关于sqlnet.ora的参数SQLNET.INBOUND_CONNECT_TIMEOUT,它表示等待用户认证超时的时间,单位是秒,缺省值是60秒,如果用户认证超时了,服务器日志alert.log显示出错信息"WARNING: inbound connection timed out (ORA-3136)",sqlnet.log里面出现TNS-12535: TNS:operation timed out错误信息。
关于listener.ora的参数inbound_connect_timeout_监听器名,它表示等待用户连接请求超时的时间,单位是秒,缺省值是60秒,如果连接请求超时了,监听器日志listener.log显示出错信息"TNS-12525: TNS:listener has not received client's request in time allowed"。
其中sqlnet.ora里面的参数为SQLNET.INBOUND_CONNECT_TIMEOUT, listener.ora里面的参数设置为INBOUND_CONNECT_TIMEOUT_listener_name ,其中根据监听名字来替换listener_name。官方文档关于两者的介绍如下所示:
SQLNET.INBOUND_CONNECT_TIMEOUT parameter in sqlnet.ora on the database server
Specify the time, in seconds, for a client to connect with the database server and provide the necessary authentication information. If the client fails to establish a connection and complete authentication in the time specified, then the database server terminates the connection. In addition, the database server logs the IP address of the client and an ORA-12170: TNS:Connect timeout occurred error message to the sqlnet.log file. The client receives either an ORA-12547: TNS:lost contact or an ORA-12637: Packet receive failed error message.
INBOUND_CONNECT_TIMEOUT_listener_name in listener.ora
Specify the time, in seconds, for the client to complete its connect request to the listener after the network connection had been established.
If the listener does not receive the client request in the time specified, then it terminates the connection. In addition, the listener logs the IP address of the client and an ORA-12525: TNS:listener has not received client’s request in time allowed error message to the listener.log file
查看inbound_connect_timeout值
1:查看SQLNET.INBOUND_CONNECT_TIMEOUT的设置值,一般进入$ORACLE_HOME/network/admin下,查看sqlnet.ora参数文件即可。
2:查看监听INBOUND_CONNECT_TIMEOUT参数,可以查看listener.ora参数文件。但是有时候,例如默认情况,参数文件里面没有设置这个参数,或是有些动态监听没有配置listener.ora,那么可以使用lsnrctl命令查看,如下所示:
LSNRCTL> show
The following operations are available after show
An asterisk (*) denotes a modifier or extended command:
rawmode displaymode
rules trc_file
trc_directory trc_level
log_file log_directory
log_status current_listener
inbound_connect_timeout startup_waittime
snmp_visible save_config_on_stop
dynamic_registration
LSNRCTL> show inbound_connect_timeout
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1)))
LISTENER parameter "inbound_connect_timeout" set to 60
The command completed successfully
LSNRCTL>
设置SQLNET.INBOUND_CONNECT_TIMEOUT值
我们首先设置SQLNET.INBOUND_CONNECT_TIMEOUT为30秒,这个参数修改后立即生效,不需要做任何其它操作。
[oracle@DB-Server admin]$ vi sqlnet.ora
# sqlnet.ora Network Configuration File: /u01/app/oracle/product/10.2.0/db_1/network/admin/sqlnet.ora
# Generated by Oracle configuration tools.
NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)
SQLNET.INBOUND_CONNECT_TIMEOUT=30
C:\Users>sqlplus /@mytest
SQL*Plus: Release 11.2.0.1.0 Production on 星期日 2月 28 10:57:09 2016
Copyright (c) 1982, 2010, Oracle. All rights reserved.
ERROR:
ORA-01017: invalid username/password; logon denied
请输入用户名:
当30秒后,此时,在sqlnet.log里面就能看到新增了一条关于TNS-12535的错误记录,其中10.20.34.14是我客户端的IP地址。
告警日志里面你会看到WARNING: inbound connection timed out (ORA-3136)错误。有意思的是,监听日志里面你不会看到任何错误信息。(可以用了对比这两个参数的区别)
设置INBOUND_CONNECT_TIMEOUT_listener_name的值
这个参数可以通过lsnrctl命令设置,如下所示,当然最简单的还是设置listener.ora参数文件。这个参数也是立即生效,不需要重启监听。
LSNRCTL> show inbound_connect_timeout
NL-00853: undefined show command "inbound_connect—meout". Try "help show"
LSNRCTL> show inbound_connect_timeout
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1)))
LISTENER parameter "inbound_connect_timeout" set to 60
The command completed successfully
LSNRCTL> set inbound_connect_timeout 20
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1)))
LISTENER parameter "inbound_connect_timeout" set to 20
The command completed successfully
LSNRCTL> show inbound_connect_timeout
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1)))
LISTENER parameter "inbound_connect_timeout" set to 20
The command completed successfully
LSNRCTL>
此时我们用telnet来模拟用户连接请求超时的时间,如下所示,当超过20秒,就会自动退出
[root@test ~]# time telnet 192.168.9.124 1521
Trying 192.168.9.124...
Connected to 192.168.9.124 (192.168.9.124).
Escape character is '^]'.
Connection closed by foreign host.
real 0m20.019s
user 0m0.001s
sys 0m0.003s
此时在listener.log里面,你就能看到TNS-12525的错误,如下所示
28-FEB-2016 11:32:20 * <unknown connect data> * (ADDRESS=(PROTOCOL=tcp)(HOST=10.20.34.14)(PORT=38051)) * establish * <unknown sid> * 12525
TNS-12525: TNS:listener has not received client's request in time allowed
TNS-12535: TNS:operation timed out
TNS-12606: TNS: Application timeout occurred
注意:set inbound_connect_timeout只对当前环境生效,如果重启监听服务,则会失效,如下所示
LSNRCTL> set inbound_connect_timeout 18
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1)))
LISTENER parameter "inbound_connect_timeout" set to 18
The command completed successfully
LSNRCTL> reload
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1)))
The command completed successfully
LSNRCTL> show inbound_connect_timeout
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1)))
LISTENER parameter "inbound_connect_timeout" set to 60
The command completed successfully
此时需要使用命令set save_config_on_stop on保存配置信息,使其永远生效。但是我测试发现,动态监听也无法使用set save_config_on_stop on保存配置信息,需要修改配置文件(注意,修改listener.ora,需要重启监听使之生效)。如下所示
关于两者之间的关系,一般INBOUND_CONNECT_TIMEOUT_listener_name的值应该低于SQLNET.INBOUND_CONNECT_TIMEOUT的值,官方文档介绍如下,
When specifying values for these parameters, consider the following
recommendations:
Set both parameters to an initial low value.
Set the value of the INBOUND_CONNECT_TIMEOUT_listener_name parameter to a lower value than the SQLNET.INBOUND_CONNECT_TIMEOUT parameter.
For example, you can set INBOUND_CONNECT_TIMEOUT_listener_name to 2 seconds and INBOUND_CONNECT_TIMEOUT parameter to 3 seconds. If clients are unable to complete connections within the specified time due to system or network delays that are normal for the particular environment, then increment the time as needed.