ORA-3136的应对

1. 在alert.log中发现:
Thu Aug 9 21:21:17 2007
WARNING: inbound connection timed out (ORA-3136)

2. 同时在sqlnet.ora中发现:
Fatal NI connect error 12170.

VERSION INFORMATION:
TNS for HPUX: Version 10.2.0.3.0 – Production
Oracle Bequeath NT Protocol Adapter for HPUX: Version 10.2.0.3.0 – Production
TCP/IP NT Protocol Adapter for HPUX: Version 10.2.0.3.0 – Production
Time: 09-AUG-2007 21:21:17
Tracing not turned on.
Tns error struct:
ns main err code: 12535
TNS-12535: TNSperation timed out
ns secondary err code: 12606
nt main err code: 0
nt secondary err code: 0
nt OS err code: 0
Client address: (ADDRESS=(PROTOCOL=tcp)(HOST=192.168.×××.×××)(PORT=×××××))

3. 应对方法:
(1) 在listener.ora文件中添加INBOUND_CONNECT_TIMEOUT_ =0
(2) 追加一个sqlnet.ora文件,并追加SQLNET.INBOUND_CONNECT_TIMEOUT=0

4. 使应对生效:
把修改过的listener都reload一次(因为是RAC环境),即可。
Oracle推荐再把数据库重启一次。
由于是OLTP的系统,所以暂时未让其生效,之后再进行跟踪。

5. Oracle文档对应的说法:
SQLNET.INBOUND_CONNECT_TIMEOUT
Purpose
Use the SQLNET.INBOUND_CONNECT_TIMEOUT parameter to specify the time, in seconds, for a client to connect with the database server and provide the necessary authentication information.

If the client fails to establish a connection and complete authentication in the time specified, then the database server terminates the connection. In addition, the database server logs the IP address of the client and an ORA-12170: TNS:Connect timeout occurred error message to the sqlnet.log file. The client receives either an ORA-12547: TNS:lost contact or an ORA-12637: Packet receive failed error message.

Without this parameter, a client connection to the database server can stay open indefinitely without authentication. Connections without authentication can introduce possible denial-of-service attacks, whereby malicious clients attempt to flood database servers with connect requests that consume resources.

To protect both the database server and the listener, Oracle Corporation recommends setting this parameter in combination with the INBOUND_CONNECT_TIMEOUT_listener_name parameter in the listener.ora file. When specifying values for these parameters, consider the following recommendations:

Set both parameters to an initial low value.
Set the value of the INBOUND_CONNECT_TIMEOUT_listener_name parameter to a lower value than the SQLNET.INBOUND_CONNECT_TIMEOUT parameter.
For example, you can set INBOUND_CONNECT_TIMEOUT_listener_name to 2 seconds and INBOUND_CONNECT_TIMEOUT parameter to 3 seconds. If clients are unable to complete connections within the specified time due to system or network delays that are normal for the particular environment, then increment the time as needed.

Trackback

no comment untill now

Add your comment now

切换到手机版