20171120关于INBOUND_CONNECT_TIMEOUT设置-阿里云开发者社区

[20171120]关于INBOUND_CONNECT_TIMEOUT设置.txt

--//上午翻看以前我的发的帖子,发现链接:http://www.itpub.net/thread-2066758-1-1.html
--//今天再仔细看了一下,注意看了一下别人的回复,才发现一些细节问题,原始链接:
--//http://www.cnblogs.com/kerrycode/p/5224483.html

关于sqlnet.ora的参数SQLNET.INBOUND_CONNECT_TIMEOUT，它表示等待用户认证超时的时间，单位是秒，缺省值是60秒，如果用户认证超
时了，服务器日志alert.log显示出错信息"WARNING: inbound connection timed out (ORA-3136)"，sqlnet.log里面出现TNS-12535:
TNS:operation timed out错误信息。

关于listener.ora的参数inbound_connect_timeout_监听器名，它表示等待用户连接请求超时的时间，单位是秒，缺省值是60秒，如果连
接请求超时了，监听器日志listener.log显示出错信息"TNS-12525: TNS:listener has not received client's request in time
allowed"。

其中sqlnet.ora里面的参数为SQLNET.INBOUND_CONNECT_TIMEOUT， listener.ora里面的参数设置为
INBOUND_CONNECT_TIMEOUT_listener_name ，其中根据监听名字来替换listener_name。官方文档关于两者的介绍如下所示：

SQLNET.INBOUND_CONNECT_TIMEOUT parameter in sqlnet.ora on the database server

Specify the time, in seconds, for a client to connect with the database server and provide the necessary authentication
information. If the client fails to establish a connection and complete authentication in the time specified, then the
database server terminates the connection. In addition, the database server logs the IP address of the client and an
ORA-12170: TNS:Connect timeout occurred error message to the sqlnet.log file. The client receives either an ORA-12547:
TNS:lost contact or an ORA-12637: Packet receive failed error message.

INBOUND_CONNECT_TIMEOUT_listener_name in listener.ora

Specify the time, in seconds, for the client to complete its connect request to the listener after the network
connection had been established.

If the listener does not receive the client request in the time specified, then it terminates the connection. In
addition, the listener logs the IP address of the client and an ORA-12525: TNS:listener has not received client’s
request in time allowed error message to the listener.log file

查看inbound_connect_timeout值

1：查看SQLNET.INBOUND_CONNECT_TIMEOUT的设置值，一般进入$ORACLE_HOME/network/admin下，查看sqlnet.ora参数文件即可。

2：查看监听INBOUND_CONNECT_TIMEOUT参数，可以查看listener.ora参数文件。但是有时候，例如默认情况，参数文件里面没有设置这个
参数，或是有些动态监听没有配置listener.ora，那么可以使用lsnrctl命令查看，如下所示：

--//下午我仔细看,才发现我以前的测试错误在那里.我以为2个都可以通过telnet ip port的方式测试出来.理解错误.^_^ .
--//实际上文档已经明确说明,看文档还是不够认真,理解还是不够透彻.
--//测试SQLNET.INBOUND_CONNECT_TIMEOUT,需要网络连接,出现超时才会报错.

1.测试环境:
SCOTT@book> @ &r/ver1
PORT_STRING VERSION BANNER
------------------------------ -------------- --------------------------------------------------------------------------------
x86_64/Linux 2.4.xx 11.2.0.4.0 Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production

2.测试一:
--//首先不做任何设置(缺省设置)
--//session 3:
$ ps -ef | grep oracleboo[k]
--//当前没有任何通过网络连接到数据库.
--//打开几个会话:
--//session 1:
$ tail -f alert*.log

--//session 2:
$ cd /u01/app/oracle/product/11.2.0.4/dbhome_1/network/log
--//注意:监听listener.log的目录位置,我在监听配置中加入DIAG_ADR_ENABLED_LISTENER=OFF.
$ tail -f sqlnet.log listener.log

$ date;sqlplus scott/xxxxx@book
Mon Nov 20 16:30:37 CST 2017
SQL*Plus: Release 11.2.0.4.0 Production on Mon Nov 20 16:30:38 2017
Copyright (c) 1982, 2013, Oracle. All rights reserved.
ERROR:
ORA-01017: invalid username/password; logon denied
Enter user-name:
--//不做任何操作,等60秒....

