Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Nickel

policy push causes DB timeouts/drops/renegotiation on Oracle TNS 19100 and 1521 traffic

Jump to solution

Problem:

We have been having issues with a DB performance impact after policy push since our upgrade to r80.30 (more than 4 months ago). We did not notice these issues in r77.30.

We eventually found document that seemed to match our behavior. https://packetpushers.net/sqlnet-a-k-a-oracle-tns-and-firewalls/

Observed behavior is as follows:

We push policy and begin to see an uptick in 19100 traffic from clients to server in new sessions. Typical traffic was appx 10 packets per minute, after push it jumped to almost 9k per min. We were unable to gather debug info from CP, because of the sheer volume of traffic would max out the CPUs and lock up the FW.

Solution:

Set 1521 and 19100 traffic at the service object to "keep connections open after policy has been installed"
We did not have to configure user.def or tables.def to address any OOS packets, as this just appears to be noise from the software load-balancing within Oracles TNS implementation.

1 Solution

Accepted Solutions
Highlighted
Nickel
Understood
For our environment setting it at the service object made more sense; since those services are not present on the perimeter firewalls.

View solution in original post

0 Kudos
2 Replies
Highlighted
Admin
Admin
You can also set it in global properties (I think) to keep all existing connections on a policy installation.
Highlighted
Nickel
Understood
For our environment setting it at the service object made more sense; since those services are not present on the perimeter firewalls.

View solution in original post

0 Kudos