Oracle RAC VIP 和 SCAN IP
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/30219464/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Oracle RAC VIP and SCAN IPs
提问by user501307
I've read the Oracle RAC documentation a couple of times but SCAN and VIP are still confusing me. Can someone help me understand how this needs to be configured technically so that I can explain it my network admin.
我已多次阅读 Oracle RAC 文档,但 SCAN 和 VIP 仍然让我感到困惑。有人可以帮助我了解这需要如何在技术上进行配置,以便我可以向我的网络管理员解释。
VIP in Oracle RAC, should each VIP bind to the node or just require a DNS A record without allocating it to node1 or node2 and an entry in the host file? I know while performing Grid cluster installation Oracle will bind the VIP automatically, but should this be part of DNS assigned to one of the nodes or should it be free and unassigned?
Oracle SCAN IPs need to be created in DNS record; is this an A record to 3 IPs with reverse lookup or round robin way and this should not be part of hosts file?
Oracle RAC 中的 VIP,每个 VIP 应该绑定到节点还是只需要 DNS A 记录而不将其分配给 node1 或 node2 以及主机文件中的条目?我知道在执行网格集群安装时,Oracle 会自动绑定 VIP,但这应该是分配给其中一个节点的 DNS 的一部分,还是应该免费且未分配?
需要在 DNS 记录中创建 Oracle SCAN IP;这是使用反向查找或循环方式的 3 个 IP 的 A 记录,这不应该是主机文件的一部分吗?
I need to explain this to my network admin to add it on the DNS server.
我需要向我的网络管理员解释这一点,以将其添加到 DNS 服务器上。
回答by Mark J. Bobak
Ok, first, VIPs:
好的,首先,VIP:
A VIP is a Virtual IP address, and should be defined in DNS and notassigned to any host or interface. When you install GRID/ASM home, you'll specify the VIP names that were assigned in DNS. When Oracle Clusterware starts up, it will assign a VIP to each node in the cluster. The idea is, if a node goes down (crashes), clusterware can immediately re-assign that VIP to a new (surviving) node. This way, you avoid TCP timeout issues.
VIP 是虚拟 IP 地址,应在 DNS 中定义,不应分配给任何主机或接口。当您安装 GRID/ASM home 时,您将指定在 DNS 中分配的 VIP 名称。当 Oracle Clusterware 启动时,它会为集群中的每个节点分配一个 VIP。这个想法是,如果一个节点出现故障(崩溃),集群件可以立即将该 VIP 重新分配给一个新的(幸存的)节点。这样,您就可以避免 TCP 超时问题。
Next, SCAN:
接下来,扫描:
A SCAN (Single Client Access Name) is a special case of VIP. The SCAN should also be defined in DNS, and notassigned to any host or interface. There should be three IPs associated with the SCAN name in DNS, and the DNS entry should be defined so that one of the three IPs is returned each time DNS is queried, in a round robin fashion.
SCAN(单一客户端访问名称)是 VIP 的一种特殊情况。SCAN 也应该在 DNS 中定义,而不是分配给任何主机或接口。应该有三个与 DNS 中的 SCAN 名称相关联的 IP,并且应该定义 DNS 条目,以便每次查询 DNS 时都以循环方式返回三个 IP 之一。
At clusterware startup time, each of the three VIPs that make up the SCAN will be assigned to a different node in the cluster. (Except in the special case of a two node cluster, one of the nodes wil have a 2 SCAN VIPs assigned to it.) The point of the SCAN, is that no matter how many nodes are added to or removed from the cluster, all the Net Service Name definitions in your tnsnames.ora (or LDAP equivalent) will not need to ever change, because they all refer to the SCAN, which doesn't change, regardless of how many node additions or drops are made to the cluster.
在集群件启动时,组成 SCAN 的三个 VIP 中的每一个都将分配给集群中的不同节点。(除了在双节点集群的特殊情况下,其中一个节点会分配给它 2 个 SCAN VIP。) SCAN 的要点在于,无论在集群中添加或删除多少个节点,所有tnsnames.ora(或 LDAP 等价物)中的网络服务名称定义永远不需要更改,因为它们都指的是 SCAN,无论向集群添加或删除多少节点,SCAN 都不会改变。
For example, in the three node cluster, you may have:
例如,在三节点集群中,您可能有:
Physical and virtual hostnames/IPs assigned as follows:
物理和虚拟主机名/IP 分配如下:
Hostname Physical IP Virtual hostnmae Virtual IP
rac1 10.1.1.1 rac1-vip 10.1.1.4
rac2 10.1.1.2 rac2-vip 10.1.1.5
rac3 10.1.1.3 rac3-vip 10.1.1.6
Additionally, you may have the SCAN defined as:
rac-scanwith three IPs, 10.1.1.7, 10.1.1.8, 10.1.1.9. Again, the DNS definition would be defined so those IPs are served up in a round robin order.
