iwr ideen werden realität forschungszentrum karlsruhe in der helmholtz-gemeinschaft institut für...

IWR

IdeenwerdenRealität

Forschungszentrum Karlsruhein der Helmholtz-Gemeinschaft

Institut für Wissenschaftliches Rechnen

Oracle Network ConfigurationOracle Network ConfigurationDr. Doris WocheleDr. Doris Wochele (Karlsruhe) (Karlsruhe)

LCG 3D Database Administrator WorkshopThursday 23 March 2006

Rutherford Appleton Laboratory / UK

IWR

IdeenwerdenRealität23.3.2006 D.Wochele

Presentation Overview Recapitulation Oracle NET architecture Naming Methods The Listener Get connected .. Listener Control Utility init-Parameter, sqlnet.ora, tnsnames.ora Failover and Load Balancing Connection Manager and Directory Server Concepts Troubleshooting, Trace and Logging Security Client Types Easy Connect

IWR


Oracle Net Architecture

Oracle Net► is NO transport protocol► is a software component between server and client► is using a network protocol (TCP/IP)

The Application can be► oracle client► JDBC OCI Client with oracle client► JDBC Thin Client without oracle client

IWR


Naming Methods► Oracle Names no longer supported► Local Naming

– define DB-connection in local files (sqlnet.ora, tnsnames.ora) on DB and every client

► Directory Naming– Set up a central LDAP Server to store all connection information

► Easy Connect Naming– Identify the DB-connection completely in the connection-string

► External Naming– NIS-Service or DCE Environment -> who is using this?

Tools► Oracle Net Manager

– configure naming method, profiles, listeners– $ORACLE_HOME/bin/netmgr

► Oracle Net Configuration Assistant– $ORACLE_HOME/bin/netca– basic tool, runs after installation

► Virtual IP Configuration Assistant– CRS tool runs under root– map virtual IP to nodes

IWR


The ListenerListener Details► Control utility to start/stop and configure the listener

$ORACLE_HOME/bin/lsnrctl► Configuration file for listener

$ORACLE_HOME/network/admin/listener.ora► Server listener process. Read the configuration file “listener.ora” for information's as port

numbers or SID’s$ORACLE_HOME/bin/tnslsnr

Listener Modes► Database Access to a database service► Executable Access to operation system executables (used by oracle)► PLSExtProc Method of PL/SQL packages to access operating system

executables

SID_LIST_LISTENER_RACLINUX1 = (SID_LIST = (SID_DESC = (SID_NAME = PLSExtProc) (ORACLE_HOME = /u01/app/oracle/product/10.2.0/db_1) (PROGRAM = extproc) ) )

Question: Are external procedures necessary? Can we delete this entries?

IWR


listener.oraIs a local DB-Configuration file for...► connection protocol addresses► (static defined) services to listen for ► control parameters► to name the listeners

(in RAC: listener_name_nodename)

Some Parameters ► LOG_DIRECTORY_listener_name (FILE)► TRACE_LEVEL_listener_name (DIRECTORY,FILE,..)► QUEUESIZE (Number of concurrent requests default=5)► RECV_BUF_SIZE

Port Numbers► 1521 older oracle standard port► 1522-1540 used for listeners► 1630,[1830] default for connection manager, [cman-admin] ► 2483,[2484] official registered for TNS listener, [with SSL]

Question: Do we need this for OEM?

IWR


Example listener.oraLISTENER_RACLINUX1 = (DESCRIPTION_LIST = (DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST = raclinux1-vip.us.oracle.com)(PORT = 1521))) (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.203.11)(PORT = 1521)) ) ) )

LISTENER2_RACLINUX1 = (DESCRIPTION_LIST = (DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST = raclinux1-vip.us.oracle.com)(PORT = 1522)) ) (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.203.11)(PORT = 1522)) ) ) )

Example: 2 instances, each with 1 listener on different ports on a single server

Question: Why is the real host-IP necessary?

IWR


Get Connected with Listeneris a process on DB-Server to handle connections

DB-registration (pmon registers himself to the listerers )► read init-parameter► looks for TNS_ADMIN variable or looks in $ORACLE_HOME/network/admin► read sqlnet.ora to detect profile settings► uses local tnsnames.ora to detect listeners► read cman.ora if existent► tries to register DB-Services to the LISTENERS► or/and tries to register on Connection Manager for a service ► default registers to Port 1521 or default „LISTENER“

Client connection► client looks for connection parameter in local tnsnames.ora (or EZconnect)► client broadcasts a request for connection to a service► listener brokers the request and forwards it to the database► listener starts server-process and delivers the address (or the address of the

dispatcher) to the client

IWR


Listener Control Utility

► $ORACLE_HOME/bin/lsnrctl► lsnrctl STOP [ listener_name]► lsnrctl START [ listener_name]► lsnrctl STATUS [ listener_name]

– is it started?– where is the log or trace file?

