标签:NODE listener Enable RAC CHECKING registration LISTENER Instances REGISTRATION
VNCR is supported for the cluster. Use MOS note 1914282.1 to ensure you've done all the required steps
===============================
How to Enable VNCR on RAC Database to Register only Local Instances (Doc ID 1914282.1)
Oracle Net Services - Version 11.2.0.4 to 12.1.0.2 [Release 11.2 to 12.1]
Oracle Database - Enterprise Edition - Version 11.2.0.4 to 12.1.0.2 [Release 11.2 to 12.1]
Information in this document applies to any platform.
GOAL
Starting with 11.2.0.4 we have the option of using VNCR to protect the listener from having remote/unknown instances registering to it.
See Note 1600630.1 Valid Node Checking For Registration (VNCR)
On 12.1 RAC databases, the parameter VALID_NODE_CHECKING_REGISTRATION_listener_name for both local and scan listeners is set by default to SUBNET/2 i.e. all machines in the subnet are allowed registration. This is done in order to allow registration to the local listeners and scan listeners from the instances on the other nodes of the RAC.
On 11.2.0.4 RAC databases, the parameter VALID_NODE_CHECKING_REGISTRATION_listener_name is set to off.
However, sometimes this allows other instances in the same subnet to register against these listeners. We want to prevent that and allow only local instances to that RAC database to be regsitered with these listeners.
SOLUTION
On 11.2.0.4:
To accomplish only local registration of the instances to local and scan listeners, the following settings will need to be made in listener.ora on all nodes:
VALID_NODE_CHECKING_REGISTRATION_LISTENER=1
VALID_NODE_CHECKING_REGISTRATION_LISTENER_SCAN1=1
REGISTRATION_INVITED_NODES_LISTENER_SCAN1=(<list of public ip's of all nodes>)
VALID_NODE_CHECKING_REGISTRATION_LISTENER_SCAN2=1
REGISTRATION_INVITED_NODES_LISTENER_SCAN2=(<list of public ip's of all nodes>)
VALID_NODE_CHECKING_REGISTRATION_LISTENER_SCAN3=1
REGISTRATION_INVITED_NODES_LISTENER_SCAN3=(<list of public ip's of all nodes>)
For example, for a two node rac with two scan listeners, we will have on both nodes:
VALID_NODE_CHECKING_REGISTRATION_LISTENER=1
VALID_NODE_CHECKING_REGISTRATION_LISTENER_SCAN1=1
REGISTRATION_INVITED_NODES_LISTENER_SCAN1=(node1,node2)
VALID_NODE_CHECKING_REGISTRATION_LISTENER_SCAN2=1
REGISTRATION_INVITED_NODES_LISTENER_SCAN2=(node1,node2)
Having VALID_NODE_CHECKING_REGISTRATION_LISTENER and VALID_NODE_CHECKING_REGISTRATION_LISTENER_SCANX set to 1 will allow local instances on that node to be registered. REGISTRATION_INVITED_NODES_LISTENER_SCANX parameter will add to the invited nodes all the instances on the other nodes. We will need to use public ip's of the nodes, even if the local listeners run only on VIP's (and not on both as ot is default in 11.2 and higher).
On 12c:
Starting with 12c, we can no longer set VALID_NODE_CHECKING_REGISTRATION_LISTENER_SCANx=1 / REGISTRATION_INVITED_NODES_LISTENER_SCANx in listener.ora, as it will be overwritten by the agent. If we set 'invitednodes'/'invitedsubnets' using the srvctl utility, like below, then the agent will automatically set in listener.ora VALID_NODE_CHECKING_REGISTRATION_LISTENER_SCANx to value 'SUBNET' and REGISTRATION_INVITED_NODES_LISTENER_SCANx to the specific list.
srvctl modify scan_listener {-update | -endpoints [TCP:]port[/IPC:key] [/NMP:pipe_name][/TCPS:s_port][/SDP:port] } [-invitednodes node_list] [-invitedsubnets subnet_list]
Note that in: In 11.2.0.4 '-invitednodes'/'-invitedsubnets' option for srvctl command is not available
Starting with 12c a new parameter is available, REMOTE_REGISTRATION_ADDRESS_<listener_name>. This parameter is configured internally in the SCAN listener to restrict registrations to the private network. The registration endpoint is on a private network within the cluster. All remote registration requests coming in on normal listening endpoints are redirected to the registration endpoint. Any system which is not a part of the cluster cannot connect to the endpoint.
The value of this parameter should not be modified or specified explicitly. The only supported explicit setting is for turning this feature off by setting the value to OFF. The value is OFF in non-SCAN listeners.
You can check its value by running:
lsnrctl show remote_registration_address <listener_name>
Example:
LSNRCTL>set current_listener LISTENER_SCAN1
LSNRCTL>show remote_registration_address
All the instances registration requests will be redirected to this private endpoint and only the instances from the same cluster will be able to register with the scan listeners. This is the alternative for VNCR settings on local listeners.
NOTE: In 12.1.0.2, the GI agent sets the remote_registration_address to HAIP or the private IP address by default. This is true for both local listener and scan_listener.
The agent turns the remote_registration_address to off if invited_nodes or invited_subnet (VNCR) is set using srvctl.
The agent also turns the remote_registration_address to off if invited_nodes or invited_subnet (VNCR) information is found in the listener.ora file.
Both database and the GRID home must be at version 12. If the database is pre 12 OR upgraded from 11g, the REMOTE_REGISTRATION_ADDRESS will not be set to HAIP. VNCR will not be enabled by default for those instances that have been upgraded from 11g.
As of 12.1.0.2 Grid Infrastructure, VCNR is enabled by default (since REMOTE_REGISTRATION_ADDRESS points only to internal IP address) and there is no additional step required.
If one wants to relax this default VCNR in 12.1.0.2, he can use srvctl modify invited_node or invited_subnet commands
================================
标签:NODE,listener,Enable,RAC,CHECKING,registration,LISTENER,Instances,REGISTRATION 来源: https://www.cnblogs.com/yaoyangding/p/14932669.html
本站声明: 1. iCode9 技术分享网(下文简称本站)提供的所有内容,仅供技术学习、探讨和分享; 2. 关于本站的所有留言、评论、转载及引用,纯属内容发起人的个人观点,与本站观点和立场无关; 3. 关于本站的所有言论和文字,纯属内容发起人的个人观点,与本站观点和立场无关; 4. 本站文章均是网友提供,不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属;如您发现该文章侵犯了您的权益,可联系我们第一时间进行删除; 5. 本站为非盈利性的个人网站,所有内容不会用来进行牟利,也不会利用任何形式的广告来间接获益,纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。