Configuring the Oracle Database, Real Application Cluster (RAC) or Exadata when behind a Network Address Translator (NAT) (文档 ID 397393.1)

Configuring the Oracle Database, Real Application Cluster (RAC) or Exadata when behind a Network Address Translator (NAT) (文档 ID 397393.1) 文档 397393.pdf

=====================

Exadata Database Machine X2-8 - Version All Versions to All Versions [Release All Releases]

Oracle Database - Enterprise Edition - Version 9.2.0.8 to 11.2.0.3 [Release 9.2 to 11.2]

Exadata Database Machine X2-2 Full Rack - Version All Versions to All Versions [Release All Releases]

Exadata X3-2 Full Rack - Version All Versions to All Versions [Release All Releases]

Oracle Net Services - Version 9.2.0.1.0 to 11.2.0.3 [Release 9.2 to 11.2]

Information in this document applies to any platform.

Some symptoms may manifest intermittently as timeout errors ORA-12535, TNS-12203, or other connection

errors ORA-12541.

==================

The Transparent Network Substrate (TNS) Connection and NAT

The TNS connection is a part of the Session Layer TNS protocol. In the steps of creating a server

process that handles the login of the client, the connection setup follows the Open Systems

Interconnection (OSI) layers. The client first connects to the Listener using the TCP three-way

handshake. When a NAT device is used, it stands in the middle of this handshake and translates the

destination IP address the client used to the actual destination IP address of the server inside the

NAT controlled network. The NAT plays a very active role in the communication as each and every packet

needs to have both source and destination IP addresses changed according to the address mapping

configured in the NAT.

Once the TCP connection has been established, the client passes a TNS Connect packet, through the NAT,

to the Listener process. This Listener will either send a TNS Resend packet or a TNS Redirect packet

back to the client through the NAT. It is the TNS Redirect packet that creates the problem when using

a NAT. The Listener will send the TNS Redirect packet if the Database is configured for Shared Server

or if this is a RAC based system (which includes ExaData).

By default, the TNS Redirect packet contains the IP address of the host along with the port number of

the process the client is to be redirected to. This process can either be a Dispatcher or another

Listener. In the case of RAC the first Listener the client connects to is the Single Client Access

Name (SCAN) Listener and it redirects the client to a VIP Listener on the least loaded node. This IP

address is contained inside the TCP data section of the packet and is not part of the IP header. The

NAT will not know what is in the TNS Redirect packet so it won't modify that part of the packet.

The client receives the TNS Redirect packet and closes down the TCP connection, so to the NAT this

connection is closed. The client now takes the IP address and the port number that was contained in

the TNS Redirect and initiates a TCP connection using that IP address. If the database host's IP

address is returned, the client will not connect as it does not have a route to that IP address (or

the route leads to a different host), so the connection will fail with a TNS connect error. The

Listener must be told to return something that the client can correctly resolve to the NAT address

assigned to the Database.