► lsnrctl SERVICES– what services are up/used?– Is the load balanced ?

IWR


INIT Parameter► SERVICE_NAMES

– list of possible client connection names– default is global_dbname (DB_NAME+DB_DOMAIN)Question: should we predefined common service names like atlas_geom,

atlas_calib?► INSTANCE_NAME (= SID)

– set to identify the database instance to access.– used by OEM or in administrative tools

► LOCAL_LISTENER– identifies the listener for the local server instances for pmon register

process– not necessary if Port 1521 is used (?) - i suggest to set it anyway!

► REMOTE_LISTENER– identifies listeners on other instances (node 2 of RAC) for pmon

registration– identifies global list of listeners– needed to ensure failover

IWR


sqlnet.oraIs a profile for...► default domain to append to unqualified service names or net service names► order of naming methods► logging, tracing, routing► security, access control

Example: NAMES.DIRECTORY_PATH= (TNSNAMES)

Parameter (can mostly be overwritten by client)► SEND_BUF_SIZE, RECV_BUF_SIZE

– default 16k– buffer size <Byte> = (network bandwidth <bit/sec> / 8) x (roundtrip time <msec> /

1000)use an average „ping time“ as roundtrip time

– set in sqlnet.ora for all connections– mostly only the receive buffer is set in the client connection string

► SQLNET.SEND_TIMEOUT– limits the send-data-process from db

► SQLNET.RECV_TIMEOUT– limits the send-data-process from client

► USE_DEDICATED_SERVER– appends (SERVER=dedicated) to the connect data for a connect descriptor.

IWR


tnsnames.oraIs a local connection-configuration file► contains net service names mapped to connect descriptors

net_service_name= (DESCRIPTION= (ADDRESS=( protocol_address_information)) (CONNECT_DATA= (SERVICE_NAME=service_name)))

some parameters ► SERVER=DEDICATED vs.SHARED

– as streams-user or admin use only DEDICATED– as a short-time connection (like a web server) use SHARED.– be sure not to use SHARED for fast sequences of SQL‘s

Question: What are the requirements of the experiment services?

► Use explicit service_name(do not use GLOBAL_DBNAME) in RAC

IWR


Example Server tnsnames.ora – ListenersLISTENER_RACDB1 = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST = raclinux1-vip.us.oracle.com)(PORT = 1521)) (ADDRESS = (PROTOCOL = TCP)(HOST = raclinux1-vip.us.oracle.com)(PORT = 1522)) )

LISTENER_RACDB2 = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST = raclinux1-vip.us.oracle.com)(PORT = 1522)) (ADDRESS = (PROTOCOL = TCP)(HOST = raclinux1-vip.us.oracle.com)(PORT = 1521)) )

LISTENERS_RACDB = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.203.11)(PORT = 1521)) (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.203.11)(PORT = 1522)) (ADDRESS = (PROTOCOL = TCP)(HOST = raclinux1-vip.us.oracle.com)(PORT = 1522)) (ADDRESS = (PROTOCOL = TCP)(HOST = raclinux1-vip.us.oracle.com)(PORT = 1521)) )

init-Parameter racdb1.local_listener = LISTENER_RACDB1racdb1.remote_listener =

LISTENER_RACDB2

Question: Is RACDB the „remote“ ?

Question: You find often the real IP in addition here? Why?

IWR


Example Server and Client tnsnames.ora – Services

RACDB1 = (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = raclinux1-vip.us.oracle.com)(PORT = 1522)) (ADDRESS = (PROTOCOL = TCP)(HOST = raclinux1-vip.us.oracle.com)(PORT = 1521)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = RACDB) (INSTANCE_NAME = RACDB1) ) )

RACDB = (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = raclinux1-vip.us.oracle.com)(PORT = 1521)) (ADDRESS = (PROTOCOL = TCP)(HOST = raclinux1-vip.us.oracle.com)(PORT = 1522)) (LOAD_BALANCE = yes) (FAILOVER = false) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = RACDB) ) )

init-Parameter

service_names = RACDB, list of service names

IWR


RAC Failover an Load BalancingFailover and load balancing are set in the connection parameters

Failover (Instance1 (I1) died)► all new connects go to I2 and reestablishes client connections on I2► no restore of session parameters or program variables► all selects are re-executed on I2► active transactions are rolled back► DDL were canceled► parameter (type, method, retries) for client TAF in tnsnames.ora► see v$session for TAF status► server side TAF policy (you do not have to encode TAF on the client

connection string)Load Balancing► shared server config.: balanced select of dispatchers► dedicated server config. : balanced select of listenersCluster Interconnect► not stable over cross-over CAT5 Cable network switch► CRS does not support a redundant Cluster Interconnect (with 2 network

cards or IP-addresses)

Question: What services should be run in shared/dedicated mode with or without TAF or LB?

