Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
JonnyV
Contributor
Jump to solution

policy push causes DB timeouts/drops/renegotiation on Oracle TNS 19100 and 1521 traffic

Problem:

We have been having issues with a DB performance impact after policy push since our upgrade to r80.30 (more than 4 months ago). We did not notice these issues in r77.30.

We eventually found document that seemed to match our behavior. https://packetpushers.net/sqlnet-a-k-a-oracle-tns-and-firewalls/

Observed behavior is as follows:

We push policy and begin to see an uptick in 19100 traffic from clients to server in new sessions. Typical traffic was appx 10 packets per minute, after push it jumped to almost 9k per min. We were unable to gather debug info from CP, because of the sheer volume of traffic would max out the CPUs and lock up the FW.

Solution:

Set 1521 and 19100 traffic at the service object to "keep connections open after policy has been installed"
We did not have to configure user.def or tables.def to address any OOS packets, as this just appears to be noise from the software load-balancing within Oracles TNS implementation.

1 Solution

Accepted Solutions
JonnyV
Contributor
Understood
For our environment setting it at the service object made more sense; since those services are not present on the perimeter firewalls.

View solution in original post

0 Kudos
2 Replies
PhoneBoy
Admin
Admin
You can also set it in global properties (I think) to keep all existing connections on a policy installation.
JonnyV
Contributor
Understood
For our environment setting it at the service object made more sense; since those services are not present on the perimeter firewalls.
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events