--//session 3:
$ ps -ef | grep oracleboo[k]
oracle 56566 1 0 16:34 ? 00:00:00 oraclebook (LOCAL=NO)
--//可以发现服务端开启1个进程.

$ tail -f alert*.log
Mon Nov 20 16:31:38 2017
WARNING: inbound connection timed out (ORA-3136)

$ tail -f sqlnet.log listener.log
==> sqlnet.log <==
***********************************************************************
Fatal NI connect error 12170.

VERSION INFORMATION:
        TNS for Linux: Version 11.2.0.4.0 - Production
        Oracle Bequeath NT Protocol Adapter for Linux: Version 11.2.0.4.0 - Production
        TCP/IP NT Protocol Adapter for Linux: Version 11.2.0.4.0 - Production
Time: 20-NOV-2017 16:31:38
Tracing not turned on.
Tns error struct:
    ns main err code: 12535
    TNS-12535: TNS:operation timed out
    ns secondary err code: 12606
    nt main err code: 0
    nt secondary err code: 0
    nt OS err code: 0
Client address: (ADDRESS=(PROTOCOL=tcp)(HOST=192.168.100.78)(PORT=42714))

--//listener.log没有相关输出.
--//注意看时间,相减就是60秒.

$ ps -ef | grep oracleboo[k]
--//没有输出.说明进程已经over.
--//也就是在网络连接错误超时的情况下,oracle要通过SQLNET.INBOUND_CONNECT_TIMEOUT参数确定超时认证时间.
--//如果通过telnet(注client ip:192.168.100.40 ) 连接测试:
# date;time telnet 192.168.100.78 1521
Mon Nov 20 16:44:12 CST 2017
Trying 192.168.100.78...
Connected to gxqyydg4 (192.168.100.78).
Escape character is '^]'.

--//session 3:
$ ps -ef | grep oracleboo[k]
--//可以发现根本没有相关进程.

# lsof -P -n -i | grep 192.168.100.40
tnslsnr 56702 oracle 15u IPv4 37111676 0t0 TCP 192.168.100.78:1521->192.168.100.40:40923 (ESTABLISHED)

# ps -ef | grep 5670[2]
oracle 56702 1 0 Nov20 ? 00:00:01 /u01/app/oracle/product/11.2.0.4/dbhome_1/bin/tnslsnr LISTENER -inherit
--//进程号对于监听进程.

# date;time telnet 192.168.100.78 1521
Tue Nov 21 08:41:12 CST 2017
Trying 192.168.100.78...
Connected to gxqyydg4 (192.168.100.78).
Escape character is '^]'.
Connection closed by foreign host.
real    1m0.106s
user    0m0.001s
sys     0m0.001s

--//你可以发现在服务器还没有开启服务器进程,仅仅存在一个网络连接.而这个时候实际上监听配置inbound_connect_timeout_监听器名起作
--//用.只不过缺省设置是60秒.
--//而前面sqlplus scott/xxxxx@book,既打开网络连接,有开启服务端进程.2者测试就很容易理解了.
--//理解这些,后面的测试就很容易理解.

--//session 2:
$ tail -f sqlnet.log listener.log
==> listener.log <==
21-NOV-2017 08:39:22 * service_update * book * 0
21-NOV-2017 08:42:12 * <unknown connect data> * (ADDRESS=(PROTOCOL=tcp)(HOST=192.168.100.40)(PORT=40923)) * establish * <unknown sid> * 12525
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
TNS-12525: TNS:listener has not received client's request in time allowed
TNS-12535: TNS:operation timed out
TNS-12606: TNS: Application timeout occurred

--//注意看下划线内容,sid=<unknown sid>,<unknown connect data>,端口号PORT=40923也能对上.
--//sqlnet.log没有相关输出.

--//也就是在监听配置listener.ora中的inbound_connect_timeout_监听器名是用户连接监听时的超时限制.
--// sqlnet.ora中SQLNET.INBOUND_CONNECT_TIMEOUT是等待用户认证超时的时间(注已经通过网络连接).

