Enable VNCR in Oracle RAC Database Listeners
VNCR stands for VALID NODE CHECKING REGISTRATION. It is introduced in 11204 by using this feature we protect listener from having remote/unknown instances registration.
To overcome the listener poising issue, we have to enable the VNCR setting for listeners.
Note:
1. Allow remote instances to register with a 12c listener, enable VNCR in the listener.ora.
2. Default disable in 11204 version.
3. Default enabled in 12102 version.
4. Changes effect only if you restart the Scan listener ( not reload).
Parameters and Value for configure the Valid node checking Registration
VALID_NODE_CHECKING_REGISTRATION_listener-name
Values: OFF/0 - Disable VNCR
ON/1/LOCAL - The default. Enable VNCR. All local machine IPs can register.
SUBNET/2 - All machines in the subnet are allowed registration.
Example:
VALID_NODE_CHECKING_REGISTRATION_LISTENER=1
REGISTRATION_INVITED_NODES_listener-name
Values: valid IPs, valid hosts, a subnet using CIDR notation (for ip4/6), or wildcard (*) for ipv4.
Example:
REGISTRATION_INVITED_NODES_Listener=(, 127.xx.yy.zz, 127.zz.y.*)
REGISTRATION_EXCLUDED_NODES_listener-name
the inverse of INVITED_NODES, list of IP defined in parameter which you don't want to register with listener.
Example:
REGISTRATION_EXCLUDED_NODES_listener=(, 129.xx.yy.zz, 129.zz.y.*)
Example of configure in 2 RAC node environment with 2 scan listeners
VALID_NODE_CHECKING_REGISTRATION_LISTENER=1
VALID_NODE_CHECKING_REGISTRATION_LISTENER_SCAN1=1
REGISTRATION_INVITED_NODES_LISTENER_SCAN1=(node1,node2)
VALID_NODE_CHECKING_REGISTRATION_LISTENER_SCAN2=1
REGISTRATION_INVITED_NODES_LISTENER_SCAN2=(node1,node2)
Note: use public IP’s of the nodes.
In Oracle 12c we have introduced following:
1. Srvctl command has option for [-invitednodes node_list] [-invitedsubnets subnet_list]
srvctl modify scan_listener {-update | -endpoints [TCP:]port[/IPC:key] [/NMP:pipe_name][/TCPS:s_port][/SDP:port] } [-invitednodes node_list] [-invitedsubnets subnet_list]
2. Introduced new parameter REMOTE_REGISTRATION_ADDRESS_
Parameter is used for SCAN listener to restrict registrations to the private network. Any system outside cannot connect. Value is OFF in non-SCAN listeners.
LSNRCTL>set current_listener LISTENER_SCAN1
LSNRCTL>show remote_registration_address
Example of Start and stop Scan listener
-- Check status of Scan listener
>srvctl status scan_listener -i 2
SCAN Listener LISTENER_SCAN2 is enabled
SCAN listener LISTENER_SCAN2 is running on node Node2
-- Stop the Scan Listener
>srvctl stop scan_listener -i 2
>srvctl status scan_listener -i 2
SCAN Listener LISTENER_SCAN2 is enabled
SCAN listener LISTENER_SCAN2 is not running
-- Start the Scan Listener
>srvctl start scan_listener -i 2
>srvctl status scan_listener -i 2
SCAN Listener LISTENER_SCAN2 is enabled
SCAN listener LISTENER_SCAN2 is running on node Node2