IWR


Connection in a Private Network

SAN

VIP1,VIPIP1, IP2 ?

IP1VIP1

VIP2IP2

public network private networknode 1

node 2

network switch

Database:Services A,B,C

Flash Rec Area

PIP1

PIP2

IWR


OCM Oracle Connection Manager► act as a TNS-proxy with access-control► additional installation► cmctl► $TNS_ADMIN/cman.ora► DB register with init-parameter REMOTE_LISTENER=proxy ► tnsnames.ora

SOURCE_ROUTE=yes proxy=(PROTOCOL=TCP)(HOST=lcgdbka1.fzk.de)(PORT=1541)

CMAN_KA= (CONFIGURATION= (ADRESS=(PROTOCOL=TCP)(HOST=lcgdbka1.fzk.de)(PORT=1541) (RULE_LIST= (RULE=(SRC=141.52.*)(DST=DB1.gridka.de)(SRV=*) (ACT=ACCEPT)) (PARAMETER_LIST= (MAX_GATEWAY_PROCESSES=12) (MIN_GATEWAY_PROCESSES=2) (REMOTE_ADMIN=YES) ) ) Question: Does cman fully support load balancing and failover?

IWR


Connection in a Private Network

SAN

CMAN (IPxxxx) NIC1 NIC2

IP1VIP1

VIP2IP2

public network private networknode 1

node 2

network switch

Database:Services A,B,C

Flash Rec Area

Proxy

CMAN

PIP1

PIP2

IWR


Directory Server► LDAP compliant directory server► central repository for

– network information– user policies– user authentication and security

► ldap.ora on db-servers and clients

assets and drawbacks► a typical bottleneck!► no distribution of client

config files

Question : Is this a possible concept?

IWR


Oracle Net Troubleshooting

► ping hostname_node1[2] ► check network cards and connection

– ifconfig– ethtool– iperf– netstat– tcpdump– ethereal

► tnsping service_name from server_node1[2]► tnsping service_name from client► lsnrctl services► sqlplus scott@service_name

IWR


Trace and LoggingSqlnet.log► pmon registration to listenertail -f listener.log --> 01-MAR-2006 16:11:46 *

service_update * RACDB1 * 0

Listener Log► Set LOG_STATUS=ON (default=OFF)► $ORACLE_HOME/network/admin/<SID>.log is default► Contains listener commands► Only client connects, no further information

Listener Trace► much load, capture all NET-traffic► for debugging only

IWR


SecurityListener► in 10g listener runs under OS authentication, listener password only

necessary to restrict remote control► password accessible in listener.ora, protect by file-rights► Set ADMIN_RESTRICTIONS_listener_name=ON allow no remote

parameter changes (only listener.ora)

#----ADDED BY TNSLSNR 13-MAR-2006 17:33:29---PASSWORDS_LISTENER_RACLINUX1 = 1DF5C2FD0FE9CFA2SAVE_CONFIG_ON_STOP_LISTENER_RACLINUX1 = ONLOGGING_LISTENER_RACLINUX1 = ON#-------------------------------------------

► delete extproc–entry in listener.ora to prevent program-routines to act as oracle-user ?

SQLNET► using Certificate Authority for PKI ?

(Oracle Advanced Security supports CyberSafe, RADIUS, Kerberos, SSL, Windows NT native authentication (NTS))

► using checksums ? (SQLNET.CRYPTO_CHECKSUM_SERVER)► using encryption? (SQLNET.ENCRYPTION_SERVER)

IWR


Client Types► full client► instant client

– installation involves copying a small number of files.– less client-side requirements– no loss of functionality or performance for applications deployed in

Instant Client mode.– it is simple to package applications– configuration files are read

(set TNS_ADMIN or $ORACLE_HOME to find them)

url="jdbc:oracle:oci:@//example.com:5521:bjava21" url="jdbc:oracle:oci:@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)

(HOST=dlsun242) (PORT=5521)) (CONNECT_DATA=(SERVICE_NAME=bjava21)))"

IWR


Easy Connect► CONNECT

username/ password@ host[: port][/ service_name][/ instance_name]► no LDAP, no tnsnames.ora► SQLNET.ora

– NAMES.DIRECTORY_PATH=(EZCONNECT)► only client have to be 10g (you can connect to 9i)► EZConnect Alias

– Client name resolution for service-name (e.g. 141.52.167.211 cgcl1.fzk.de)

• DNS• /etc/hosts

Examples:connect scott/[email protected]:1521/serviceJDBC:connect scott/tiger@//orcl.fzk.de:1521/service

► Easy Connect provides NO Failover or Load Balancing!

mailto:scott/tiger@//orcl.fzk.de:1521/service

iwr ideen werden realität forschungszentrum karlsruhe in der helmholtz-gemeinschaft institut für...

Documents