OraclDB_portsConfig

Need to verify something on oracle server ports running on RHEL or unix.

Listener defaults normally to 1521 always.

My understanding is that when a client software (sql*plus, oracle HTTP server, crystal reports, power builder application etc) try to connect to oracle, they talk to the listener first which establishes a connection to a server process randomly using ports 1021 - 65536. is this correct?

Does this mean we always have to leave this range of ports open in the firewall in addition to 1521 so that clients can communicate to oracle properly.

sam15Asked:
Who is Participating?
 
slightwv (䄆 Netminder) Commented:
>>i think you told me that is how oracle works before on unix..

I believed this to be the case from my Unix days.  I know it is the case in my older Windows Days.  I didn't know there was a port difference between the operating systems.

It appears I was mistaken from I have read recently.  I don't have any Unix left around to see if this is true or not so I have to go by what I read.

>>so this is only for windows? (not unix).

It appears so from my recent readings.

>>if it selects a random port how can we open that using firewall.

Back in the day, you need to open ALL the high level ports.  That was the problem.

Did you read the Support docs I provided?  They go into detail on this topic.
0
 
omarfaridCommented:
the client will connect to specific port number set in tnsnames.ora file
0
 
sam15Author Commented:
that is the initial connection to the listener (1521) but then i think it swtiches to anotehr port in the range i listed. I am wondering whether all these ports have to be open in the firewall.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
omarfaridCommented:
if you are sure of this behavior then use the range should be allowed in the firewall.
0
 
slightwv (䄆 Netminder) Commented:
>>server process randomly using ports 1021 - 65536. is this correct?

With 2 exceptions:
1: USE_SHARED_SOCKET

Starting in 11g, USE_SHARED_SOCKET is the 'default' so all connections will continue using the Listener port.  The random high-port is gone.

2: Configure Multi-Threaded-Server and you can reserve a blobk of ports.

>>I am wondering whether all these ports have to be open in the firewall.

They will need to be or the connection will fail if Oracle picks one of the blocked ports.  Some Firewalls claim to be able to automatically recognize an Oracle request and open the port for you then close it when no longer needed.



0
 
sam15Author Commented:
our database uses dedicated server.

so you are quite sure that oracle 11g by default wiill only use 1521 for all traffic communications even after the dedicated server process is allocated?

I also thought each client vendor can select different ports to talk to databases.
0
 
sam15Author Commented:
It seems this parameter only works in Windows server and you have to set it to TRUE (it is not default)

http://docs.oracle.com/cd/B28359_01/win.111/b32010/ap_net.htm

0
 
slightwv (䄆 Netminder) Commented:
>>seems this parameter only works in Windows server

I apologize.  In further reading looks like this is in fact a Windows only parameter.  Looks like port sharing is the default on *nix.  I haven't been around *nix for many years.

>>and you have to set it to TRUE (it is not default)

Maybe it was an 11gR2 change:

http://docs.oracle.com/cd/E11882_01/win.112/e10845/ap_net.htm#NTQRF667

The use of shared sockets is enabled by default, that is the default value of USE_SHARED_SOCKET is true

>>default wiill only use 1521 for all traffic communications even after the dedicated server process is allocated

First, you should never use the 'default' in production for anything.  Always pick a different port for the listener.

dedicated versus shared server is independent of the port(s) used.  The difference is what the listener hands you off to.  It is either a dedicated process or a dispatcher.
0
 
sam15Author Commented:
I did not follow you. Are you saying this is he default setting in 11gR2 on UNix box and all communications will be done on port 1521 for all connections. so there is no handing of connection to another port by listener.

I am not sure how this will work. My reading on oracle ports is that oracle has a default port and also has a port range for speicifc services. If the default port is used by some process or busy it automatically goes into the next port in range. If you do not have this option then would not this cause serious waits if all server processes are using port 1521.
0
 
slightwv (䄆 Netminder) Commented:
>>Are you saying this is he default setting in 11gR2 on UNix box

I believe you corrected me with USE_SHARED_SOCKET and it is only Windows.

I just posted that because you posted "you have to set it to TRUE (it is not default)".  I was pointing out that the 'default' changed in 11gR2.

According to the the following Support doc it was actually changed in 10.1.  Guess the docs never caught up:
Solving Firewall Problems on Windows [ID 68652.1]

>>so there is no handing of connection to another port by listener.

That is my understanding of how things now work and is only Windows.

Check out the following on Oracle Support:
Port 1521 Open on Firewall But Unable to Connect Due to Errors: ORA-12535,TNS-12203 [ID 361284.1]

>>My reading on oracle ports is that oracle has a default port and also has a port range for speicifc services

'specific services' is the key words here.  The listener is a specific service for a specific purpose.  It really doesn't have much to do with ports of other services.

0
 
sam15Author Commented:
i am still confused on this.

If i am installing 11g on RHEL and use USE_SHARED_SOCKET all i need ot TCP 1521 open in the firewall and all the client applications (sql*plus, crystal reports, etc) will work fine?

everyone will talk on 1521.
0
 
slightwv (䄆 Netminder) Commented:
>>RHEL and use USE_SHARED_SOCKET

Back up in http:#a37311362 you corrected a statement I made.  USE_SHARED_SOCKET is ONLY for Windows.

>>all i need ot TCP 1521 open in the firewall and all the client applications (sql*plus, crystal reports, etc) will work fine?

The way I read the docs.  As long as those applications make standard Oracle connect requests directly to the listener.

0
 
sam15Author Commented:
yes, but is not this only to request a connection from listener for a server process and then listener hands over the connection to a different port?

i do not hink i need to request 1021-65335 ports open. I only have 1 few hundred users and thinking that 100 ports like 1021 - 1121 should be sufficient. what do you think
0
 
slightwv (䄆 Netminder) Commented:
>>and then listener hands over the connection to a different port?

Not any more.  What is making you think this still works this way?

>>hundred users and thinking that 100 ports like 1021 - 1121

If, remember it doesn't any longer and it looks like it never did on Unix only Windows, Oracle still behaved this way, it chose a RANDOM port.  You cannot restrict a range unless you configured Multi-Threaded-Server.
0
 
sam15Author Commented:
i think you told me that is how oracle works before on unix.. Here is your comment

<<<At a high level oracle requests a connection on the listener port, 1521 is default but should be changed in production.
It then opens a random high port from 1021 to 65536 (give or take 1). Hands off the connection and uses the new port for the entire connection.>>

so this is only for windows? (not unix).

if it selects a random port how can we open that using firewall.
0
 
sam15Author Commented:
what you described is true for shared server with dispatchers or using database resident connection pooling (DRCP) with dedicated servers.

Using normal protocol for dedicated server - the client inherits the tcp/ip connection from the listener, there is no port switching.

this applies to both platforms: windows and unix.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.