--//继续做一个测试说明问题(注:使用本地连接.不做任何操作)
$ date;sqlplus scott/xxxxx
Mon Nov 20 17:07:08 CST 2017
SQL*Plus: Release 11.2.0.4.0 Production on Mon Nov 20 17:07:08 2017
Copyright (c) 1982, 2013, Oracle. All rights reserved.
ERROR:
ORA-01017: invalid username/password; logon denied
Enter user-name:

$ ps -ef | grep oracleboo[k]
oracle 61056 61055 0 08:45 ? 00:00:00 oraclebook (DESCRIPTION=(LOCAL=YES)(ADDRESS=(PROTOCOL=beq)))

# lsof -P -n -i | grep 6105[56]
--//注意前面的连接不同,没有通过网络连接.

$ sleep 60
$ ps -ef | grep oracleboo[k] |
oracle 61056 61055 0 08:45 ? 00:00:00 oraclebook (DESCRIPTION=(LOCAL=YES)(ADDRESS=(PROTOCOL=beq)))

--//你可以发现这样的进程不会kill掉.也就是不通过网络这个参数不会生效.
--//理解以上测试就明白,实际上2个参数对应是不同的设置,一个针对监听,一个针对用户认证.

3.测试二:
--//修改sqlnet.ora加入:
SQLNET.INBOUND_CONNECT_TIMEOUT=30

--//修改listener.ora加入,并且重启监听:
INBOUND_CONNECT_TIMEOUT_LISTENER=10

$ lsnrctl stop ;sleep 1;lsnrctl start

# date;time telnet 192.168.100.78 1521
Tue Nov 21 08:52:52 CST 2017
Trying 192.168.100.78...
Connected to gxqyydg4 (192.168.100.78).
Escape character is '^]'.
Connection closed by foreign host.

real    0m10.015s
user    0m0.002s
sys     0m0.000s
--//使用telnet测试,测试是listener.ora设置参数INBOUND_CONNECT_TIMEOUT_LISTENER=10.

$ date;sqlplus scott/xxxxx@book
Tue Nov 21 08:54:29 CST 2017
SQL*Plus: Release 11.2.0.4.0 Production on Tue Nov 21 08:54:29 2017
Copyright (c) 1982, 2013, Oracle. All rights reserved.
ERROR:
ORA-01017: invalid username/password; logon denied
Enter user-name:

--//alter.log输出:
==> sqlnet.log <==
Tue Nov 21 08:54:59 2017
WARNING: inbound connection timed out (ORA-3136)

--//sqlnet.log输出:
==> sqlnet.log <==
***********************************************************************
Fatal NI connect error 12170.

VERSION INFORMATION:
        TNS for Linux: Version 11.2.0.4.0 - Production
        Oracle Bequeath NT Protocol Adapter for Linux: Version 11.2.0.4.0 - Production
        TCP/IP NT Protocol Adapter for Linux: Version 11.2.0.4.0 - Production
Time: 21-NOV-2017 08:54:59
Tracing not turned on.
Tns error struct:
    ns main err code: 12535
    TNS-12535: TNS:operation timed out
    ns secondary err code: 12606
    nt main err code: 0
    nt secondary err code: 0
    nt OS err code: 0
Client address: (ADDRESS=(PROTOCOL=tcp)(HOST=192.168.100.78)(PORT=54593))

--//时间相减就是30秒.说明这样测试网络连接的用户认证.
--//其它可以参考链接测试http://www.cnblogs.com/kerrycode/p/5224483.html,不再重复了.

总结:
我主要犯了一个概念上错误,认为这个参数INBOUND_CONNECT_TIMEOUT设置针对的超时认证是一样的东西,实际上2者存在不同.
一个表示等待用户认证超时的时间,一个表示等待用户连接请求超时的时间.
讲的通俗一点,一个针对监听,一个针对用户认证(网络连接已经确立).
另外一个文档看别人的文档还是跟认真一点,这样的错误就能很快发现.总之自己还是存在一些概念的混淆混乱...
我不知道还有什么方法认证这些参数测试!!