Partition Keys (PKeys) are 16-bit hex values that enable logical isolation and traffic segmentation within vFabrics. The most significant bit indicates membership type (1 for full, 0 for limited), while the remaining 15 bits identify up to 32,767 unique partitions. Every packet carries a PKey that gets validated to ensure only endpoints in the same partition can communicate.

PKeys provide hardware-enforced security isolation at Layer 2, preventing unauthorized communication between partitions even on shared physical infrastructure. They enable quality of service differentiation and multi-tenancy support. The limited versus full membership model adds flexibility—limited members can only communicate with full members but not each other, preventing lateral security threats. The fabric enforces PKey validation at ingress and egress points, discarding non-matching packets, which maintains strict isolation boundaries essential for secure, high-performance computing environments.

When configuring vFabrics, be aware of some reserved PKey values: 0x0001 for the Default partition, 0x7FFF for the Admin partition. PKey values with lower 15 bits set to zero (0x0000, 0x8000) are invalid. For basic deployments, Cornelis recommends that you use sequential values like 0x0002 for networking/IPoIB traffic and 0x0003-0x000F for application-specific partitions. When choosing PKeys, consider grouping related applications (for example, 0x0004 for database partitions) and ensuring management access through proper membership types.