How to configure USE_SHARED_SOCKET on Windows NT/2000 [ID 124140.1]

  • msdnchina

    2011-07-28 14:57:39
  • Linux操作系统
  • 原创
How to configure USE_SHARED_SOCKET on Windows NT/2000 [ID 124140.1]
修改时间 13-APR-2011 类型 BULLETIN 状态 PUBLISHED

Applies to:

Oracle Net Services - Version: 8.0.6.3.0 to 11.2.0.2 - Release: 8.0.6 to 11.2
Generic Windows

Purpose

The Oracle Net or Net8 connection to an Oracle Database running on Windows NT, Windows 2000, or later operating system may redirect the Client to connect to a port number selected from the ephemeral port range (other than some exceptions as shown below in "Special Notes" section). Microsoft WINSOCK V1.1 API did not allow one process to pass a TCP socket to another process and as a result did not allow port sharing like on UNIX systems. In order to make Oracle connection to work in a firewall environment, the customers had to get a firewall that has a SQL*Net proxy built in or with the WINSOCK V2 API of Windows NT 4.0 (available with Service Pack#3), or Windows 2000 and later. This feature can be implemented in the Oracle Database by the use of the parameter "USE_SHARED_SOCKET" set in the Windows Registry.

Scope and Application

This bulletin is intended for database and network administrators who need to enable SQL*Net, Net8, or Oracle Net connections through a firewall to an Oracle Database running on the Windows operating system. This technique only involves the version 8.1 to 10.1 Oracle Database versions. From 10.2 onward the default changed to allow port sharing.

How to configure USE_SHARED_SOCKET on Windows NT/2000

As described in Note 66382.1 there are two ways to make the Oracle Database work in an environment using a firewall.
  1. Use a firewall that has a SQL*Net proxy built in. The SQL*Net proxy starts another listening process (usually on port 1610) that the Client connects to. It then proxies the connection to the Database and handles the port redirection from inside the firewall and does not trigger the rule that would restrict access. The firewall acts like, or is running Oracle Connection Manager (or Multi Protocol Interchange). A variant to this is to setup Connection Manager in between the Firewall and Database, and setup the Firewall to allow connections to Connection Manager. The firewall then does not need to be Oracle Net, or SQL*Net aware.
  2. The second way to resolve this issue is to upgrade the server to 8.0.x or higher and to set the USE_SHARED_SOCKET parameter in the registry in order to activate port sharing (default is set to TRUE in Oracle 10.2 and above). The parameter is available in Windows NT 4.0 (SP3 or higher), Windows 2000, and above as Winsock V2 support is enabled. With this parameter, it is also possible to use firewalls which only supports port filtering and has no SQL*Net proxy (at least for dedicated connections). Multi Threaded Server (MTS) still needs to redirect the connection to a dynamic port and therefore requires a SQL*Net proxy.
When the Oracle Database runs on the Windows operating system, port sharing can be activated by setting the parameter in either the system environment or through the Windows Registry. It is best to set this in the Windows Registry.
USE_SHARED_SOCKET = TRUE
Set the system's environment in Windows NT go to the Control Panel > System > Environment. In Windows 2000, and later, this is done also by the System button in the control panel, but environment variables are specified and found by clicking the "Advanced" button.

The parameter can also be set within the Windows registry under:

In Oracle release 8.0 HKEY_LOCAL_MACHINESOFTWAREORACLE

In Oracle release 8.1 HKEY_LOCAL_MACHINESOFTWAREORACLEHOME<#>

In Oracle release 9 or later HKEY_LOCAL_MACHINESOFTWAREORACLEKey_

Add these as a STRING_VALUE (right side of the registry window) and not a KEY (left side of the registry window).

Both methods require a shutdown and startup of the Oracle processes as the Registry is read when a process starts.

Troubleshooting notes

A successful configuration can be seen using the 'netstat -a' command from a Command Prompt. It should show all Client connections paired with the port the Listener is listening on.

C:>netstat -an
Active Connections
Proto  Local Address Foreign Address State
TCP    0.0.0.0:1521        0.0.0.0:0             LISTENING
TCP    198.51.100.9:1521   198.51.100.6:55769    ESTABLISHED
TCP    198.51.100.9:1521   198.51.100.91:13452   ESTABLISHED
TCP    198.51.100.9:1521   198.51.100.92:13203   ESTABLISHED
TCP    198.51.100.9:1521   198.51.100.92:13202   ESTABLISHED
TCP    198.51.100.9:1521   203.0.113.166:12331   ESTABLISHED
TCP    198.51.100.9:1521   203.0.113.10:12123    ESTABLISHED
TCP    198.51.100.9:1521   203.0.113.10:11252    ESTABLISHED
TCP    198.51.100.9:1521   192.0.2.22:14524      ESTABLISHED
TCP    198.51.100.9:1521   192.0.2.20:13524      ESTABLISHED
TCP    198.51.100.9:1521   192.0.2.102:13452     ESTABLISHED
TCP    198.51.100.9:1521   192.0.2.121:1342      ESTABLISHED

Enable Oracle Net client trace by setting following parameters in the client SQLNET.ORA

TRACE_LEVEL_CLIENT= 16
TRACE_DIRECTORY_CLIENT =
TRACE_FILE_DIRECTORY= [Insert code here]

By searching for the string 'port' in the trace file, the only port seen is the one specified.

Special Notes

  1. If using TCPS protocol or SSL, port re-direction will occur. Possible solutions are to use firewall vendor that supports Sqlnet or Net8 connectivity or to configure the Shared Server's Dispatcher port.
  2. For 10g and up, USE_SHARED_SOCKET is set to TRUE by default.

References

NOTE:131524.1 - Firewalls on Windows and UNIX - For Oracle versions 7.x, 8.0.x, 8.1.x
NOTE:66382.1 - Firewalls, Windows NT and Redirections

显示相关信息 相关的

产品
  • Oracle Database Products > Oracle Database > Net Services > Oracle Net Services
关键字
FIREWALL; NET8; REDIRECT; SQLNET; USE_SHARED_SOCKET; WIN2000; WINDOWS; WINNT
错误
ORA-12206; ORA-12203
[@more@]
请使用浏览器的分享功能分享到微信等