6
Configuring Net8

This chapter describes the following Net8 features for Sun SPARC Solaris:
Core Net8 Products and Features
Net8 Protocol Support
The BEQ Protocol
The IPC Protocol
The RAW Protocol
The TCP/IP Protocol
The APPC/LU6.2 Protocol
NIS Naming Support
Oracle Enterprise Manager
Configuring Oracle Intelligent Agent for Oracle SNMP
Oracle Advanced Security
Supplementary Documentation

Core Net8 Products and Features

This section describes core Net8 products and features.

Net8 Files and Utilities

Location of Net8 Configuration Files

The default directory for Net8 configuration files is /var/opt/oracle on Solaris.

Net8 searches for global files in the following order:

The directory specified by the environment variable, TNS_ADMIN, if set.
The /var/opt/oracle directory.
$ORACLE_HOME/network/admin.

To set the TNS_ADMIN environment variable in the startup files of all network users to specify the directory, enter:

For Bourne or Korn shell:

$ TNS_ADMIN=directory_path 
$ export TNS_ADMIN

For the C shell, enter:

% setenv TNS_ADMIN directory_name

For each system level configuration file, users may have a corresponding local private configuration file (stored in the user's home directory). The settings in the private file override the settings in the system level file. The private configuration file for sqlnet.ora is $HOME/.sqlnet.ora. The private configuration file for tnsnames.ora is $HOME/.tnsnames.ora. Syntax for these files is identical to that of the corresponding system files.

Sample Configuration Files

Examples of the cman.ora, listener.ora, names.ora, sqlnet.ora, and tnsnames.ora configuration files are located in
$ORACLE_HOME/network/admin/samples.

The adapters Utility

Net8 provides support for various network protocols and naming methods. They are linked into particular executables and provide the interface between network protocols and Net8. To display installed Net8 protocols, enter:

$ adapters

To display adapters linked with a specific executable, enter:

$ adapters executable

For example, to display the Net8 protocols linked with the oracle executable, enter:

$ adapters oracle

Net8 displays the following:

Net8 Protocol Adapters linked with oracle are:
BEQ Protocol Adapter
IPC Protocol Adapter
TCP/IP Protocol Adapter
RAW Protocol Adapter
Net8 Naming Adapters linked with oracle are:
Oracle TNS Naming Adapter
Oracle Naming Adapter
Oracle Advanced Security/Networking Security products linked with oracle are:

Oracle Connection Manager

Oracle Connection Manager (OCM) is a router through which a client connection request may be sent either to its next hop or directly to the database server. Clients who route their connection requests through a Connection Manager can then take advantage of the connection concentration, Net8 access control, or multi-protocol support features configured on that Connection Manager.

Oracle Connection Manager listens for incoming requests from clients and initiates connect requests to destination services. Oracle Connection Manager performs these tasks with the help of Oracle Connection Gateway Process and Oracle Connection Manager Administrative Process.

OCM also includes a feature which you can use to control client access to designated servers in a TCP/IP environment. By specifying certain filtering rules you may allow or restrict specific clients access to a server based on the following criteria:

Source host name(s) or IP address(es) for clients
Destination host name(s) or IP address(es) for servers
Destination database service name

Net8 Firewall Proxy

Some firewall vendors also offer Net8 Firewall Proxy, which is installed on firewalls requiring an application proxy. Net8 Firewall Proxy has the same access control functionality as Oracle Connection Manager.

See Also:
For information about the Oracle Connection Manager, see the Net8 Administrator's Guide.

Server Models

Net8 connections between clients and servers are established using two different models:

Multi-Threaded Server Model--The listener passes the connection to the dispatcher or redirects the clients to connect through a dispatcher.

In a multi-threaded server (MTS) configuration, client user processes connect to a dispatcher. A dispatcher can support multiple client connections concurrently. Each client connection is bound to a virtual circuit. A virtual circuit is a piece of shared memory used by the dispatcher for client database connection requests and replies. This approach enables a small pool of server processes to serve a large number of clients. A significant advantage of the MTS model over the dedicated server model is the reduction of the use of system resources, enabling the support of an increased number of users.
Dedicated Server Model--The listener starts a dedicated server and passes the connection to the dedicated server or redirects the clients to the dedicated.

In the dedicated server model, there is one server process for each client. In order for clients to connect to dedicated servers, the listener and the instance must be running on the same machine. Dedicated server processes require more memory than MTS.

See Also:
For more information about the Multi-Threaded Server, see the Net8 Administrator's Guide.

Oracle Names

Oracle Names uses Oracle proprietary software to store the names and addresses of all database services on a network. Clients wishing to connect to a server direct their connect requests to an Oracle Names server. Oracle Names servers resolve the name to a network address and return that information to the client.