此外,您可能必须定义为SCAN:
rac-scan有三个IP地址,10.1.1.7, 10.1.1.8, 10.1.1.9。同样,将定义 DNS 定义,以便以循环顺序提供这些 IP。
Note that the SCAN VIPs, Host VIPs, and the Physical IPs are all in the same subnet.
请注意,SCAN VIP、主机 VIP 和物理 IP 都在同一子网中。
Finally, though you didn't ask about it, to complete the picture, you'd also need one private, non-routable IP assigned per host, and that IP would be associated with the private interconnect. So, you ma have something like:
最后,尽管您没有询问,但要完成图片,您还需要为每个主机分配一个不可路由的私有 IP,并且该 IP 将与私有互连相关联。所以,你可能有这样的事情:
rac1-priv 172.16.1.1
rac2-priv 172.16.1.2
rac3-priv 171.16.1.3
Note that the '-priv' addresses should notbe in DNS, only in the /etc/hosts file of each host in the RAC cluster. (They are private, non-routable, and only clusterware will ever know about or use those addresses, so adding to DNS doesn't make sense.)
请注意,“-priv”地址不应在 DNS 中,而应在 RAC 集群中每台主机的 /etc/hosts 文件中。(它们是私有的、不可路由的,并且只有集群件会知道或使用这些地址,因此添加到 DNS 没有意义。)
Note also, that '-priv' and physical IP/hostname definitions should go in /etc/hosts, and the physical IPs and VIPs should be in DNS. So, physical IPs in both DNS and /etc/hosts, VIPs only in DNS, '-priv' addresses only in /etc/hosts.
还要注意,'-priv' 和物理 IP/主机名定义应该在 /etc/hosts 中,物理 IP 和 VIP 应该在 DNS 中。因此,DNS 和 /etc/hosts 中的物理 IP,DNS 中的 VIP,仅 /etc/hosts 中的“-priv”地址。
Hope that helps.
希望有帮助。
回答by davegreen100
- not entirely sure what you mean for this, i have each VIP address created in DNS as A records assigned to the hosts, and also record them in the hosts file as well.
- 不完全确定你的意思,我在 DNS 中创建了每个 VIP 地址作为分配给主机的 A 记录,并将它们也记录在主机文件中。
in answer to 2, you are correct, the SCAN IPs should not be in the hosts file. And yes 3 "A" records with reserve lookup will be enough (at least that's what has worked for me).
在回答 2 时,您是对的,SCAN IP 不应在主机文件中。是的,带有保留查找的 3 个“A”记录就足够了(至少这对我有用)。
these are my iptables entries
这些是我的 iptables 条目
Oracle ports
甲骨文端口
Allow access from other oracle RAC hosts
允许从其他 oracle RAC 主机访问
-A INPUT -m state --state NEW -p tcp -m iprange --src-range 172.28.1.90-172.28.1.97 -j ACCEPT -A INPUT -m state --state NEW -p tcp -m iprange --src-range 172.28.97.91-172.28.97.93 -j ACCEPT -A INPUT -m state --state NEW -p tcp -m iprange --src-range 192.168.28.91-192.168.28.93 -j ACCEPT
-A INPUT -m state --state NEW -p tcp -m iprange --src-range 172.28.1.90-172.28.1.97 -j ACCEPT -A INPUT -m state --state NEW -p tcp -m iprange --src -range 172.28.97.91-172.28.97.93 -j ACCEPT -A INPUT -m state --state NEW -p tcp -m iprange --src-range 192.168.28.91-192.168.28.93 -j ACCEPT
Allow Multicast
允许多播
-A INPUT -m state --state NEW -p udp -m iprange --src-range 172.28.1.90-172.28.1.97 -j ACCEPT -A INPUT -m state --state NEW -p udp -m iprange --src-range 172.28.97.91-172.28.97.93 -j ACCEPT -A INPUT -m state --state NEW -p udp -m iprange --src-range 192.168.28.91-192.168.28.93 -j ACCEPT
-A INPUT -m state --state NEW -p udp -m iprange --src-range 172.28.1.90-172.28.1.97 -j ACCEPT -A INPUT -m state --state NEW -p udp -m iprange --src -range 172.28.97.91-172.28.97.93 -j ACCEPT -A INPUT -m state --state NEW -p udp -m iprange --src-range 192.168.28.91-192.168.28.93 -j ACCEPT
Allow multicast
允许多播
-A INPUT -m pkttype --pkt-type multicast -j ACCEPT -A INPUT -s 224.0.0.0/24 -j ACCEPT -A INPUT -s 230.0.1.0/24 -j ACCEPT
-A 输入 -m pkttype --pkt-type 多播 -j 接受 -A 输入 -s 224.0.0.0/24 -j 接受 -A 输入 -s 230.0.1.0/24 -j 接受
I also needed to get our systems admin to give permissions a the firewall level to allow my nodes, their vips and the scan ips to connect via port 1521
我还需要让我们的系统管理员授予防火墙级别的权限,以允许我的节点、他们的 vips 和扫描 ips 通过端口 1521 连接
hope this helps
希望这可以帮助
