IWR Ideen werde n Realität Forschungszentrum Karlsruhe in der Helmholtz-Gemeinschaft nstitut für Wissenschaftliches Rechnen Oracle Network Configuration Oracle Network Configuration Dr. Doris Wochele Dr. Doris Wochele (Karlsruhe) (Karlsruhe) LCG 3D Database Administrator Workshop Thursday 23 March 2006 Rutherford Appleton Laboratory / UK
24
Embed
IWR Ideen werden Realität Forschungszentrum Karlsruhe in der Helmholtz-Gemeinschaft Institut für Wissenschaftliches Rechnen Oracle Network Configuration.
IWR Ideen werde n Realität D.Wochele Oracle Net Architecture Oracle Net ► is NO transport protocol ► is a software component between server and client ► is using a network protocol (TCP/IP) The Application can be ► oracle client ► JDBC OCI Client with oracle client ► JDBC Thin Client without oracle client
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
IWR
IdeenwerdenRealität
Forschungszentrum Karlsruhein der Helmholtz-Gemeinschaft
LCG 3D Database Administrator WorkshopThursday 23 March 2006
Rutherford Appleton Laboratory / UK
IWR
IdeenwerdenRealität23.3.2006 D.Wochele
Presentation Overview Recapitulation Oracle NET architecture Naming Methods The Listener Get connected .. Listener Control Utility init-Parameter, sqlnet.ora, tnsnames.ora Failover and Load Balancing Connection Manager and Directory Server Concepts Troubleshooting, Trace and Logging Security Client Types Easy Connect
IWR
IdeenwerdenRealität23.3.2006 D.Wochele
Oracle Net Architecture
Oracle Net► is NO transport protocol► is a software component between server and client► is using a network protocol (TCP/IP)
The Application can be► oracle client► JDBC OCI Client with oracle client► JDBC Thin Client without oracle client
IWR
IdeenwerdenRealität23.3.2006 D.Wochele
Naming Methods► Oracle Names no longer supported► Local Naming
– define DB-connection in local files (sqlnet.ora, tnsnames.ora) on DB and every client
► Directory Naming– Set up a central LDAP Server to store all connection information
► Easy Connect Naming– Identify the DB-connection completely in the connection-string
► External Naming– NIS-Service or DCE Environment -> who is using this?
► Oracle Net Configuration Assistant– $ORACLE_HOME/bin/netca– basic tool, runs after installation
► Virtual IP Configuration Assistant– CRS tool runs under root– map virtual IP to nodes
IWR
IdeenwerdenRealität23.3.2006 D.Wochele
The ListenerListener Details► Control utility to start/stop and configure the listener
$ORACLE_HOME/bin/lsnrctl► Configuration file for listener
$ORACLE_HOME/network/admin/listener.ora► Server listener process. Read the configuration file “listener.ora” for information's as port
numbers or SID’s$ORACLE_HOME/bin/tnslsnr
Listener Modes► Database Access to a database service► Executable Access to operation system executables (used by oracle)► PLSExtProc Method of PL/SQL packages to access operating system
Question: Are external procedures necessary? Can we delete this entries?
IWR
IdeenwerdenRealität23.3.2006 D.Wochele
listener.oraIs a local DB-Configuration file for...► connection protocol addresses► (static defined) services to listen for ► control parameters► to name the listeners
(in RAC: listener_name_nodename)
Some Parameters ► LOG_DIRECTORY_listener_name (FILE)► TRACE_LEVEL_listener_name (DIRECTORY,FILE,..)► QUEUESIZE (Number of concurrent requests default=5)► RECV_BUF_SIZE
Port Numbers► 1521 older oracle standard port► 1522-1540 used for listeners► 1630,[1830] default for connection manager, [cman-admin] ► 2483,[2484] official registered for TNS listener, [with SSL]
Example: 2 instances, each with 1 listener on different ports on a single server
Question: Why is the real host-IP necessary?
IWR
IdeenwerdenRealität23.3.2006 D.Wochele
Get Connected with Listeneris a process on DB-Server to handle connections
DB-registration (pmon registers himself to the listerers )► read init-parameter► looks for TNS_ADMIN variable or looks in $ORACLE_HOME/network/admin► read sqlnet.ora to detect profile settings► uses local tnsnames.ora to detect listeners► read cman.ora if existent► tries to register DB-Services to the LISTENERS► or/and tries to register on Connection Manager for a service ► default registers to Port 1521 or default „LISTENER“
Client connection► client looks for connection parameter in local tnsnames.ora (or EZconnect)► client broadcasts a request for connection to a service► listener brokers the request and forwards it to the database► listener starts server-process and delivers the address (or the address of the
► lsnrctl SERVICES– what services are up/used?– Is the load balanced ?
