使用 12c 和 19c 客户端时出现连接缓慢的问题，但在使用 11c 客户端时不会重现。

刘泽宇

现象：
19c client is slower then the 11g client. When trying to connect.


原因：
Delays waiting on DEV/RANDOM on the OS level.
We call security libraries on the OS side to obtain a random number for the use in the authentication process.

The entropy pool on the Os level is filled with IO typically generated with hardware devices like mice and keyboards. Virtual and headless systems may have a hard time keeping up with the demand.
When that pool is empty, the Oracle client will have to wait for it to proceed. This is why the wait time can vary from system to system.

Sqlnet level 16 tracing will show the exact point of delay to look out for in order to identify if this is your issue.


处理方法：
Using level 16 Sqlnet tracing you can find the delay here.

[25-JAN-2021 15:31:30:684] niotns: niotns: passing ns handle back up...
[25-JAN-2021 15:31:30:685] nsballoc: entry
[25-JAN-2021 15:31:30:685] nsbgetfl: entry
[25-JAN-2021 15:31:30:685] nsbgetfl: normal exit
[25-JAN-2021 15:31:30:685] nsballoc: normal exit
[25-JAN-2021 15:31:30:685] nsballoc: entry
[25-JAN-2021 15:31:30:685] nsbgetfl: entry
[25-JAN-2021 15:31:30:685] nsbgetfl: normal exit
[25-JAN-2021 15:31:30:685] nsballoc: normal exit
[25-JAN-2021 15:31:30:685] niotns: exit
[25-JAN-2021 15:31:31:413] nioqrc: entry
[25-JAN-2021 15:31:31:413] nsbasic_bsd: entry
[25-JAN-2021 15:31:31:413] nsbasic_bsd: tot=0, plen=39.
[25-JAN-2021 15:31:31:413] nsbasic_bsd: packet dump
[25-JAN-2021 15:31:31:413] nsbasic_bsd: 00 00 00 27 06 00 00 00 |...'....|
[25-JAN-2021 15:31:31:413] nsbasic_bsd: 00 00 01 06 05 04 03 02 |........|
[25-JAN-2021 15:31:31:413] nsbasic_bsd: 01 00 49 41 36 34 2F 48 |..IA64/H|
[25-JAN-2021 15:31:31:413] nsbasic_bsd: 50 55 58 20 36 34 2E 30 |PUX.64.0|
[25-JAN-2021 15:31:31:413] nsbasic_bsd: 2E 39 2E 30 2E 31 00 |.9.0.1. |
[25-JAN-2021 15:31:31:413] nsbasic_bsd: exit (0)

After niotns: niotns: passing ns handle back up.
After function nsballoc
And before sending that next authentication packet

Delay can vary from milliseconds to seconds depending on how low the entropy pool is on the OS level.
This is caused by a waiting for /DEV/RANDOM for a random number to be generated for use in the authentication process.

Delays in other locations do not qualify for this issue.

References
Bug 32242561 CLIENT CONNECTION DELAY DURING DEV/RANDOM LOOKUP ON CLIENT SIDE
And
Bug 36229662 : CLIENT SIDE DELAYS DURING ZT INIT FOR BATCH TCP CONNECTIONS


可用的处理方案：

Fine tune the entropy sources we will focus on

Set the FIPS environment value
FIPS_HOME=C:\ORACLE_HOME\NETWORK\ADMIN
The FIPS.ORA file will also be pulled from a default location if the ENVIRONMENT value is not set.
The FIPS.ORA file will be looked for in the $ORACLE_HOME/ldap/admin   directory

Create a FIPS.ORA file in that same location and add the single line

ORACLE_EXCLUDE_ENTROPY_SRCS= REGISTRY,PROC_INFO,IO,SCREEN,UI,PROC_LISTS

The most common vlaues to exclude are those that are limited due to headless server environment like
REGISTRY,PROC_INFO,IO,SCREEN,UI,PROC_LISTS