发表于 2013-10-7 16:48:24
|
Hi there, it's been quite time ago since my last and only post on this site :-)
I should definitely make a blog and mantain it, if I never find the time.
Anyway, one frustrating things about Oracle RAC is that Oracle does not provide any support to implement a firewall on the nodes of a RAC cluster.
In some MOS document (notably RAC instabilities due to firewall (netfilter/iptables) enabled on the cluster interconnect [ID 554781.1]) it's simply stated that you should not run any cluster at all between the nodes.
Typical error on wrong firewall rules dropping interconnect traffic include the "IPC Send timeout detected" error in the db alert log, and can cause node eviction.
And what about iptables ?
You can put this rules on your INPUT chain to permit multicast traffic and trust all traffic from the interconnect interface(s) and the loopback:
iptables -A INPUT -m pkttype --pkt-type multicast -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i eth1 -j ACCEPT
Here I'm assuming you're running the RAC interconnect on eth1. |
QQ好友和群
QQ空间
腾讯微博
腾讯朋友
收藏
支持
反对