IWR
IdeenwerdenRealität23.3.2006 D.Wochele
INIT Parameter► SERVICE_NAMES
– list of possible client connection names– default is global_dbname (DB_NAME+DB_DOMAIN)Question: should we predefined common service names like atlas_geom,
atlas_calib?► INSTANCE_NAME (= SID)
– set to identify the database instance to access.– used by OEM or in administrative tools
► LOCAL_LISTENER– identifies the listener for the local server instances for pmon register
process– not necessary if Port 1521 is used (?) - i suggest to set it anyway!
► REMOTE_LISTENER– identifies listeners on other instances (node 2 of RAC) for pmon
registration– identifies global list of listeners– needed to ensure failover
IWR
IdeenwerdenRealität23.3.2006 D.Wochele
sqlnet.oraIs a profile for...► default domain to append to unqualified service names or net service names► order of naming methods► logging, tracing, routing► security, access control
Example: NAMES.DIRECTORY_PATH= (TNSNAMES)
Parameter (can mostly be overwritten by client)► SEND_BUF_SIZE, RECV_BUF_SIZE
– default 16k– buffer size <Byte> = (network bandwidth <bit/sec> / 8) x (roundtrip time <msec> /
1000)use an average „ping time“ as roundtrip time
– set in sqlnet.ora for all connections– mostly only the receive buffer is set in the client connection string
► SQLNET.SEND_TIMEOUT– limits the send-data-process from db
► SQLNET.RECV_TIMEOUT– limits the send-data-process from client
► USE_DEDICATED_SERVER– appends (SERVER=dedicated) to the connect data for a connect descriptor.
IWR
IdeenwerdenRealität23.3.2006 D.Wochele
tnsnames.oraIs a local connection-configuration file► contains net service names mapped to connect descriptors
– as streams-user or admin use only DEDICATED– as a short-time connection (like a web server) use SHARED.– be sure not to use SHARED for fast sequences of SQL‘s
Question: What are the requirements of the experiment services?
► Use explicit service_name(do not use GLOBAL_DBNAME) in RAC
RAC Failover an Load BalancingFailover and load balancing are set in the connection parameters
Failover (Instance1 (I1) died)► all new connects go to I2 and reestablishes client connections on I2► no restore of session parameters or program variables► all selects are re-executed on I2► active transactions are rolled back► DDL were canceled► parameter (type, method, retries) for client TAF in tnsnames.ora► see v$session for TAF status► server side TAF policy (you do not have to encode TAF on the client
connection string)Load Balancing► shared server config.: balanced select of dispatchers► dedicated server config. : balanced select of listenersCluster Interconnect► not stable over cross-over CAT5 Cable network switch► CRS does not support a redundant Cluster Interconnect (with 2 network
cards or IP-addresses)
Question: What services should be run in shared/dedicated mode with or without TAF or LB?
IWR
IdeenwerdenRealität23.3.2006 D.Wochele
Connection in a Private Network
SAN
VIP1,VIPIP1, IP2 ?
IP1VIP1
VIP2IP2
public network private networknode 1
node 2
network switch
Database:Services A,B,C
Flash Rec Area
PIP1
PIP2
IWR
IdeenwerdenRealität23.3.2006 D.Wochele
OCM Oracle Connection Manager► act as a TNS-proxy with access-control► additional installation► cmctl► $TNS_ADMIN/cman.ora► DB register with init-parameter REMOTE_LISTENER=proxy ► tnsnames.ora
► tnsping service_name from server_node1[2]► tnsping service_name from client► lsnrctl services► sqlplus scott@service_name
IWR
IdeenwerdenRealität23.3.2006 D.Wochele
Trace and LoggingSqlnet.log► pmon registration to listenertail -f listener.log --> 01-MAR-2006 16:11:46 *
service_update * RACDB1 * 0
Listener Log► Set LOG_STATUS=ON (default=OFF)► $ORACLE_HOME/network/admin/<SID>.log is default► Contains listener commands► Only client connects, no further information
Listener Trace► much load, capture all NET-traffic► for debugging only
IWR
IdeenwerdenRealität23.3.2006 D.Wochele
SecurityListener► in 10g listener runs under OS authentication, listener password only
necessary to restrict remote control► password accessible in listener.ora, protect by file-rights► Set ADMIN_RESTRICTIONS_listener_name=ON allow no remote
► delete extproc–entry in listener.ora to prevent program-routines to act as oracle-user ?
SQLNET► using Certificate Authority for PKI ?
(Oracle Advanced Security supports CyberSafe, RADIUS, Kerberos, SSL, Windows NT native authentication (NTS))
► using checksums ? (SQLNET.CRYPTO_CHECKSUM_SERVER)► using encryption? (SQLNET.ENCRYPTION_SERVER)
IWR
IdeenwerdenRealität23.3.2006 D.Wochele
Client Types► full client► instant client
– installation involves copying a small number of files.– less client-side requirements– no loss of functionality or performance for applications deployed in
Instant Client mode.– it is simple to package applications– configuration files are read