11gR2 RAC启用iptables导致节点宕机问题处理-Mysql Tutorial-php.cn

Home

Database

Mysql Tutorial

11gR2 RAC启用iptables导致节点宕机问题处理

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jun 07, 2016 pm 05:31 PM

iptables

在安装数据库时，绝大多数都是要求把selinux及iptables关闭，然后再进行安装的。但是在运营商的系统中，很多安全的因素，需要将现

通常，在安装数据库时，绝大多数都是要求把selinux及iptables关闭，然后再进行安装的。但是在运营商的系统中，很多安全的因素，需要将现网的数据库主机上的iptables开启的。

在开启iptables时就要注意了，比如一RAC中的hosts配置如下：
192.168.142.115 subsdb1
192.168.142.117 subsdb1-vip
10.0.0.115 subsdb1-priv
192.168.142.116 subsdb2
192.168.142.118 subsdb2-vip
10.0.0.116 subsdb2-priv
192.168.142.32 db-scan

那么理所当然的要将上面的IP都要放通的。但是在实际操作中，，已经放通了上面的IP，结果数据库一的个实例宕掉了。

看看数据库的alert日志：

Tue Aug 20 00:29:40 2013
IPC Send timeout detected. Sender: ospid 8284 [Oracle@subsdb2 (LMD0)]
Receiver: inst 1 binc 1740332689 ospid 15851
IPC Send timeout to 1.0 inc 10 for msg type 65521 from opid 12
Tue Aug 20 00:29:48 2013
IPC Send timeout detected. Sender: ospid 8276 [oracle@subsdb2 (PING)]
Receiver: inst 2 binc 1801834534 ospid 8276
Tue Aug 20 00:29:52 2013
Detected an inconsistent instance membership by instance 2
Errors in file /oracle/app/oracle/diag/rdbms/gdordb/GDORDB2/trace/GDORDB2_lmon_8282.trc (incident=784092):
ORA-29740: evicted by instance number 2, group incarnation 12
Incident details in: /oracle/app/oracle/diag/rdbms/gdordb/GDORDB2/incident/incdir_784092/GDORDB2_lmon_8282_i784092.trc
Use ADRCI or Support Workbench to package the incident.
See Note 411.1 at My Oracle Support for error and packaging details.
Errors in file /oracle/app/oracle/diag/rdbms/gdordb/GDORDB2/trace/GDORDB2_lmon_8282.trc:
ORA-29740: evicted by instance number 2, group incarnation 12
LMON (ospid: 8282): terminating the instance due to error 29740
Tue Aug 20 00:29:54 2013
ORA-1092 : opitsk aborting process
Tue Aug 20 00:29:54 2013
License high water mark = 29
Tue Aug 20 00:29:57 2013
System state dump requested by (instance=2, osid=8282 (LMON)), summary=[abnormal instance termination].
System State dumped to trace file /oracle/app/oracle/diag/rdbms/gdordb/GDORDB2/trace/GDORDB2_diag_8272.trc
Instance terminated by LMON, pid = 8282
USER (ospid: 31106): terminating the instance
Instance terminated by USER, pid = 31106

单纯从上面来看，初步可以断定是内部通信有问题，但是如何解决？
但再从数据库的alert和ASM实例的alert日志中都有这样的信息：
Private Interface 'bond2:1' configured from GPnP for use as a private interconnect.
[name='bond2:1', type=1, ip=169.254.148.209, mac=00-25-b5-00-00-67, net=169.254.0.0/16, mask=255.255.0.0, use=haip:cluster_interconnect/62]
Public Interface 'bond0' configured from GPnP for use as a public interface.
[name='bond0', type=1, ip=192.168.142.116, mac=00-25-b5-00-01-cb, net=192.168.142.0/24, mask=255.255.255.0, use=public/1]
Picked latch-free SCN scheme 3

从这个信息来看，RAC的内部通信还要用到net=169.254.0.0/16的IP，再从MOS Doc ID 1383737.1也有这样的说明，最后用ifconfig查到了RAC的两个节点中使用到的169网段的IP为：
169.254.122.59
169.254.148.209
在iptables中放通了这两个IP后，集群正常。

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

Assassin's Creed Shadows: Seashell Riddle Solution

1 months ago By DDD

What's New in Windows 11 KB5054979 & How to Fix Update Issues

3 weeks ago By DDD

Where to find the Crane Control Keycard in Atomfall

1 months ago By DDD

How to fix KB5055523 fails to install in Windows 11?

2 weeks ago By DDD

InZoi: How To Apply To School And University

3 weeks ago By DDD

Hot Tools

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

God-level code editing software (SublimeText3)

Hot Topics

Where is the login entrance for gmail email?

