iwr ideen werden realität forschungszentrum karlsruhe in der helmholtz-gemeinschaft institut für...
DESCRIPTION
IWR Ideen werde n Realität D.Wochele Oracle Net Architecture Oracle Net ► is NO transport protocol ► is a software component between server and client ► is using a network protocol (TCP/IP) The Application can be ► oracle client ► JDBC OCI Client with oracle client ► JDBC Thin Client without oracle clientTRANSCRIPT
IWR
IdeenwerdenRealität
Forschungszentrum Karlsruhein der Helmholtz-Gemeinschaft
Institut für Wissenschaftliches Rechnen
Oracle Network ConfigurationOracle Network ConfigurationDr. Doris WocheleDr. Doris Wochele (Karlsruhe) (Karlsruhe)
LCG 3D Database Administrator WorkshopThursday 23 March 2006
Rutherford Appleton Laboratory / UK
IWR
IdeenwerdenRealität23.3.2006 D.Wochele
Presentation Overview Recapitulation Oracle NET architecture Naming Methods The Listener Get connected .. Listener Control Utility init-Parameter, sqlnet.ora, tnsnames.ora Failover and Load Balancing Connection Manager and Directory Server Concepts Troubleshooting, Trace and Logging Security Client Types Easy Connect
IWR
IdeenwerdenRealität23.3.2006 D.Wochele
Oracle Net Architecture
Oracle Net► is NO transport protocol► is a software component between server and client► is using a network protocol (TCP/IP)
The Application can be► oracle client► JDBC OCI Client with oracle client► JDBC Thin Client without oracle client
IWR
IdeenwerdenRealität23.3.2006 D.Wochele
Naming Methods► Oracle Names no longer supported► Local Naming
– define DB-connection in local files (sqlnet.ora, tnsnames.ora) on DB and every client
► Directory Naming– Set up a central LDAP Server to store all connection information
► Easy Connect Naming– Identify the DB-connection completely in the connection-string
► External Naming– NIS-Service or DCE Environment -> who is using this?
Tools► Oracle Net Manager
– configure naming method, profiles, listeners– $ORACLE_HOME/bin/netmgr
► Oracle Net Configuration Assistant– $ORACLE_HOME/bin/netca– basic tool, runs after installation
► Virtual IP Configuration Assistant– CRS tool runs under root– map virtual IP to nodes
IWR
IdeenwerdenRealität23.3.2006 D.Wochele
The ListenerListener Details► Control utility to start/stop and configure the listener
$ORACLE_HOME/bin/lsnrctl► Configuration file for listener
$ORACLE_HOME/network/admin/listener.ora► Server listener process. Read the configuration file “listener.ora” for information's as port
numbers or SID’s$ORACLE_HOME/bin/tnslsnr
Listener Modes► Database Access to a database service► Executable Access to operation system executables (used by oracle)► PLSExtProc Method of PL/SQL packages to access operating system
executables
SID_LIST_LISTENER_RACLINUX1 = (SID_LIST = (SID_DESC = (SID_NAME = PLSExtProc) (ORACLE_HOME = /u01/app/oracle/product/10.2.0/db_1) (PROGRAM = extproc) ) )
Question: Are external procedures necessary? Can we delete this entries?
IWR
IdeenwerdenRealität23.3.2006 D.Wochele
listener.oraIs a local DB-Configuration file for...► connection protocol addresses► (static defined) services to listen for ► control parameters► to name the listeners
(in RAC: listener_name_nodename)
Some Parameters ► LOG_DIRECTORY_listener_name (FILE)► TRACE_LEVEL_listener_name (DIRECTORY,FILE,..)► QUEUESIZE (Number of concurrent requests default=5)► RECV_BUF_SIZE
Port Numbers► 1521 older oracle standard port► 1522-1540 used for listeners► 1630,[1830] default for connection manager, [cman-admin] ► 2483,[2484] official registered for TNS listener, [with SSL]
Question: Do we need this for OEM?
