ORA-3136的应对
WARNING: inbound connection timed out (ORA-3136)
参考:
metalink : Doc ID: Note:465043.1
http://www.eygle.com/archives/20 ... onnect_timeout.html
###################################################
1. 在alert.log中发现:
Thu Aug 9 21:21:17 2007
WARNING: inbound connection timed out (ORA-3136)
2. 同时在sqlnet.ora中发现:
Fatal NI connect error 12170.
VERSION INFORMATION:
TNS for HPUX: Version 10.2.0.3.0 - Production
Oracle Bequeath NT Protocol Adapter for HPUX: Version 10.2.0.3.0 - Production
TCP/IP NT Protocol Adapter for HPUX: Version 10.2.0.3.0 - Production
Time: 09-AUG-2007 21:21:17
Tracing not turned on.
Tns error struct:
ns main err code: 12535
TNS-12535: TNSperation timed out
ns secondary err code: 12606
nt main err code: 0
nt secondary err code: 0
nt OS err code: 0
Client address: (ADDRESS=(PROTOCOL=tcp)(HOST=192.168.×××.×××)(PORT=×××××))
3. 应对方法:
(1) 在listener.ora文件中添加INBOUND_CONNECT_TIMEOUT_=0
(2) 追加一个sqlnet.ora文件,并追加SQLNET.INBOUND_CONNECT_TIMEOUT=0
4. 使应对生效:
把修改过的listener都reload一次(因为是RAC环境),即可。
Oracle推荐再把数据库重启一次。
由于是OLTP的系统,所以暂时未让其生效,之后再进行跟踪。
5. Oracle文档对应的说法:
SQLNET.INBOUND_CONNECT_TIMEOUT
Purpose
Use the SQLNET.INBOUND_CONNECT_TIMEOUT parameter to specify the time, in seconds, for a client to connect with the database server and provide the necessary authentication information.
If the client fails to establish a connection and complete authentication in the time specified, then the database server terminates the connection. In addition, the database server logs the IP address of the client and an ORA-12170: TNS:Connect timeout occurred error message to the sqlnet.log file. The client receives either an ORA-12547: TNS:lost contact or an ORA-12637: Packet receive failed error message.
Without this parameter, a client connection to the database server can stay open indefinitely without authentication. Connections without authentication can introduce possible denial-of-service attacks, whereby malicious clients attempt to flood database servers with connect requests that consume resources.
To protect both the database server and the listener, Oracle Corporation recommends setting this parameter in combination with the INBOUND_CONNECT_TIMEOUT_listener_name parameter in the listener.ora file. When specifying values for these parameters, consider the following recommendations:
Set both parameters to an initial low value.
Set the value of the INBOUND_CONNECT_TIMEOUT_listener_name parameter to a lower value than the SQLNET.INBOUND_CONNECT_TIMEOUT parameter.
For example, you can set INBOUND_CONNECT_TIMEOUT_listener_name to 2 seconds and INBOUND_CONNECT_TIMEOUT parameter to 3 seconds. If clients are unable to complete connections within the specified time due to system or network delays that are normal for the particular environment, then increment the time as needed.
SQLNET.INBOUND_CONNECT_TIMEOUT
设置连入数据库后必须在多长时间内完成认证(如:输入用户名/密码),
超过此时间没有完成的话,数据库会断开此连接,并将客户端的IP地址和
ORA-12170: TNS:Connect timeout occurred错误信息记录到sqlnet.log,
而且客户端会收到ORA-12547: TNS:lost contact或ORA-12637: Packet receive failed错误信息。
这个设置主要是为了防止denial-of-service攻击
SQLNET.INBOUND_CONNECT_TIMEOUT
WARNING: inbound connection timed out (ORA-3136)处理方法
从oracle Version: 10.2.0.1.0起,有时会在alert.log中看到WARNING: inbound connection timed out (ORA-3136)报警信息,其实这是从10.2.0.1版本起oracle监听的一个功能变化,就是oracle监听在处理连接时,如果超时就会中断客户端连接。oracle的本意是防止类似DoS攻击,但不清楚的用户来说,反而成为困扰人的问题。georage.ma blog: http://blog.chinaunix.net/u/12521/
oracle 10.2.0.3及以上版本,默认超时间为60秒,老的版本是0,即没有超时设置。如果自己想设置这个时间,可以用以下方法设置(如果想关闭些功能,就设置为0即可):
1. In server side sqlnet.ora file add
SQLNET.INBOUND_CONNECT_TIMEOUT
For e.g
SQLNET.INBOUND_CONNECT_TIMEOUT = 120
2. In listener.ora file -
INBOUND_CONNECT_TIMEOUT_ = 110
For e.g if the listener name is LISTENER then -
INBOUND_CONNECT_TIMEOUT_LISTENER = 110
然后重启一下监听,就生效了。
From Oracle version 10.2.0.3 onwards the default value of INBOUND_CONNECT_TIMEOUT_ is 60 seconds. For previous releases it is zero by default.
georage.ma blog: http://blog.chinaunix.net/u/12521/
Metalink上给出了如下的解决方案:
1.set INBOUND_CONNECT_TIMEOUT_ =0 in listener.ora
2. set SQLNET.INBOUND_CONNECT_TIMEOUT = 0 in sqlnet.ora of server.
3. stop and start both listener and database.
4. Now try to connect to DB and observe the behaviour
I find the solution:
Set SQLNET.INBOUND_CONNECT__TIMEOUT = 0 in the sqlnet.ora file.For example:
# sqlnet.ora Network Configuration File: /u01/app/oracle/10.2.0/db_1/network/admin/sqlnet.ora
# Generated by Oracle configuration tools.
NAMES.DIRECTORY_PATH = (TNSNAMES, EZCONNECT)
SQLNET.INBOUND_CONNECT__TIMEOUT = 0
这是metalink 上给的解答,但我觉得根本没讲到原因.
我看了DOC文档 SQLNET.INBOUND_CONNECT_TIMEOUT文档里写的是client连接 DB SERVER并提供必须的验证信息;
而INBOUND_CONNECT_TIMEOUT_listener_name 制的是listener 在规定时间内接收到client发来的连接请求.
我不明白的是什么使得数据库会在这两点上花上超过60秒并报超时?原理是什么?这当中所谓的验证和接收连接请求慢的原因呢?报错的时间数据库并不繁忙,且网速没有问题的
因为这个是一个bug.
而这个仅仅是一个Workaround
来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/7532565/viewspace-598121/,如需转载,请注明出处,否则将追究法律责任。
转载于:http://blog.itpub.net/7532565/viewspace-598121/