This discussion is archived
8 Replies Latest reply: Feb 15, 2013 3:49 AM by g777 RSS

network problem - connection for developers

g777 Journeyer
Currently Being Moderated
Hi

I'm going to use Oracle RAC 11gR2 on top of RH Linux (2 nodes).
The cluster will be accessed by application server (web application running on another Windows machine).

I want to push the whole application (=users) traffic via dedicated network (not public LAN) between app server and database cluster. Let's call it "internal public" network.
(FYI only, it's for performance sake).

This wouldn't be a problem if developers don't need to connect directly to the database. But they need it!

Please, explain to me, if possible, how to create network (and install clusterware/db) to allow:
1. traffic between app server and db cluster (let's say in subnet 192.168.0.0/24 and - "internal public")
2. connecting developers over LAN network to this db (from public corporate subnet 10.154.40.0/24).

Note. The interconnect is the 3rd network but it doesn't impact other networks so we skip it here.
And don't worry, I have enough ethernet adapters.

I understand that listeners will work on the IP's given in /1/.
But is there a way to somehow forward the connections from LAN to this "internal public" subnet or something else...?
  • 1. Re: network problem - connection for developers
    JohnWatson Guru
    Currently Being Moderated
    Register your networks, giving them each a unique network number (if that wasn't done at install time):
    srvctl add network -k give_it_a_number -s the_subnet_mask
    add a VIP for each network:
    srvctl add vip -n node_name -k the_number -A ip_and_mask
    create listeners for the internal public and the corporate networks, nominating a network number:
    srvctl add listener -l listener_name -p port_numbr -k network_number
    then use TNSnames to direct the apps server to one listener and your developers to the other.
    Easy!
  • 2. Re: network problem - connection for developers
    g777 Journeyer
    Currently Being Moderated
    Thanks a lot, I will try it on my VBoxes and come back with results.
  • 3. Re: network problem - connection for developers
    Sebastian Solbach (DBA Community) Guru
    Currently Being Moderated
    Hi John,

    your forgot one important step:

    set listener_networks parameter in the instance to separate both networks.

    Otherwise you will have the problem of cross loadbalancing: It could happen that the developers come in from one network and are forwarded to the application user networks (which will fail, because different network address).

    How to Configure A 2nd Listener on a separate Network in 11.2 Grid Infrastructure (Doc ID 1063571.1)

    Regards
    Sebastian
  • 4. Re: network problem - connection for developers
    g777 Journeyer
    Currently Being Moderated
    Another issue arose. Seems it is NOT ok to define virtual interface like eth2:0 for 2nd network.
    I've created such one on both nodes (it's just for testing, no more eth's available, all 4 Vbox NIC's used), but it gives errors when creating the network.

    Here's the new device

    eth2:0 Link encap:Ethernet HWaddr 08:00:27:BD:FC:3E
    inet addr:192.168.200.11 Bcast:192.168.200.255 Mask:255.255.255.0
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

    then:

    [root@plwrs-vm1 ~]# srvctl add network -k 2 -S 192.168.200.0/255.255.255.0/eth2 -v
    Successfully added Network.

    it shows offline:

    ora.net2.network
    OFFLINE OFFLINE plwrs-vm1
    OFFLINE OFFLINE plwrs-vm2

    When I try to force start:

    [root@plwrs-vm1 ~]# crsctl start res ora.net2.network
    CRS-2672: Attempting to start 'ora.net2.network' on 'plwrs-vm1'
    CRS-2672: Attempting to start 'ora.net2.network' on 'plwrs-vm2'
    CRS-2674: Start of 'ora.net2.network' on 'plwrs-vm1' failed
    CRS-2674: Start of 'ora.net2.network' on 'plwrs-vm2' failed
    CRS-4000: Command Start failed, or completed with errors.


    So eth2:0 is not good idea, as it probes the subnet of eth2

    orarootagent_root.log
    ---
    2013-02-13 13:10:39.593: [ora.net2.network][3724412672] {1:11342:179} [start] Checking if eth2 Interface is fine
    2013-02-13 13:10:39.607: [ora.net2.network][3724412672] {1:11342:179} [start] ifname=eth2
    2013-02-13 13:10:39.608: [ora.net2.network][3724412672] {1:11342:179} [start] subnetmask=255.255.255.0
    2013-02-13 13:10:39.608: [ora.net2.network][3724412672] {1:11342:179} [start] subnetnumber=10.154.10.0
    2013-02-13 13:10:39.608: [   AGENT][3724412672] {1:11342:179} UserErrorException: Locale is
    2013-02-13 13:10:39.609: [ora.net2.network][3724412672] {1:11342:179} [start] CRS-5008: Invalid attribute value: eth2 for the network interface

    Edited by: g777 on 2013-02-13 14:18


    OK, I employed temporarly another interface (eth3), and it WORKS.


    One more question:
    ----
    I've had to configure SCAN (the installer forces to do it).
    I haven't got any DNS server in my internal network, so I put just one entry of SCAN name to '/etc/hosts' file like:
    192.168.2.123 plwrs-vm-scan.protondomain plwrs-vm-scan
    The SCAN is up and running (also failover works fine among the 2 nodes I have).
    what's your opinion? -
    - should I use SCAN as usual in link definition (alias) for regular application connections?
    or
    - it's better to define 10g-fashioned alias on APP server?
    (let's say, due to not supported SCAN configuration; in fact I don't know if this is the fact).

    Edited by: g777 on 2013-02-13 14:29
  • 5. Re: network problem - connection for developers
    ursusca Explorer
    Currently Being Moderated
    Oracle recommends to use SCAN as it simplifies client connectivity and eliminates the need to modify database connect strings when the cluster grows and/or shrinks. It gives you a single name for clients to access DBs running in a cluster. The benefit that the client’s connect information does not need to change if you add or remove nodes in the cluster. If you don't want that benefit then you can still use 10g-fashioned alias.

    11gR2 Grid Infrastructure Single Client Access Name (SCAN) Explained [ID 887522.1]
  • 6. Re: network problem - connection for developers
    g777 Journeyer
    Currently Being Moderated
    yes, I know the general teaching on that ;-)
    my question arise in the non-standard configuration, where I put one SCAN entry into /etc/hosts instead of 3 entries into DNS records (as I haven't got it,and won't have, in my internal/private network).
    Is it supported solution by MOS?
    As I wrote the failover works, so I wonder, if I can use it in production.
    If not, I can always turn off and disable SCAN and use old-fashioned aliases.

    Any clues, experience?
  • 7. Re: network problem - connection for developers
    LANCERIQUE Newbie
    Currently Being Moderated
    Hi g777 ,

    Oracle recommends to use SCAN but if you dont want to use the same, you can use VIP's as in 11gR1 for TAF. SCAN would be required to bypass installation (oui). As you mentioned, you just need to make one SCAN entry in your /etc/hosts and need to set your nslookup file.

    We have setup a 2-node RAC (production) without SCAN after confirming with MOS. You can also refer below link to set up dummy SCAN.

    http://www.oracle.com/technetwork/articles/hunter-rac11gr2-iscsi-3-088680.html

    Regards,
    Nikhil Mehta.
  • 8. Re: network problem - connection for developers
    g777 Journeyer
    Currently Being Moderated
    I will also consult MOS.

    Thanks a lot guys! Great help.

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points