Much like a caller who uses directory assistance to locate a telephone number, clients configured to use Oracle Names refer their connection requests to an Oracle Names server. The Oracle Names server attempts to resolve the service name provided by the client to a network address. If the Oracle Names server finds the network address, it then returns that information to the client. The client can then use that address to connect to the service.

See Also:
For information about Oracle Names, see the Net8 Administrator's Guide.

Net8 Protocol Support

The supported protocols for Net8 version 8.1.7 on Solaris are BEQ protocol, IPC protocol, RAW protocol, TCP/IP protocol, APPC/LU6.2 protocol.

Before installing the TCP/IP or APPC/LU6.2 protocols, the appropriate operating system software must be installed and configured. The BEQ and IPC Net8 protocols do not have any specific operating system requirements.

See Also:
Refer to Oracle 8i Installation Guide for Sun SPARC Solaris for requirements details.

ADDRESS Specification

The IPC, TCP/IP and APPC/LU6.2 Net8 protocols each have a protocol-specific ADDRESS specification that is used for Net8 configuration files and for the MTS_LISTENER_ADDRESS database initialization parameter in the initsid.ora file. See the ADDRESS specification heading under each protocol section in this chapter for details.

Table 6-1 shows a summary of ADDRESS specifications for each protocol.

Table 6-1 ADDRESS Specification Summary

Supported Protocol	ADDRESS Specification
BEQ	(ADDRESS = (PROTOCOL = BEQ) (PROGRAM = ORACLE_HOME/bin/oracle) (ARGV0 = oracleORACLE_SID) (ARGS = '(DESCRIPTION=(LOCAL=YES)(ADDRESS=(PROTOCOL=BEQ)))') (ENVS = 'ORACLE_HOME=ORACLE_HOME,ORACLE_SID=ORACLE_SID') )
IPC	(ADDRESS = (PROTOCOL=IPC) (KEY=key) )
RAW	N/A
TCP/IP	(ADDRESS = (PROTOCOL=TCP) (HOST=hostname) (PORT=port_id) )
APPC/LU6.2	(ADDRESS = (PROTOCOL=LU62) (TP_NAME=transaction_program_name) (LU_NAME=logical_unit_name) (MODE=mode_name) (PLU=partner_lu_name) )

The BEQ Protocol

The BEQ protocol is both a communications mechanism and a process-spawning mechanism. It requires that the client and server be on the same machine. If a net service name is not specified, either directly by the user on the command line or the Login screen or indirectly through an environment variable such as TWO_TASK, then the BEQ protocol is used. In which case, a dedicated server will always be used, and the multi-threaded server is never used. This dedicated server is started automatically by the BEQ protocol, which waits for the server process to start and attach to an existing SGA. If the startup of the server process is successful, the BEQ protocol then provides inter-process communication via UNIX pipes.

An important feature of the BEQ protocol is that no listener is required for its operation, since the protocol is linked into the client tools and directly starts its own server process with no outside interaction. However, the BEQ protocol can only be used when the client program and Oracle8i reside on the same machine. The BEQ protocol is always installed and always linked to all client tools and to the Oracle8i server.

The BEQ protocol connection parameters are part of the ADDRESS keyword-value pair. The ADDRESS is commonly part of a larger construct such as a connect descriptor or configuration file. You can enter the parameters in any order.

(ADDRESS =

(PROTOCOL = BEQ)
(PROGRAM = ORACLE_HOME/bin/oracle)
(ARGV0 = oracleORACLE_SID)
(ARGS = '(DESCRIPTION=(LOCAL=YES)(ADDRESS=(PROTOCOL=BEQ)))')
(ENVS = 'ORACLE_HOME=ORACLE_HOME,ORACLE_SID=ORACLE_SID')

)

Syntax for BEQ protocol connection parameters is described in Table 6-2.

Table 6-2 Syntax for BEQ Protocol Connection Parameters

PROTOCOL	Specifies the protocol to be used The value is `beq` and may be specified in either uppercase or lowercase.
PROGRAM	The full path to the `oracle` executable
ARGV0	The name of the process as it appears in a `ps` listing. The recommended value is `oracleORACLE_SID`.
ARGS	`'(DESCRIPTION=(LOCAL=YES)(ADDRESS=(PROTOCOL=BEQ)))'`
ENVS	Environment specification where ORACLE_HOME is the full path to the ORACLE_HOME directory of the database to connect, and ORACLE_SID is the system identifier of the database to connect.

