Enable VNCR in Oracle RAC Database Listeners

Leave a reply

Enable VNCR in Oracle RAC Database Listeners

VNCR stands for VALID NODE CHECKING REGISTRATION. It is introduced in 11204 by using this feature we protect listener from having remote/unknown instances registration.
To overcome the listener poising issue, we have to enable the VNCR setting for listeners.

Note:
1. Allow remote instances to register with a 12c listener, enable VNCR in the listener.ora.
2. Default disable in 11204 version.
3. Default enabled in 12102 version.
4. Changes effect only if you restart the Scan listener ( not reload).

Parameters and Value for configure the Valid node checking Registration

VALID_NODE_CHECKING_REGISTRATION_listener-name
Values: OFF/0 - Disable VNCR
ON/1/LOCAL - The default. Enable VNCR. All local machine IPs can register.
SUBNET/2 - All machines in the subnet are allowed registration.
Example:
VALID_NODE_CHECKING_REGISTRATION_LISTENER=1

REGISTRATION_INVITED_NODES_listener-name
Values: valid IPs, valid hosts, a subnet using CIDR notation (for ip4/6), or wildcard (*) for ipv4.
Example:
REGISTRATION_INVITED_NODES_Listener=(, 127.xx.yy.zz, 127.zz.y.*)

REGISTRATION_EXCLUDED_NODES_listener-name
the inverse of INVITED_NODES, list of IP defined in parameter which you don't want to register with listener.
Example:
REGISTRATION_EXCLUDED_NODES_listener=(, 129.xx.yy.zz, 129.zz.y.*)

Example of configure in 2 RAC node environment with 2 scan listeners

VALID_NODE_CHECKING_REGISTRATION_LISTENER=1

VALID_NODE_CHECKING_REGISTRATION_LISTENER_SCAN1=1
REGISTRATION_INVITED_NODES_LISTENER_SCAN1=(node1,node2)

VALID_NODE_CHECKING_REGISTRATION_LISTENER_SCAN2=1
REGISTRATION_INVITED_NODES_LISTENER_SCAN2=(node1,node2)

Note: use public IP’s of the nodes.

In Oracle 12c we have introduced following:
1. Srvctl command has option for [-invitednodes node_list] [-invitedsubnets subnet_list]

srvctl modify scan_listener {-update | -endpoints [TCP:]port[/IPC:key] [/NMP:pipe_name][/TCPS:s_port][/SDP:port] } [-invitednodes node_list] [-invitedsubnets subnet_list]

2. Introduced new parameter REMOTE_REGISTRATION_ADDRESS_
Parameter is used for SCAN listener to restrict registrations to the private network. Any system outside cannot connect. Value is OFF in non-SCAN listeners.

LSNRCTL>set current_listener LISTENER_SCAN1
LSNRCTL>show remote_registration_address

Example of Start and stop Scan listener

-- Check status of Scan listener
>srvctl status scan_listener -i 2
SCAN Listener LISTENER_SCAN2 is enabled
SCAN listener LISTENER_SCAN2 is running on node Node2
-- Stop the Scan Listener
>srvctl stop scan_listener -i 2
>srvctl status scan_listener -i 2
SCAN Listener LISTENER_SCAN2 is enabled
SCAN listener LISTENER_SCAN2 is not running
-- Start the Scan Listener
>srvctl start scan_listener -i 2
>srvctl status scan_listener -i 2
SCAN Listener LISTENER_SCAN2 is enabled
SCAN listener LISTENER_SCAN2 is running on node Node2

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.