最近一台新上线的OraclegR数据库在警告日志文件中(alertlog)持续出现如下错误:
Tue Jul ::
WARNING: inbound connection timed out (ORA)
Tue Jul ::
WARNING: inbound connection timed out (ORA)
Tue Jul ::
WARNING: inbound connection timed out (ORA)
Tue Jul ::
WARNING: inbound connection timed out (ORA)
Tue Jul ::
WARNING: inbound connection timed out (ORA)
同时在sqlnetlog中记录了如下错误:
Fatal NI connect error
VERSION INFORMATION:
TNS for Linux: Version Production
Oracle Bequeath NT Protocol Adapter for Linux: Version Production
TCP/IP NT Protocol Adapter for Linux: Version Production
Time: JUL ::
Tracing not turned on
Tns error struct:
ns main err code:
TNS: TNS:operation timed out
ns secondary err code:
nt main err code:
nt secondary err code:
nt OS err code:
Client address: (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=))
这是和网络连接相关的一个错误Metalink上给出了如下的解决方案:
set INBOUND_CONNECT_TIMEOUT_
= in listenerora
set SQLNETINBOUND_CONNECT_TIMEOUT = in sqlnetora of server
stop and start both listener and database
Now try to connect to DB and observe the behaviour
这里重起数据库和Listener我认为是没有必要的我们reload一下Listner应该就可以了
[oracle@order admin]$ lsnrctl
LSNRCTL for Linux: Version Production on JUL ::
Copyright (c) Oracle All rights reserved
Welcome to LSNRCTL type help for information
LSNRCTL> reload
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=)(PORT=)))
The command completed successfully
LSNRCTL> services
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=)(PORT=)))
Services Summary
Service order has instance(s)
Instance order status UNKNOWN has handler(s) for this service
Handler(s):
DEDICATED established: refused:
LOCAL SERVER
Instance order status READY has handler(s) for this service
Handler(s):
DEDICATED established: refused: state:ready
LOCAL SERVER
The command completed successfully
LSNRCTL> show inbound_connect_timeout
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=)(PORT=)))
LISTENER parameter inbound_connect_timeout set to
The command completed successfully
LSNRCTL> exit
修改之后观察了一段时间目前正常
关于SQLNETINBOUND_CONNECT_TIMEOUT参数Oracle建议修改该参数以避免denialofservice攻击
引用一段Oracle文档说明如下:
SQLNETINBOUND_CONNECT_TIMEOUT
Purpose
Use the SQLNETINBOUND_CONNECT_TIMEOUT parameter to specify the time in seconds for a client to connect with the database server and provide the necessary authentication information
If the client fails to establish a connection and complete authentication in the time specified then the database server terminates the connection In addition the database server logs the IP address of the client and an ORA: TNS:Connect timeout occurred error message to the sqlnetlog file The client receives either an ORA: TNS:lost contact or an ORA: Packet receive failed error message
Without this parameter a client connection to the database server can stay open indefinitely without authentication Connections without authentication can introduce possible denialofservice attacks whereby malicious clients attempt to flood database servers with connect requests that consume resources
To protect both the database server and the listener Oracle Corporation recommends setting this parameter in combination with the INBOUND_CONNECT_TIMEOUT_listener_name parameter in the listenerora file When specifying values for these parameters consider the following recommendations:
Set both parameters to an initial low value
Set the value of the INBOUND_CONNECT_TIMEOUT_listener_name parameter to a lower value than the SQLNETINBOUND_CONNECT_TIMEOUT parameter
For example you can set INBOUND_CONNECT_TIMEOUT_listener_name to seconds and INBOUND_CONNECT_TIMEOUT parameter to seconds If clients are unable to complete connections within the specified time due to system or network delays that are normal for the particular environment then increment the time as needed
See Also:
Oraclei Net Services Administrators Guide for information about configuring these parameters
Default
None
Example
SQLNETINBOUND_CONNECT_TIMEOUT=