IWR
IdeenwerdenRealität23.3.2006 D.Wochele
Example listener.oraLISTENER_RACLINUX1 = (DESCRIPTION_LIST = (DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST = raclinux1-vip.us.oracle.com)(PORT = 1521))) (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.203.11)(PORT = 1521)) ) ) )
LISTENER2_RACLINUX1 = (DESCRIPTION_LIST = (DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST = raclinux1-vip.us.oracle.com)(PORT = 1522)) ) (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.203.11)(PORT = 1522)) ) ) )
Example: 2 instances, each with 1 listener on different ports on a single server
Question: Why is the real host-IP necessary?
IWR
IdeenwerdenRealität23.3.2006 D.Wochele
Get Connected with Listeneris a process on DB-Server to handle connections
DB-registration (pmon registers himself to the listerers )► read init-parameter► looks for TNS_ADMIN variable or looks in $ORACLE_HOME/network/admin► read sqlnet.ora to detect profile settings► uses local tnsnames.ora to detect listeners► read cman.ora if existent► tries to register DB-Services to the LISTENERS► or/and tries to register on Connection Manager for a service ► default registers to Port 1521 or default „LISTENER“
Client connection► client looks for connection parameter in local tnsnames.ora (or EZconnect)► client broadcasts a request for connection to a service► listener brokers the request and forwards it to the database► listener starts server-process and delivers the address (or the address of the
dispatcher) to the client
IWR
IdeenwerdenRealität23.3.2006 D.Wochele
Listener Control Utility
► $ORACLE_HOME/bin/lsnrctl► lsnrctl STOP [ listener_name]► lsnrctl START [ listener_name]► lsnrctl STATUS [ listener_name]
– is it started?– where is the log or trace file?
► lsnrctl SERVICES– what services are up/used?– Is the load balanced ?
IWR
IdeenwerdenRealität23.3.2006 D.Wochele
INIT Parameter► SERVICE_NAMES
– list of possible client connection names– default is global_dbname (DB_NAME+DB_DOMAIN)Question: should we predefined common service names like atlas_geom,
atlas_calib?► INSTANCE_NAME (= SID)
– set to identify the database instance to access.– used by OEM or in administrative tools
► LOCAL_LISTENER– identifies the listener for the local server instances for pmon register
process– not necessary if Port 1521 is used (?) - i suggest to set it anyway!
► REMOTE_LISTENER– identifies listeners on other instances (node 2 of RAC) for pmon
registration– identifies global list of listeners– needed to ensure failover
IWR
IdeenwerdenRealität23.3.2006 D.Wochele
sqlnet.oraIs a profile for...► default domain to append to unqualified service names or net service names► order of naming methods► logging, tracing, routing► security, access control
Example: NAMES.DIRECTORY_PATH= (TNSNAMES)
Parameter (can mostly be overwritten by client)► SEND_BUF_SIZE, RECV_BUF_SIZE
– default 16k– buffer size <Byte> = (network bandwidth <bit/sec> / 8) x (roundtrip time <msec> /
1000)use an average „ping time“ as roundtrip time
– set in sqlnet.ora for all connections– mostly only the receive buffer is set in the client connection string
► SQLNET.SEND_TIMEOUT– limits the send-data-process from db
► SQLNET.RECV_TIMEOUT– limits the send-data-process from client
► USE_DEDICATED_SERVER– appends (SERVER=dedicated) to the connect data for a connect descriptor.
IWR
IdeenwerdenRealität23.3.2006 D.Wochele
tnsnames.oraIs a local connection-configuration file► contains net service names mapped to connect descriptors
net_service_name= (DESCRIPTION= (ADDRESS=( protocol_address_information)) (CONNECT_DATA= (SERVICE_NAME=service_name)))
some parameters ► SERVER=DEDICATED vs.SHARED
– as streams-user or admin use only DEDICATED– as a short-time connection (like a web server) use SHARED.– be sure not to use SHARED for fast sequences of SQL‘s
Question: What are the requirements of the experiment services?
