Today we will explore little more about SCAN listeners. The common question comes in mind like: How many SCAN listeners could be configured in a multi-node RAC environment? , How many SCAN listeners would actually be required and how many would be enough? Etc.
Let’s find out the answers for these common queries.
I am assuming that by now most of DBAs are pretty comfortable with SCAN listeners; in case need detailed explanation then following URL would a good choice to visit here. As usual, awesome documentation from Oracle for SCAN in 11g as well as 12c releases.
Basically SCAN Listeners are introduced to create another connection handler on top of existing node listeners to overcome the failover and load balancing issues till 11gR1 architecture for RAC. Till 11gR1 Node listeners were defined on VIPs to facilitate NACK (Negative Acknowledgement) to resolve the issue of TCP timeouts.
Pre 11gR2 database environments, clients may take up to 2 minutes to decide (on TCP level) a node is down. This is purely because of the TCP Timeouts, which can differ from platform to platform. These 2 minutes are unacceptable, and it was a good thing of Oracle to understand and address this issue. Oracle designed a virtual IP address to be assigned to the public interface. Under normal circumstances, the VIP will be located to its designated NIC, and the listener will be bound to this VIP. Whenever there is a need to failover the VIP to another node in the cluster, when clients want to connect to this VIP (due to tns alias addresses pointing to this VIP), the VIP will immediately respond (because it has failed over and the TCP stack is running against it), and the client is able to get negative acknowledgement (NACK) confirming that no listener is active at its designated port. Within few seconds the client will know and fail over to the alternative address in its TNS alias. This makes failover a lot faster.
From 11gR2 onwards oracle enhanced the administration as well as availability of database from client’s perspective, load balancing etc by introducing SCAN (Single Client Access Name). With SCAN, clients could use SCAN-NAME (resolved by 3 VIPs, for default configuration) rather than list of all rac nodes in connect string. By default SCAN listeners (defined on SCAN VIPs) created as first point which co-ordinate with Node Listeners (defined on VIPs), so even if failure of node scan listener running on that node (if any) would be relocated to any surviving node while available SCAN listeners would be serving as normal.
In practice any complex environment designed with multi-tier architecture involving connection handling via connection pool mechanism. It reduces connectivity time for application or web based end users. Normally 3 SCANs are capable enough to handle hundreds of new connections in a span of few seconds. Still if you feel that default 3 SCAN listeners are not enough for your environment then you have an option to add few more scan listeners. GNS based dynamic IP scheme still has no way to change number of SCAN listeners in your environment. Today we will elaborate the process of adding one extra scan listener in our DNS based static IP configuration.
It could be done in following simple steps without affectivng the availability of cluster:
1.Add additional unused IP from same subnet into DNS configuration for scan-name. pair
2.Restart dns named service
3.Update scan from cluster
4.Update scan_listener from cluster
5.Verify the changed configuration
6.Start newly added scan
7.Verify service registration on newly added listener_scan4 scan listener
Currently scan_name mask11gr2p-scan is resolved into pair of 3 IPs (192.168.2.211/212/213)
[root@maskdns ~]# nslookup mask11gr2p-scan
Server: 192.168.2.100
Address: 192.168.2.100#53
Name: mask11gr2p-scan.lgk.nmk
Address: 192.168.2.213
Name: mask11gr2p-scan.lgk.nmk
Address: 192.168.2.211
Name: mask11gr2p-scan.lgk.nmk
Address: 192.168.2.212
We have identified IP 192.168.2.220 from same subnet and added that against scan_name “mask11gr2p-scan.lgk.nmk”
