IWR Ideen werden Realität Forschungszentrum Karlsruhe in der Helmholtz-Gemeinschaft Institut für Wissenschaftliches Rechnen Oracle Network Configuration Dr. Doris Wochele (Karlsruhe) LCG 3D Database Administrator Workshop Thursday 23 March 2006 Rutherford Appleton Laboratory / UK

IWR Ideen werde n Realität D.Wochele Presentation Overview  Recapitulation Oracle NET architecture  Naming Methods  The Listener  Get connected..  Listener Control Utility  init-Parameter, sqlnet.ora, tnsnames.ora  Failover and Load Balancing  Connection Manager and Directory Server Concepts  Troubleshooting, Trace and Logging  Security  Client Types  Easy Connect

IWR Ideen werde n Realität D.Wochele Oracle Net Architecture Oracle Net ► is NO transport protocol ► is a software component between server and client ► is using a network protocol (TCP/IP) The Application can be ► oracle client ► JDBC OCI Client with oracle client ► JDBC Thin Client without oracle client

IWR Ideen werde n Realität D.Wochele Naming Methods ► Oracle Names  no longer supported ► Local Naming –define DB-connection in local files (sqlnet.ora, tnsnames.ora) on DB and every client ► Directory Naming –Set up a central LDAP Server to store all connection information ► Easy Connect Naming –Identify the DB-connection completely in the connection-string ► External Naming –NIS-Service or DCE Environment -> who is using this? Tools ► Oracle Net Manager –configure naming method, profiles, listeners –$ORACLE_HOME/bin/netmgr ► Oracle Net Configuration Assistant –$ORACLE_HOME/bin/netca –basic tool, runs after installation ► Virtual IP Configuration Assistant –CRS tool runs under root –map virtual IP to nodes

IWR Ideen werde n Realität D.Wochele The Listener Listener Details ► Control utility to start/stop and configure the listener $ORACLE_HOME/bin/lsnrctl ► Configuration file for listener $ORACLE_HOME/network/admin/listener.ora ► Server listener process. Read the configuration file “listener.ora” for information's as port numbers or SID’s $ORACLE_HOME/bin/tnslsnr Listener Modes ► DatabaseAccess to a database service ► ExecutableAccess to operation system executables (used by oracle) ► PLSExtProcMethod of PL/SQL packages to access operating system executables SID_LIST_LISTENER_RACLINUX1 = (SID_LIST = (SID_DESC = (SID_NAME = PLSExtProc) (ORACLE_HOME = /u01/app/oracle/product/10.2.0/db_1) (PROGRAM = extproc) ) Question: Are external procedures necessary? Can we delete this entries?

IWR Ideen werde n Realität D.Wochele listener.ora Is a local DB-Configuration file for... ► connection protocol addresses ► (static defined) services to listen for ► control parameters ► to name the listeners (in RAC: listener_name_nodename) Some Parameters ► LOG_DIRECTORY_listener_name (FILE) ► TRACE_LEVEL_listener_name (DIRECTORY,FILE,..) ► QUEUESIZE (Number of concurrent requests default=5) ► RECV_BUF_SIZE Port Numbers ► 1521older oracle standard port ► used for listeners ► 1630,[1830]default for connection manager, [cman-admin] ► 2483,[2484]official registered for TNS listener, [with SSL] Question: Do we need this for OEM?

IWR Ideen werde n Realität D.Wochele Example listener.ora LISTENER_RACLINUX1 = (DESCRIPTION_LIST = (DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST = raclinux1-vip.us.oracle.com)(PORT = 1521))) (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST = )(PORT = 1521)) ) LISTENER2_RACLINUX1 = (DESCRIPTION_LIST = (DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST = raclinux1-vip.us.oracle.com)(PORT = 1522)) ) (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST = )(PORT = 1522)) ) Example: 2 instances, each with 1 listener on different ports on a single server Question: Why is the real host-IP necessary?

IWR Ideen werde n Realität D.Wochele Get Connected with Listener is a process on DB-Server to handle connections DB-registration (pmon registers himself to the listerers ) ► read init-parameter ► looks for TNS_ADMIN variable or looks in $ORACLE_HOME/network/admin ► read sqlnet.ora to detect profile settings ► uses local tnsnames.ora to detect listeners ► read cman.ora if existent ► tries to register DB-Services to the LISTENERS ► or/and tries to register on Connection Manager for a service ► default registers to Port 1521 or default „LISTENER“ Client connection ► client looks for connection parameter in local tnsnames.ora (or EZconnect) ► client broadcasts a request for connection to a service ► listener brokers the request and forwards it to the database ► listener starts server-process and delivers the address (or the address of the dispatcher) to the client

IWR Ideen werde n Realität D.Wochele Listener Control Utility ► $ORACLE_HOME/bin/lsnrctl ► lsnrctl STOP [ listener_name] ► lsnrctl START [ listener_name] ► lsnrctl STATUS [ listener_name] –is it started? –where is the log or trace file? ► lsnrctl SERVICES –what services are up/used? –Is the load balanced ?

