS, the Oracle database makes SNMP calls to the storage system to check for supported compression capabilities.

The configuration is done in the oranfstab file, where the following parameters control SNMP behavior:

  • management: — Specifies the management IP address of the storage system where SNMP is listening.
  • community: — Defines the SNMP community string (default is public).
server: zfssa01
local:  10.10.1.11
path:   10.10.2.21
export: /oradata   mount: /u02/oradata
management: 10.10.99.50
community:  dnfs-ro

The Limitation: No SNMPv3 Support

Oracle documentation and field experience both confirm that:

  • dNFS only supports SNMPv1/v2c lookups.
  • If the storage system is switched to SNMPv3 only, HCC checks will fail, and Hybrid Columnar Compression will be disabled.
  • This is because the Oracle dNFS client does not expose parameters for SNMPv3 integration.

In other words, even though storage appliances may allow SNMPv3, the database itself does not know how to authenticate or communicate over v3.

Best Practice Workaround

If your organization mandates SNMPv3 for monitoring, you can still maintain compliance while enabling HCC with dNFS by following this hybrid approach:

  1. Enable SNMPv3 on the storage system for general monitoring and enterprise integration.
  2. Create a restricted SNMPv2c community string that is:
    • Read-only
    • Limited to specific OIDs (just enough for HCC checks)
    • ACL-restricted to Oracle database server IPs only
  3. Update oranfstab on each database host with the management and community values.

This ensures that dNFS can still validate storage capabilities without exposing a broad security risk.

Leave a comment

About Me

I’m Dhiraj Kumar, an Oracle RAC Database With over 15 years of experience, I’m passionate about building high-performance, scalable database solutions that support critical business operations.

📘 Check out my latest articles and insights on Medium (@dhirajengr) .

Recent BLOGS