[root@maskdns named]# grep -i 220 rev.lgk.nmk
220 IN PTR mask11gr2p-scan.lgk.nmk.
[root@maskdns named]# grep -i 220 for.lgk.nmk
mask11gr2p-scan.lgk.nmk. IN A 192.168.2.220
To reflect the changes we need to do restart of named service
[root@maskdns named]# service named restart
Stopping named: . [ OK ]
Starting named: [ OK ]
Now verify that scan name is getting resolved into 4 IPs:
[root@maskdns named]# nslookup mask11gr2p-scan
Server: 192.168.2.100
Address: 192.168.2.100#53
Name: mask11gr2p-scan.lgk.nmk
Address: 192.168.2.212
Name: mask11gr2p-scan.lgk.nmk
Address: 192.168.2.213
Name: mask11gr2p-scan.lgk.nmk
Address: 192.168.2.220
Name: mask11gr2p-scan.lgk.nmk
Address: 192.168.2.211
Check the current SCAN configuration to compare the pre-post changes
[root@mask11gr2p1.lgk.nmk] srvctl config scan
SCAN name: mask11gr2p-scan, Network: 1/192.168.2.0/255.255.255.0/eth0
SCAN VIP name: scan1, IP: /mask11gr2p-scan.lgk.nmk/192.168.2.211
SCAN VIP name: scan2, IP: /mask11gr2p-scan.lgk.nmk/192.168.2.212
SCAN VIP name: scan3, IP: /mask11gr2p-scan.lgk.nmk/192.168.2.213
Now login to database cluster with root and execute “srvctl modify scan –n < scan name>”
[root@mask11gr2p1.lgk.nmk] srvctl modify scan -n mask11gr2p-scan
Verify the configuration post change
[root@mask11gr2p1.lgk.nmk] srvctl config scan
SCAN name: mask11gr2p-scan, Network: 1/192.168.2.0/255.255.255.0/eth0
SCAN VIP name: scan1, IP: /mask11gr2p-scan.lgk.nmk/192.168.2.211
SCAN VIP name: scan2, IP: /mask11gr2p-scan.lgk.nmk/192.168.2.212
SCAN VIP name: scan3, IP: /mask11gr2p-scan.lgk.nmk/192.168.2.213
SCAN VIP name: scan4, IP: /mask11gr2p-scan.lgk.nmk/192.168.2.220
Check the current scan_listener configuration to compare the pre-post changes
[root@mask11gr2p1.lgk.nmk] srvctl config scan_listener
SCAN Listener LISTENER_SCAN1 exists. Port: TCP:1521
SCAN Listener LISTENER_SCAN2 exists. Port: TCP:1521
SCAN Listener LISTENER_SCAN3 exists. Port: TCP:1521
Now update the scan listener configuration by executing “srvctl modify scan_listener –u”
[root@mask11gr2p1.lgk.nmk] srvctl modify scan_listener -u
Verify the scan listener configuration post change
[root@mask11gr2p1.lgk.nmk] srvctl config scan_listener
SCAN Listener LISTENER_SCAN1 exists. Port: TCP:1521
SCAN Listener LISTENER_SCAN2 exists. Port: TCP:1521
SCAN Listener LISTENER_SCAN3 exists. Port: TCP:1521
SCAN Listener LISTENER_SCAN4 exists. Port: TCP:1521
Check the status of scan listener
[root@mask11gr2p1.lgk.nmk] srvctl status scan_listener
SCAN Listener LISTENER_SCAN1 is enabled
SCAN listener LISTENER_SCAN1 is running on node mask11gr2p2
SCAN Listener LISTENER_SCAN2 is enabled
SCAN listener LISTENER_SCAN2 is running on node mask11gr2p1
SCAN Listener LISTENER_SCAN3 is enabled
SCAN listener LISTENER_SCAN3 is running on node mask11gr2p1
SCAN Listener LISTENER_SCAN4 is enabled
SCAN listener LISTENER_SCAN4 is not running
Start the listener_scan4
[root@mask11gr2p1.lgk.nmk] srvctl start scan_listener -i 4
Check the status of scan listener
[root@mask11gr2p1.lgk.nmk] srvctl status scan_listener
SCAN Listener LISTENER_SCAN1 is enabled
SCAN listener LISTENER_SCAN1 is running on node mask11gr2p2
SCAN Listener LISTENER_SCAN2 is enabled
SCAN listener LISTENER_SCAN2 is running on node mask11gr2p1
SCAN Listener LISTENER_SCAN3 is enabled
SCAN listener LISTENER_SCAN3 is running on node mask11gr2p1
SCAN Listener LISTENER_SCAN4 is enabled
SCAN listener LISTENER_SCAN4 is running on node mask11gr2p2
We can see that services are able to get registered on 4th SCAN listener
[grid@@mask11gr2p1.lgk.nmk] lsnrctl status LISTENER_SCAN4
LSNRCTL for Linux: Version 11.2.0.3.0 – Production on 27-SEP-2013 15:24:01
Copyright (c) 1991, 2011, Oracle. All rights reserved.