► Use explicit service_name(do not use GLOBAL_DBNAME) in RAC
IWR
IdeenwerdenRealität23.3.2006 D.Wochele
Example Server tnsnames.ora – ListenersLISTENER_RACDB1 = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST = raclinux1-vip.us.oracle.com)(PORT = 1521)) (ADDRESS = (PROTOCOL = TCP)(HOST = raclinux1-vip.us.oracle.com)(PORT = 1522)) )
LISTENER_RACDB2 = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST = raclinux1-vip.us.oracle.com)(PORT = 1522)) (ADDRESS = (PROTOCOL = TCP)(HOST = raclinux1-vip.us.oracle.com)(PORT = 1521)) )
LISTENERS_RACDB = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.203.11)(PORT = 1521)) (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.203.11)(PORT = 1522)) (ADDRESS = (PROTOCOL = TCP)(HOST = raclinux1-vip.us.oracle.com)(PORT = 1522)) (ADDRESS = (PROTOCOL = TCP)(HOST = raclinux1-vip.us.oracle.com)(PORT = 1521)) )
init-Parameter racdb1.local_listener = LISTENER_RACDB1racdb1.remote_listener =
LISTENER_RACDB2
Question: Is RACDB the „remote“ ?
Question: You find often the real IP in addition here? Why?
IWR
IdeenwerdenRealität23.3.2006 D.Wochele
Example Server and Client tnsnames.ora – Services
RACDB1 = (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = raclinux1-vip.us.oracle.com)(PORT = 1522)) (ADDRESS = (PROTOCOL = TCP)(HOST = raclinux1-vip.us.oracle.com)(PORT = 1521)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = RACDB) (INSTANCE_NAME = RACDB1) ) )
RACDB = (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = raclinux1-vip.us.oracle.com)(PORT = 1521)) (ADDRESS = (PROTOCOL = TCP)(HOST = raclinux1-vip.us.oracle.com)(PORT = 1522)) (LOAD_BALANCE = yes) (FAILOVER = false) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = RACDB) ) )
init-Parameter
service_names = RACDB, list of service names
IWR
IdeenwerdenRealität23.3.2006 D.Wochele
RAC Failover an Load BalancingFailover and load balancing are set in the connection parameters
Failover (Instance1 (I1) died)► all new connects go to I2 and reestablishes client connections on I2► no restore of session parameters or program variables► all selects are re-executed on I2► active transactions are rolled back► DDL were canceled► parameter (type, method, retries) for client TAF in tnsnames.ora► see v$session for TAF status► server side TAF policy (you do not have to encode TAF on the client
connection string)Load Balancing► shared server config.: balanced select of dispatchers► dedicated server config. : balanced select of listenersCluster Interconnect► not stable over cross-over CAT5 Cable network switch► CRS does not support a redundant Cluster Interconnect (with 2 network
cards or IP-addresses)
Question: What services should be run in shared/dedicated mode with or without TAF or LB?
IWR
IdeenwerdenRealität23.3.2006 D.Wochele
Connection in a Private Network
SAN
VIP1,VIPIP1, IP2 ?
IP1VIP1
VIP2IP2
public network private networknode 1
node 2
network switch
Database:Services A,B,C
Flash Rec Area
PIP1
PIP2
IWR
IdeenwerdenRealität23.3.2006 D.Wochele
OCM Oracle Connection Manager► act as a TNS-proxy with access-control► additional installation► cmctl► $TNS_ADMIN/cman.ora► DB register with init-parameter REMOTE_LISTENER=proxy ► tnsnames.ora
SOURCE_ROUTE=yes proxy=(PROTOCOL=TCP)(HOST=lcgdbka1.fzk.de)(PORT=1541)
CMAN_KA= (CONFIGURATION= (ADRESS=(PROTOCOL=TCP)(HOST=lcgdbka1.fzk.de)(PORT=1541) (RULE_LIST= (RULE=(SRC=141.52.*)(DST=DB1.gridka.de)(SRV=*) (ACT=ACCEPT)) (PARAMETER_LIST= (MAX_GATEWAY_PROCESSES=12) (MIN_GATEWAY_PROCESSES=2) (REMOTE_ADMIN=YES) ) ) Question: Does cman fully support load balancing and failover?