IWR Ideen werde n Realität D.Wochele INIT Parameter ► SERVICE_NAMES –list of possible client connection names –default is global_dbname (DB_NAME+DB_DOMAIN) Question: should we predefined common service names like atlas_geom, atlas_calib? ► INSTANCE_NAME (= SID) –set to identify the database instance to access. –used by OEM or in administrative tools ► LOCAL_LISTENER –identifies the listener for the local server instances for pmon register process –not necessary if Port 1521 is used (?) - i suggest to set it anyway! ► REMOTE_LISTENER –identifies listeners on other instances (node 2 of RAC) for pmon registration –identifies global list of listeners –needed to ensure failover

IWR Ideen werde n Realität D.Wochele sqlnet.ora Is a profile for... ► default domain to append to unqualified service names or net service names ► order of naming methods ► logging, tracing, routing ► security, access control Example: NAMES.DIRECTORY_PATH= (TNSNAMES) Parameter (can mostly be overwritten by client) ► SEND_BUF_SIZE, RECV_BUF_SIZE –default 16k –buffer size = (network bandwidth / 8) x (roundtrip time / 1000) use an average „ping time“ as roundtrip time –set in sqlnet.ora for all connections –mostly only the receive buffer is set in the client connection string ► SQLNET.SEND_TIMEOUT –limits the send-data-process from db ► SQLNET.RECV_TIMEOUT –limits the send-data-process from client ► USE_DEDICATED_SERVER –appends (SERVER=dedicated) to the connect data for a connect descriptor.

IWR Ideen werde n Realität D.Wochele tnsnames.ora Is a local connection-configuration file ► contains net service names mapped to connect descriptors net_service_name= (DESCRIPTION= (ADDRESS=( protocol_address_information)) (CONNECT_DATA= (SERVICE_NAME=service_name))) some parameters ► SERVER=DEDICATED vs.SHARED –as streams-user or admin use only DEDICATED –as a short-time connection (like a web server) use SHARED. –be sure not to use SHARED for fast sequences of SQL‘s Question: What are the requirements of the experiment services? ► Use explicit service_name (do not use GLOBAL_DBNAME) in RAC

IWR Ideen werde n Realität D.Wochele Example Server tnsnames.ora – Listeners LISTENER_RACDB1 = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST = raclinux1-vip.us.oracle.com)(PORT = 1521)) (ADDRESS = (PROTOCOL = TCP)(HOST = raclinux1-vip.us.oracle.com)(PORT = 1522)) ) LISTENER_RACDB2 = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST = raclinux1-vip.us.oracle.com)(PORT = 1522)) (ADDRESS = (PROTOCOL = TCP)(HOST = raclinux1-vip.us.oracle.com)(PORT = 1521)) ) LISTENERS_RACDB = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST = )(PORT = 1521)) (ADDRESS = (PROTOCOL = TCP)(HOST = )(PORT = 1522)) (ADDRESS = (PROTOCOL = TCP)(HOST = raclinux1-vip.us.oracle.com)(PORT = 1522)) (ADDRESS = (PROTOCOL = TCP)(HOST = raclinux1-vip.us.oracle.com)(PORT = 1521)) ) init-Parameterracdb1.local_listener = LISTENER_RACDB1 racdb1.remote_listener = LISTENER_RACDB2 Question: Is RACDB the „remote“ ? Question: You find often the real IP in addition here? Why?

IWR Ideen werde n Realität D.Wochele Example Server and Client tnsnames.ora – Services RACDB1 = (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = raclinux1-vip.us.oracle.com)(PORT = 1522)) (ADDRESS = (PROTOCOL = TCP)(HOST = raclinux1-vip.us.oracle.com)(PORT = 1521)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = RACDB) (INSTANCE_NAME = RACDB1) ) RACDB = (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = raclinux1-vip.us.oracle.com)(PORT = 1521)) (ADDRESS = (PROTOCOL = TCP)(HOST = raclinux1-vip.us.oracle.com)(PORT = 1522)) (LOAD_BALANCE = yes) (FAILOVER = false) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = RACDB) ) init-Parameter service_names = RACDB, list of service names

IWR Ideen werde n Realität D.Wochele RAC Failover an Load Balancing Failover and load balancing are set in the connection parameters Failover (Instance1 (I1) died) ► all new connects go to I2 and reestablishes client connections on I2 ► no restore of session parameters or program variables ► all selects are re-executed on I2 ► active transactions are rolled back ► DDL were canceled ► parameter (type, method, retries) for client TAF in tnsnames.ora ► see v$session for TAF status ► server side TAF policy (you do not have to encode TAF on the client connection string) Load Balancing ► shared server config.: balanced select of dispatchers ► dedicated server config. : balanced select of listeners Cluster Interconnect ► not stable over cross-over CAT5 Cable  network switch ► CRS does not support a redundant Cluster Interconnect (with 2 network cards or IP-addresses) Question: What services should be run in shared/dedicated mode with or without TAF or LB?

