永恒之蓝与Oacle RAC：Oracle不支持在心跳交换机上关闭任何端口

2017年5月份因永恒之蓝病毒全球大爆发后，很多用户依据建议关闭445等端口。

永恒之蓝简介如下：

Windows下中了该病毒后，会显示如下勒索信息：

使用RAC的部分用户参考如上建议，关闭了445等端口后，导致RAC节点2数据库服务及监听服务异常。

以下案例环境为AIX + Oracle RAC，交换机设置关闭了445/135/136/137端口后，RAC节点2数据库实例启动后一段时间会意外宕掉，

且监听状态不正常（节点2vip failover到节点1，且无法relocate回来）：

在节点2使用lsnrctl start启动监听后，数据库实例无法注册进监听。

使用srvctl start listener方式启动节点2监听报错，如下：

此时数据实例启动正常，但过段时间会自动宕掉：

节点2数据库实例宕掉时，数据库alert后台日志如下：

ri Oct 20 18:56:38 2017
Archived Log entry 33888 added for thread 2 sequence 12044 ID 0x55f4a99e dest 1:
Fri Oct 20 19:06:18 2017
IPC Send timeout detected. Receiver ospid 17760606 [
Fri Oct 20 19:06:18 2017
Errors in file /u01/app/oracle/diag/rdbms/orcl/orcl2/trace/orcl2_lms2_17760606.trc:
Fri Oct 20 19:06:43 2017
LMS2 (ospid: 17760606) has detected no messaging activity from instance 1
LMS2 (ospid: 17760606) issues an IMR to resolve the situation
Please check LMS2 trace file for more detail.
Fri Oct 20 19:06:43 2017
Suppressed nested communications reconfiguration: instance_number 1
Detected an inconsistent instance membership by instance 1
Fri Oct 20 19:06:44 2017
Received an instance abort message from instance 1
Please check instance 1 alert and LMON trace files for detail.
LMS0 (ospid: 17498214): terminating the instance due to error 481
Fri Oct 20 19:06:44 2017
System state dump requested by (instance=2, osid=17498214 (LMS0)), summary=[abnormal instance termination].
System State dumped to trace file /u01/app/oracle/diag/rdbms/orcl/orcl2/trace/orcl2_diag_18351566_20171020190644.trc
Dumping diagnostic data in directory=[cdmp_20171020190644], requested by (instance=2, osid=17498214 (LMS0)), summary=[abnormal instance termination].
Instance terminated by LMS0, pid = 17498214

建议交换机工程师重新开启心跳线交换机445/135/136/137端口后，重启OS后（单独重启db实例及监听都无法正常，未测试重启节点2CRS），两节点RAC状态正常，数据库、监听状态均正常。

建议：在特殊环境下，不能盲目关闭常用端口。如需调整，建议进行严格测试后再行实施。
且Oracle官方建议如下：
Oracle recommend that Dedicated redundant switches are highly recommended for the private interconnect due to the fact that deploying the private interconnect on a switch (even when using a VLAN) may expose the interconnect links to congestion and instability in the larger IP network topology. 
And Oracle don't support close/disable ports on private network switch.