2017年5月份因永恒之蓝病毒全球大爆发后,很多用户依据建议关闭445等端口。
永恒之蓝简介如下:
Windows下中了该病毒后,会显示如下勒索信息:
使用RAC的部分用户参考如上建议,关闭了445等端口后,导致RAC节点2数据库服务及监听服务异常。
以下案例环境为AIX + Oracle RAC,交换机设置关闭了445/135/136/137端口后,RAC节点2数据库实例启动后一段时间会意外宕掉,且监听状态不正常(节点2vip failover到节点1,且无法relocate回来):
在节点2使用lsnrctl start启动监听后,数据库实例无法注册进监听。
使用srvctl start listener方式启动节点2监听报错,如下:
此时数据实例启动正常,但过段时间会自动宕掉:
节点2数据库实例宕掉时,数据库alert后台日志如下:
ri Oct 20 18:56:38 2017
Archived Log entry 33888 added for thread 2 sequence 12044 ID 0x55f4a99e dest 1:
Fri Oct 20 19:06:18 2017
IPC Send timeout detected. Receiver ospid 17760606 [
Fri Oct 20 19:06:18 2017
Errors in file /u01/app/oracle/diag/rdbms/orcl/orcl2/trace/orcl2_lms2_17760606.trc:
Fri Oct 20 19:06:43 2017
LMS2 (ospid: 17760606) has detected no messaging activity from instance 1
LMS2 (ospid: 17760606) issues an IMR to resolve the situation
Please check LMS2 trace file for more detail.
Fri Oct 20 19:06:43 2017
Suppressed nested communications reconfiguration: instance_number 1
Detected an inconsistent instance membership by instance 1
Fri Oct 20 19:06:44 2017
Received an instance abort message from instance 1
Please check instance 1 alert and LMON trace files for detail.
LMS0 (ospid: 17498214): terminating the instance due to error 481
Fri Oct 20 19:06:44 2017
System state dump requested by (instance=2, osid=17498214 (LMS0)), summary=[abnormal instance termination].
System State dumped to trace file /u01/app/oracle/diag/rdbms/orcl/orcl2/trace/orcl2_diag_18351566_20171020190644.trc
Dumping diagnostic data in directory=[cdmp_20171020190644], requested by (instance=2, osid=17498214 (LMS0)), summary=[abnormal instance termination].
Instance terminated by LMS0, pid = 17498214
建议交换机工程师重新开启心跳线交换机445/135/136/137端口后,重启OS后(单独重启db实例及监听都无法正常,未测试重启节点2CRS),两节点RAC状态正常,数据库、监听状态均正常。
建议:在特殊环境下,不能盲目关闭常用端口。如需调整,建议进行严格测试后再行实施。
且Oracle官方建议如下:
Oracle recommend that Dedicated redundant switches are highly recommended for the private interconnect due to the fact that deploying the private interconnect on a switch (even when using a VLAN) may expose the interconnect links to congestion and instability in the larger IP network topology.
And Oracle don't support close/disable ports on private network switch.