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=LISTENER_SCAN4)))
STATUS of the LISTENER
————————
Alias LISTENER_SCAN4
Version TNSLSNR for Linux: Version 11.2.0.3.0 – Production
Start Date 25-AUG-2013 22:55:37
Uptime 01 days 11 hr. 28 min. 24 sec
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
Listener Parameter File /u01/app/oracle/product/11.2.0.3/crs/network/admin/listener.ora
Listener Log File /u01/app/oracle/product/11.2.0.3/crs/log/diag/tnslsnr/mask11gr2p1/listener_scan4/alert/log.xml
Listening Endpoints Summary…
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=LISTENER_SCAN4)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.2.220)(PORT=1521)))
Services Summary…
Service “MASKPRMY.LGK.NMK” has 2 instance(s).
Instance “MASKPRMY1“, status READY, has 1 handler(s) for this service…
Instance “MASKPRMY2“, status READY, has 1 handler(s) for this service…
The command completed successfully
In coming discussions we will explore more about SCAN Listeners & Node listeners and how connection load balancing, failover working in oracle cluster environment !!
Check our other post about how to protect your listeners from man-in-middle attack (TNS Poison Attack) using COST & VNCR.
Let’s find out the answers for these common queries.
I am assuming that by now most of DBAs are pretty comfortable with SCAN listeners; in case need detailed explanation then following URL would a good choice to visit here. As usual, awesome documentation from Oracle for SCAN in 11g as well as 12c releases.
Basically SCAN Listeners are introduced to create another connection handler on top of existing node listeners to overcome the failover and load balancing issues till 11gR1 architecture for RAC. Till 11gR1 Node listeners were defined on VIPs to facilitate NACK (Negative Acknowledgement) to resolve the issue of TCP timeouts.
Pre 11gR2 database environments, clients may take up to 2 minutes to decide (on TCP level) a node is down. This is purely because of the TCP Timeouts, which can differ from platform to platform. These 2 minutes are unacceptable, and it was a good thing of Oracle to understand and address this issue. Oracle designed a virtual IP address to be assigned to the public interface. Under normal circumstances, the VIP will be located to its designated NIC, and the listener will be bound to this VIP. Whenever there is a need to failover the VIP to another node in the cluster, when clients want to connect to this VIP (due to tns alias addresses pointing to this VIP), the VIP will immediately respond (because it has failed over and the TCP stack is running against it), and the client is able to get negative acknowledgement (NACK) confirming that no listener is active at its designated port. Within few seconds the client will know and fail over to the alternative address in its TNS alias. This makes failover a lot faster.
From 11gR2 onwards oracle enhanced the administration as well as availability of database from client’s perspective, load balancing etc by introducing SCAN (Single Client Access Name). With SCAN, clients could use SCAN-NAME (resolved by 3 VIPs, for default configuration) rather than list of all rac nodes in connect string. By default SCAN listeners (defined on SCAN VIPs) created as first point which co-ordinate with Node Listeners (defined on VIPs), so even if failure of node scan listener running on that node (if any) would be relocated to any surviving node while available SCAN listeners would be serving as normal.
