Configuring the Oracle Database, Real Application Cluster (RAC) or Exadata when behind a Network Address Translator (NAT) (文档 ID 397393.1)
正在加载中...
Configuring the Oracle Database, Real Application Cluster (RAC) or Exadata when behind a Network Address Translator (NAT) (文档 ID 397393.1) 文档 397393.pdf
=====================
Exadata Database Machine X2-8 - Version All Versions to All Versions [Release All Releases]
Oracle Database - Enterprise Edition - Version 9.2.0.8 to 11.2.0.3 [Release 9.2 to 11.2]
Exadata Database Machine X2-2 Full Rack - Version All Versions to All Versions [Release All Releases]
Exadata X3-2 Full Rack - Version All Versions to All Versions [Release All Releases]
Oracle Net Services - Version 9.2.0.1.0 to 11.2.0.3 [Release 9.2 to 11.2]
Information in this document applies to any platform.
Some symptoms may manifest intermittently as timeout errors ORA-12535, TNS-12203, or other connection
errors ORA-12541.
==================
The Transparent Network Substrate (TNS) Connection and NAT
The TNS connection is a part of the Session Layer TNS protocol. In the steps of creating a server
process that handles the login of the client, the connection setup follows the Open Systems
Interconnection (OSI) layers. The client first connects to the Listener using the TCP three-way
handshake. When a NAT device is used, it stands in the middle of this handshake and translates the
destination IP address the client used to the actual destination IP address of the server inside the
NAT controlled network. The NAT plays a very active role in the communication as each and every packet
needs to have both source and destination IP addresses changed according to the address mapping
configured in the NAT.
Once the TCP connection has been established, the client passes a TNS Connect packet, through the NAT,
to the Listener process. This Listener will either send a TNS Resend packet or a TNS Redirect packet
back to the client through the NAT. It is the TNS Redirect packet that creates the problem when using
a NAT. The Listener will send the TNS Redirect packet if the Database is configured for Shared Server
or if this is a RAC based system (which includes ExaData).
By default, the TNS Redirect packet contains the IP address of the host along with the port number of
the process the client is to be redirected to. This process can either be a Dispatcher or another
Listener. In the case of RAC the first Listener the client connects to is the Single Client Access
Name (SCAN) Listener and it redirects the client to a VIP Listener on the least loaded node. This IP
address is contained inside the TCP data section of the packet and is not part of the IP header. The
NAT will not know what is in the TNS Redirect packet so it won't modify that part of the packet.
The client receives the TNS Redirect packet and closes down the TCP connection, so to the NAT this
connection is closed. The client now takes the IP address and the port number that was contained in
the TNS Redirect and initiates a TCP connection using that IP address. If the database host's IP
address is returned, the client will not connect as it does not have a route to that IP address (or
the route leads to a different host), so the connection will fail with a TNS connect error. The
Listener must be told to return something that the client can correctly resolve to the NAT address
assigned to the Database.