IWR Ideen werde n Realität D.Wochele Connection in a Private Network SAN VIP1,VIP IP1, IP2 ? IP1 VIP1 VIP2 IP2 public networkprivate network node 1 node 2 network switch Database: Services A,B,C Flash Rec Area PIP1 PIP2

IWR Ideen werde n Realität D.Wochele OCM Oracle Connection Manager ► act as a TNS-proxy with access-control ► additional installation ► cmctl ► $TNS_ADMIN/cman.ora ► DB register with init-parameter REMOTE_LISTENER=proxy ► tnsnames.ora SOURCE_ROUTE=yes proxy=(PROTOCOL=TCP)(HOST=lcgdbka1.fzk.de)(PORT=1541) CMAN_KA= (CONFIGURATION= (ADRESS=(PROTOCOL=TCP)(HOST=lcgdbka1.fzk.de)(PORT=1541) (RULE_LIST= (RULE=(SRC= *)(DST=DB1.gridka.de)(SRV=*) (ACT=ACCEPT)) (PARAMETER_LIST= (MAX_GATEWAY_PROCESSES=12) (MIN_GATEWAY_PROCESSES=2) (REMOTE_ADMIN=YES) ) Question: Does cman fully support load balancing and failover?

IWR Ideen werde n Realität D.Wochele Connection in a Private Network SAN CMAN (IPxxxx) NIC1 NIC2 IP1 VIP1 VIP2 IP2 public networkprivate network node 1 node 2 network switch Database: Services A,B,C Flash Rec Area Proxy CMAN PIP1 PIP2

IWR Ideen werde n Realität D.Wochele Directory Server ► LDAP compliant directory server ► central repository for –network information –user policies –user authentication and security ► ldap.ora on db-servers and clients assets and drawbacks ► a typical bottleneck! ► no distribution of client config files Question : Is this a possible concept?

IWR Ideen werde n Realität D.Wochele Oracle Net Troubleshooting ► ping hostname_node1[2] ► check network cards and connection –ifconfig –ethtool –iperf –netstat –tcpdump –ethereal ► tnsping service_name from server_node1[2] ► tnsping service_name from client ► lsnrctl services ► sqlplus

IWR Ideen werde n Realität D.Wochele Trace and Logging Sqlnet.log ► pmon registration to listener tail -f listener.log --> 01-MAR :11:46 * service_update * RACDB1 * 0 Listener Log ► Set LOG_STATUS=ON (default=OFF) ► $ORACLE_HOME/network/admin/.log is default ► Contains listener commands ► Only client connects, no further information Listener Trace ► much load, capture all NET-traffic ► for debugging only

IWR Ideen werde n Realität D.Wochele Security Listener ► in 10g listener runs under OS authentication, listener password only necessary to restrict remote control ► password accessible in listener.ora, protect by file-rights ► Set ADMIN_RESTRICTIONS_listener_name=ON allow no remote parameter changes (only listener.ora) #----ADDED BY TNSLSNR 13-MAR :33:29--- PASSWORDS_LISTENER_RACLINUX1 = 1DF5C2FD0FE9CFA2 SAVE_CONFIG_ON_STOP_LISTENER_RACLINUX1 = ON LOGGING_LISTENER_RACLINUX1 = ON # ► delete extproc–entry in listener.ora to prevent program-routines to act as oracle-user ? SQLNET ► using Certificate Authority for PKI ? (Oracle Advanced Security supports CyberSafe, RADIUS, Kerberos, SSL, Windows NT native authentication (NTS)) ► using checksums ? (SQLNET.CRYPTO_CHECKSUM_SERVER) ► using encryption? (SQLNET.ENCRYPTION_SERVER)

IWR Ideen werde n Realität D.Wochele Client Types ► full client ► instant client –installation involves copying a small number of files. –less client-side requirements –no loss of functionality or performance for applications deployed in Instant Client mode. –it is simple to package applications –configuration files are read (set TNS_ADMIN or $ORACLE_HOME to find them) (HOST=dlsun242) (PORT=5521)) (CONNECT_DATA=(SERVICE_NAME=bjava21)))"

IWR Ideen werde n Realität D.Wochele Easy Connect ► CONNECT username/ host[: port][/ service_name][/ instance_name] ► no LDAP, no tnsnames.ora ► SQLNET.ora –NAMES.DIRECTORY_PATH=(EZCONNECT) ► only client have to be 10g (you can connect to 9i) ► EZConnect Alias –Client name resolution for service-name (e.g cgcl1.fzk.de) DNS /etc/hosts Examples: connect JDBC:connect ► Easy Connect provides NO Failover or Load Balancing!