Tag Archives: example

Enable VNCR in Oracle RAC Database Listeners

Enable VNCR in Oracle RAC Database Listeners

VNCR stands for VALID NODE CHECKING REGISTRATION. It is introduced in 11204 by using this feature we protect listener from having remote/unknown instances registration.
To overcome the listener poising issue, we have to enable the VNCR setting for listeners.

Note:
1. Allow remote instances to register with a 12c listener, enable VNCR in the listener.ora.
2. Default disable in 11204 version.
3. Default enabled in 12102 version.
4. Changes effect only if you restart the Scan listener ( not reload).

Parameters and Value for configure the Valid node checking Registration

VALID_NODE_CHECKING_REGISTRATION_listener-name
Values: OFF/0 - Disable VNCR
ON/1/LOCAL - The default. Enable VNCR. All local machine IPs can register.
SUBNET/2 - All machines in the subnet are allowed registration.
Example:
VALID_NODE_CHECKING_REGISTRATION_LISTENER=1

REGISTRATION_INVITED_NODES_listener-name
Values: valid IPs, valid hosts, a subnet using CIDR notation (for ip4/6), or wildcard (*) for ipv4.
Example:
REGISTRATION_INVITED_NODES_Listener=(, 127.xx.yy.zz, 127.zz.y.*)

REGISTRATION_EXCLUDED_NODES_listener-name
the inverse of INVITED_NODES, list of IP defined in parameter which you don't want to register with listener.
Example:
REGISTRATION_EXCLUDED_NODES_listener=(, 129.xx.yy.zz, 129.zz.y.*)

Example of configure in 2 RAC node environment with 2 scan listeners

VALID_NODE_CHECKING_REGISTRATION_LISTENER=1

VALID_NODE_CHECKING_REGISTRATION_LISTENER_SCAN1=1
REGISTRATION_INVITED_NODES_LISTENER_SCAN1=(node1,node2)

VALID_NODE_CHECKING_REGISTRATION_LISTENER_SCAN2=1
REGISTRATION_INVITED_NODES_LISTENER_SCAN2=(node1,node2)

Note: use public IP’s of the nodes.

In Oracle 12c we have introduced following:
1. Srvctl command has option for [-invitednodes node_list] [-invitedsubnets subnet_list]

srvctl modify scan_listener {-update | -endpoints [TCP:]port[/IPC:key] [/NMP:pipe_name][/TCPS:s_port][/SDP:port] } [-invitednodes node_list] [-invitedsubnets subnet_list]

2. Introduced new parameter REMOTE_REGISTRATION_ADDRESS_
Parameter is used for SCAN listener to restrict registrations to the private network. Any system outside cannot connect. Value is OFF in non-SCAN listeners.

LSNRCTL>set current_listener LISTENER_SCAN1
LSNRCTL>show remote_registration_address

Example of Start and stop Scan listener

-- Check status of Scan listener
>srvctl status scan_listener -i 2
SCAN Listener LISTENER_SCAN2 is enabled
SCAN listener LISTENER_SCAN2 is running on node Node2
-- Stop the Scan Listener
>srvctl stop scan_listener -i 2
>srvctl status scan_listener -i 2
SCAN Listener LISTENER_SCAN2 is enabled
SCAN listener LISTENER_SCAN2 is not running
-- Start the Scan Listener
>srvctl start scan_listener -i 2
>srvctl status scan_listener -i 2
SCAN Listener LISTENER_SCAN2 is enabled
SCAN listener LISTENER_SCAN2 is running on node Node2

Advertisements