In practice any complex environment designed with multi-tier architecture involving connection handling via connection pool mechanism. It reduces connectivity time for application or web based end users. Normally 3 SCANs are capable enough to handle hundreds of new connections in a span of few seconds. Still if you feel that default 3 SCAN listeners are not enough for your environment then you have an option to add few more scan listeners. GNS based dynamic IP scheme still has no way to change number of SCAN listeners in your environment. Today we will elaborate the process of adding one extra scan listener in our DNS based static IP configuration.
It could be done in following simple steps without affectivng the availability of cluster:
1.Add additional unused IP from same subnet into DNS configuration for scan-name. pair
2.Restart dns named service
3.Update scan from cluster
4.Update scan_listener from cluster
5.Verify the changed configuration
6.Start newly added scan
7.Verify service registration on newly added listener_scan4 scan listener
Currently scan_name mask11gr2p-scan is resolved into pair of 3 IPs (192.168.2.211/212/213)
[root@maskdns ~]# nslookup mask11gr2p-scan
Server: 192.168.2.100
Address: 192.168.2.100#53
Name: mask11gr2p-scan.lgk.nmk
Address: 192.168.2.213
Name: mask11gr2p-scan.lgk.nmk
Address: 192.168.2.211
Name: mask11gr2p-scan.lgk.nmk
Address: 192.168.2.212
We have identified IP 192.168.2.220 from same subnet and added that against scan_name “mask11gr2p-scan.lgk.nmk”
[root@maskdns named]# grep -i 220 rev.lgk.nmk
220 IN PTR mask11gr2p-scan.lgk.nmk.
[root@maskdns named]# grep -i 220 for.lgk.nmk
mask11gr2p-scan.lgk.nmk. IN A 192.168.2.220
To reflect the changes we need to do restart of named service
[root@maskdns named]# service named restart
Stopping named: . [ OK ]
Starting named: [ OK ]
Now verify that scan name is getting resolved into 4 IPs:
[root@maskdns named]# nslookup mask11gr2p-scan
Server: 192.168.2.100
Address: 192.168.2.100#53
Name: mask11gr2p-scan.lgk.nmk
Address: 192.168.2.212
Name: mask11gr2p-scan.lgk.nmk
Address: 192.168.2.213
Name: mask11gr2p-scan.lgk.nmk
Address: 192.168.2.220
Name: mask11gr2p-scan.lgk.nmk
Address: 192.168.2.211
Check the current SCAN configuration to compare the pre-post changes
[root@mask11gr2p1.lgk.nmk] srvctl config scan
SCAN name: mask11gr2p-scan, Network: 1/192.168.2.0/255.255.255.0/eth0
SCAN VIP name: scan1, IP: /mask11gr2p-scan.lgk.nmk/192.168.2.211
SCAN VIP name: scan2, IP: /mask11gr2p-scan.lgk.nmk/192.168.2.212
SCAN VIP name: scan3, IP: /mask11gr2p-scan.lgk.nmk/192.168.2.213
Now login to database cluster with root and execute “srvctl modify scan –n < scan name>”
[root@mask11gr2p1.lgk.nmk] srvctl modify scan -n mask11gr2p-scan
Verify the configuration post change
[root@mask11gr2p1.lgk.nmk] srvctl config scan
SCAN name: mask11gr2p-scan, Network: 1/192.168.2.0/255.255.255.0/eth0
SCAN VIP name: scan1, IP: /mask11gr2p-scan.lgk.nmk/192.168.2.211
SCAN VIP name: scan2, IP: /mask11gr2p-scan.lgk.nmk/192.168.2.212
SCAN VIP name: scan3, IP: /mask11gr2p-scan.lgk.nmk/192.168.2.213
SCAN VIP name: scan4, IP: /mask11gr2p-scan.lgk.nmk/192.168.2.220
Check the current scan_listener configuration to compare the pre-post changes