7755

Java Tutorial

1643

CakePHP Tutorial

1399

Laravel Tutorial

1293

PHP Tutorial

1234

Related knowledge

How to enable or disable firewall on Alpine Linux? Feb 21, 2024 pm 12:45 PM

On AlpineLinux, you can use the iptables tool to configure and manage firewall rules. Here are the basic steps to enable or disable the firewall on AlpineLinux: Check the firewall status: sudoiptables -L If the output shows rules (for example, there are some INPUT, OUTPUT, or FORWARD rules), the firewall is enabled. If the output is empty, the firewall is currently disabled. Enable firewall: sudoiptables-PINPUTACCEPTsudoiptables-POUTPUTACCEPTsudoiptables-PFORWARDAC

What is nftables? How is it different from iptables? Jun 09, 2023 pm 09:34 PM

What is nftables? How is it different from iptables? Almost every Linux administrator has used iptables, which is a firewall for Linux systems. But you may not be familiar with nftables, which is a new firewall that provides us with some necessary upgrades and may replace iptables. Why use nftables? nftables was developed by Netfilter, the organization that currently maintains iptables. nftables was created to solve some performance and scaling issues with iptables. In addition to the new syntax and some upgrades, nftables has the same functionality as iptab

iptables installation and configuration guide under Debian Feb 15, 2024 am 08:30 AM

In Linux systems, iptables is a tool used to configure and manage network packet filtering rules. It allows users to filter packets entering and leaving the network according to preset rules, thereby realizing network access control, packet forwarding, etc. Function, in Debian system, iptables is installed by default, but if it is not installed, you need to install it manually. This article will introduce how to install iptables under Debian and configure related rules. Install iptables1. Open the terminal and log in as root user. 2. Run the following command to install iptables: ```shellsudoapt-getupdatesudoapt-ge

Don't know how to use Linux firewall software IPtables! What kind of operation and maintenance person are you? Aug 01, 2023 pm 05:36 PM

Connection tracking is the basis of many web applications. For example, Kubernetes Service, ServiceMesh sidecar, software four-layer load balancer LVS/IPVS, Docker network, OVS, iptables host firewall, etc., all rely on the connection tracking function.

What is the difference between iptables and Firewalld firewall in Linux system? Feb 19, 2024 pm 05:18 PM

Both iptables and Firewalld in Linux systems are tools for configuring firewall rules. They have some differences in functions and usage methods: iptables: iptables is the most classic and traditional firewall tool in Linux systems. Early versions of Linux use iptables by default. As a firewall configuration tool. Iptables is based on the netfilter framework of the kernel space and filters and processes network data packets by directly operating the iptables rule table in the kernel. iptables uses the concepts of rule chains and tables to organize and manage firewall rules, such as the common filter

Detailed tutorial on Linux firewall configuration (iptables and firewalld). Feb 19, 2024 pm 12:36 PM

The following is a brief Linux firewall configuration tutorial, covering two commonly used firewall tools: iptables and firewalld. iptables is one of the most commonly used firewall tools on Linux, and firewalld is the default firewall management tool in CentOS7 and its derivatives. iptables firewall configuration: View current firewall rules: iptables -L -n Clear current firewall rules: iptables -F Allow inbound connections on specific ports: iptables-AINPUT-p--dport-jACCEPT For example, allow port 80 of the TCP protocol

In-depth analysis of how to use iptables under CentOS Jan 11, 2024 pm 05:27 PM

1: Introduction Firewalls, to put it bluntly, are used to implement access control functions under Linux. They are divided into two types: hardware or software firewalls. No matter which network you are in, the place where the firewall works must be at the edge of the network. Our task is to define how the firewall works. This is the firewall's strategy and rules, so that it can detect IP and data entering and exiting the network. Currently, the more common firewalls on the market include layer 3 and layer 4 firewalls, which are called network layer firewalls, and layer 7 firewalls, which are actually gateways at the proxy layer. For the seven-layer model of TCP/IP, we know that the third layer is the network layer, and the three-layer firewall will detect the source address and destination address at this layer. But for a seven-layer firewall, no

How to replace Iptables with Ipvs in a Kubernetes cluster Mar 02, 2024 am 11:58 AM

Everyone knows that in Kubernetes, kube-proxy is a network proxy. Its main responsibility is to provide load balancing and service discovery functions for services in the cluster. kube-proxy has different operating modes, among which iptables mode and ipvs mode are two common modes. In iptables mode, kube-proxy implements load balancing and service discovery through iptables rules, while ipvs mode uses the IPVS (IPVirtualServer) technology in the Linux kernel to achieve more efficient load balancing. Choosing the appropriate mode depends on your cluster's needs and performance requirements. iptables mode is suitable for small sets

See all articles