IWR
IdeenwerdenRealität23.3.2006 D.Wochele
Connection in a Private Network
SAN
CMAN (IPxxxx) NIC1 NIC2
IP1VIP1
VIP2IP2
public network private networknode 1
node 2
network switch
Database:Services A,B,C
Flash Rec Area
Proxy
CMAN
PIP1
PIP2
IWR
IdeenwerdenRealität23.3.2006 D.Wochele
Directory Server► LDAP compliant directory server► central repository for
– network information– user policies– user authentication and security
► ldap.ora on db-servers and clients
assets and drawbacks► a typical bottleneck!► no distribution of client
config files
Question : Is this a possible concept?
IWR
IdeenwerdenRealität23.3.2006 D.Wochele
Oracle Net Troubleshooting
► ping hostname_node1[2] ► check network cards and connection
– ifconfig– ethtool– iperf– netstat– tcpdump– ethereal
► tnsping service_name from server_node1[2]► tnsping service_name from client► lsnrctl services► sqlplus scott@service_name
IWR
IdeenwerdenRealität23.3.2006 D.Wochele
Trace and LoggingSqlnet.log► pmon registration to listenertail -f listener.log --> 01-MAR-2006 16:11:46 *
service_update * RACDB1 * 0
Listener Log► Set LOG_STATUS=ON (default=OFF)► $ORACLE_HOME/network/admin/<SID>.log is default► Contains listener commands► Only client connects, no further information
Listener Trace► much load, capture all NET-traffic► for debugging only
IWR
IdeenwerdenRealität23.3.2006 D.Wochele
SecurityListener► in 10g listener runs under OS authentication, listener password only
necessary to restrict remote control► password accessible in listener.ora, protect by file-rights► Set ADMIN_RESTRICTIONS_listener_name=ON allow no remote
parameter changes (only listener.ora)
#----ADDED BY TNSLSNR 13-MAR-2006 17:33:29---PASSWORDS_LISTENER_RACLINUX1 = 1DF5C2FD0FE9CFA2SAVE_CONFIG_ON_STOP_LISTENER_RACLINUX1 = ONLOGGING_LISTENER_RACLINUX1 = ON#-------------------------------------------
► delete extproc–entry in listener.ora to prevent program-routines to act as oracle-user ?
SQLNET► using Certificate Authority for PKI ?
(Oracle Advanced Security supports CyberSafe, RADIUS, Kerberos, SSL, Windows NT native authentication (NTS))
► using checksums ? (SQLNET.CRYPTO_CHECKSUM_SERVER)► using encryption? (SQLNET.ENCRYPTION_SERVER)
IWR
IdeenwerdenRealität23.3.2006 D.Wochele
Client Types► full client► instant client
– installation involves copying a small number of files.– less client-side requirements– no loss of functionality or performance for applications deployed in
Instant Client mode.– it is simple to package applications– configuration files are read
(set TNS_ADMIN or $ORACLE_HOME to find them)
url="jdbc:oracle:oci:@//example.com:5521:bjava21" url="jdbc:oracle:oci:@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)
(HOST=dlsun242) (PORT=5521)) (CONNECT_DATA=(SERVICE_NAME=bjava21)))"
IWR
IdeenwerdenRealität23.3.2006 D.Wochele
Easy Connect► CONNECT
username/ password@ host[: port][/ service_name][/ instance_name]► no LDAP, no tnsnames.ora► SQLNET.ora
– NAMES.DIRECTORY_PATH=(EZCONNECT)► only client have to be 10g (you can connect to 9i)► EZConnect Alias
– Client name resolution for service-name (e.g. 141.52.167.211 cgcl1.fzk.de)
• DNS• /etc/hosts
Examples:connect scott/[email protected]:1521/serviceJDBC:connect scott/tiger@//orcl.fzk.de:1521/service
► Easy Connect provides NO Failover or Load Balancing!