[root@mask11gr2p1.lgk.nmk] srvctl config scan_listener
SCAN Listener LISTENER_SCAN1 exists. Port: TCP:1521
SCAN Listener LISTENER_SCAN2 exists. Port: TCP:1521
SCAN Listener LISTENER_SCAN3 exists. Port: TCP:1521
Now update the scan listener configuration by executing “srvctl modify scan_listener –u”
[root@mask11gr2p1.lgk.nmk] srvctl modify scan_listener -u
Verify the scan listener configuration post change
[root@mask11gr2p1.lgk.nmk] srvctl config scan_listener
SCAN Listener LISTENER_SCAN1 exists. Port: TCP:1521
SCAN Listener LISTENER_SCAN2 exists. Port: TCP:1521
SCAN Listener LISTENER_SCAN3 exists. Port: TCP:1521
SCAN Listener LISTENER_SCAN4 exists. Port: TCP:1521
Check the status of scan listener
[root@mask11gr2p1.lgk.nmk] srvctl status scan_listener
SCAN Listener LISTENER_SCAN1 is enabled
SCAN listener LISTENER_SCAN1 is running on node mask11gr2p2
SCAN Listener LISTENER_SCAN2 is enabled
SCAN listener LISTENER_SCAN2 is running on node mask11gr2p1
SCAN Listener LISTENER_SCAN3 is enabled
SCAN listener LISTENER_SCAN3 is running on node mask11gr2p1
SCAN Listener LISTENER_SCAN4 is enabled
SCAN listener LISTENER_SCAN4 is not running
Start the listener_scan4
[root@mask11gr2p1.lgk.nmk] srvctl start scan_listener -i 4
Check the status of scan listener
[root@mask11gr2p1.lgk.nmk] srvctl status scan_listener
SCAN Listener LISTENER_SCAN1 is enabled
SCAN listener LISTENER_SCAN1 is running on node mask11gr2p2
SCAN Listener LISTENER_SCAN2 is enabled
SCAN listener LISTENER_SCAN2 is running on node mask11gr2p1
SCAN Listener LISTENER_SCAN3 is enabled
SCAN listener LISTENER_SCAN3 is running on node mask11gr2p1
SCAN Listener LISTENER_SCAN4 is enabled
SCAN listener LISTENER_SCAN4 is running on node mask11gr2p2
We can see that services are able to get registered on 4th SCAN listener
[grid@@mask11gr2p1.lgk.nmk] lsnrctl status LISTENER_SCAN4
LSNRCTL for Linux: Version 11.2.0.3.0 – Production on 27-SEP-2013 15:24:01
Copyright (c) 1991, 2011, Oracle. All rights reserved.
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=LISTENER_SCAN4)))
STATUS of the LISTENER
————————
Alias LISTENER_SCAN4
Version TNSLSNR for Linux: Version 11.2.0.3.0 – Production
Start Date 25-AUG-2013 22:55:37
Uptime 01 days 11 hr. 28 min. 24 sec
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
Listener Parameter File /u01/app/oracle/product/11.2.0.3/crs/network/admin/listener.ora
Listener Log File /u01/app/oracle/product/11.2.0.3/crs/log/diag/tnslsnr/mask11gr2p1/listener_scan4/alert/log.xml
Listening Endpoints Summary…
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=LISTENER_SCAN4)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.2.220)(PORT=1521)))
Services Summary…
Service “MASKPRMY.LGK.NMK” has 2 instance(s).
Instance “MASKPRMY1“, status READY, has 1 handler(s) for this service…
Instance “MASKPRMY2“, status READY, has 1 handler(s) for this service…
The command completed successfully
In coming discussions we will explore more about SCAN Listeners & Node listeners and how connection load balancing, failover working in oracle cluster environment !!
Check our other post about how to protect your listeners from man-in-middle attack (TNS Poison Attack) using COST & VNCR.
No comments:
Post a Comment