转载时请务必以超链接形式标明文章 原始出处和作者信息及本版权声明。
链接:http://www.dbasky.net/archives/2009/05/oracle10gora-3136.html
最近二个节点Oracle10gR2 RAC的生产环境中在警告日志文件中出现警告信息:
WARNING: inbound connection timed out (ORA-3136)而且sqlnet.log中记录了信息:
在metalink上查询了一下,发现这个错误在10g当中是很常见的。Metalink上有专门的bug和note对这个问题办法.Fatal NI connect error 12170.
VERSION INFORMATION:
TNS for Linux: Version 10.2.0.4.0 - Production
Oracle Bequeath NT Protocol Adapter for Linux: Version 10.2.0.4.0 - Production
TCP/IP NT Protocol Adapter for Linux: Version 10.2.0.4.0 - Production
Time: 19-JUL-2009 11:25:26
Tracing not turned on.
Tns error struct:
ns main err code: 12535
TNS-12535: TNS:operation timed out
ns secondary err code: 12606
nt main err code: 0
nt secondary err code: 0
nt OS err code: 0
Client address: (ADDRESS=(PROTOCOL=tcp)(HOST=192.168.1.129)(PORT=1521))
通过修改listener.ora和sqlnet.ora中的这个参数值:
1.set INBOUND_CONNECT_TIMEOUT_<listenername>=0 in listener.ora
2. set SQLNET.INBOUND_CONNECT_TIMEOUT = 0 in sqlnet.ora of server.
3. stop and start both listener and database.
4. Now try to connect to DB and observe the behaviour
关于SQLNET.INBOUND_CONNECT_TIMEOUT参数,Oracle建议修改该参数,以避免denial-of-service攻击.
引用一段Oracle文档说明如下:
SQLNET.INBOUND_CONNECT_TIMEOUT
Purpose
Use
the SQLNET.INBOUND_CONNECT_TIMEOUT parameter to specify the time, in seconds,
for a client to connect with the database server and provide the necessary
authentication information.
If the client fails to establish a connection and complete authentication in the time specified, then the database server terminates the connection. In addition, the database server logs the IP address of the client and an ORA-12170: TNS:Connect timeout occurred error message to the sqlnet.log file. The client receives either an ORA-12547: TNS:lost contact or an ORA-12637: Packet receive failed error message.
Without this parameter, a client connection to the database server can stay open indefinitely without authentication. Connections without authentication can introduce possible denial-of-service attacks, whereby malicious clients attempt to flood database servers with connect requests that consume resources.
To protect both the database server and the listener, Oracle Corporation recommends setting this parameter in combination with the INBOUND_CONNECT_TIMEOUT_listener_name parameter in the listener.ora file. When specifying values for these parameters, consider the following recommendations:
Set both parameters to an initial low value.
Set the value of the
INBOUND_CONNECT_TIMEOUT_listener_name parameter to a lower value than the
SQLNET.INBOUND_CONNECT_TIMEOUT parameter.
For example, you can set
INBOUND_CONNECT_TIMEOUT_listener_name to 2 seconds and INBOUND_CONNECT_TIMEOUT
parameter to 3 seconds. If clients are unable to complete connections within the
specified time due to system or network delays that are normal for the
particular environment, then increment the time as needed.
See Also:
Oracle9i Net Services Administrator's Guide for
information about configuring these parameters
Default
None
Example
SQLNET.INBOUND_CONNECT_TIMEOUT=3
发表评论