Example of a BEQ ADDRESS:

(ADDRESS =

(PROTOCOL = BEQ)
(PROGRAM = /u01/app/oracle/product/8.1.7/bin/oracle)
(ARGV0 = oracleV815)
(ARGS = '(DESCRIPTION=(LOCAL=YES)(ADDRESS=(PROTOCOL=BEQ)))')
(ENVS = 'ORACLE_HOME=/u01/app/oracle/product/8.1.7,ORACLE_SID=V817')

)

The IPC Protocol

The IPC protocol is similar to the BEQ protocol in that it can only be used when the client program and the Oracle8i server reside on the same machine. The IPC protocol differs from the BEQ protocol in that it can be used with dedicated server and multi-threaded server configurations. The IPC protocol requires a listener for its operation. The IPC protocol is always installed and always linked to all client tools and to Oracle8i.

For the IPC protocol, the location of the UNIX Domain Socket file on UNIX systems changed after Oracle7 r7.1. Thus, if you have Oracle7 r7.1 installed on the same machine as Oracle8i and you attempt to make an IPC connection between the two instances, the connection may fail. The solution to this problem is to make a symbolic link between the directory where the IPC file used to be (/var/tmp/o) and where it now resides (/var/tmp/.oracle).

The IPC protocol connection parameters are part of the ADDRESS keyword-value pair. The ADDRESS is commonly part of a larger construct such as a connect descriptor or configuration file. You can enter the parameters in any order.

(ADDRESS=

(PROTOCOL=IPC)
(KEY=key)

)

Syntax for IPC protocol connection parameters is described in Table 6-3.

Table 6-3 Syntax for IPC Protocol Connection Parameters

PROTOCOL	Specifies that the IPC protocol is to be used The value is `ipc` and may be specified in either uppercase or lowercase.
KEY	Service name of database or database identifier (ORACLE_SID).

Example of an IPC ADDRESS:

(ADDRESS=

(PROTOCOL=IPC)
(KEY=PROD)

)

The RAW Protocol

When data is transferred between a client and a server, Net8 adds its own header information to every network packet. Through the Raw Transport feature, Net8 can now minimize header information on each packet going over the network.

After a connection is established, two types of information flow over the network: data and break handling. The connection packets need the Net8 header information to establish the connection correctly. However, after the connection is established, all data packets are stripped of their Net8 header information and passed directly to the operating system, bypassing Net8's network and protocol layers. The performance of the connection is increased because of fewer protocol stack layers for the data to flow through and fewer bytes that are transmitted over the network.

This feature is transparently turned on when it is appropriate. That is, if no existing features require that header information be transmitted, the headers are stripped off. In the case of encryption and authentication which require certain information to be sent along with each packet of information, Raw Transport would not be enabled.

This feature requires no configuration. Net8 determines if the conditions are met and then transparently switches to Raw Transport mode.

The TCP/IP Protocol

Oracle Corporation recommends that you reserve a port for your listener in the /etc/services file of each node on the network that defines the listener port. The port is commonly 1521. The entry list and the listener name and the port number; for example:

listener     1521/tcp

where listener is the name of the listener, as defined in listener.ora. You should reserve more than one port to start more than one listener.

Specifying a TCP/IP ADDRESS

The TCP/IP protocol connection parameters are part of the ADDRESS keyword-value pair. The ADDRESS is commonly part of a larger construct such as a connect descriptor or configuration file. You can enter the three parameters in any order.

(ADDRESS=

(PROTOCOL=TCP)
(HOST=hostname)
(PORT=port_id)

)

Syntax for TCP/IP protocol connection parameters is described in Table 6-4.

Table 6-4 Syntax for TCP/IP Protocol Connection Parameters

PROTOCOL	Specifies the protocol to be used The value can be uppercase or lowercase. The default is `tcp`.
HOST	The host name or the host IP address
PORT	The TCP/IP port. Either a number or the name specified in the `/etc/services` file. Oracle Corporation recommends a value of 1521.

Example of the TCP/IP address specifying a client on the MADRID host:

(ADDRESS=

(PROTOCOL=TCP)
(HOST=MADRID)
(PORT=1521)

)

The last field could be specified by name, for example, (PORT=listener).

The APPC/LU6.2 Protocol

The Oracle APPC/LU6.2 protocol is available on networks that use LU6.2 services for communication between Oracle programs. For example, APPC/LU6.2 allows TNS applications to use API as a standard interface.

Figure 6-1 shows the communication layers between Oracle programs using the LU6.2 communications services and the Oracle APPC/LU6.2 protocol:

Figure 6-1 Communication Layers between Oracle programs and LU6.2

Solaris 2.x-Specific Listener

Solaris 2.x does not support the generic listener. To bring up the listener on the server side, run the ntllsnr command.

ntllsnr start|stop -l luname -t tpname -m modename

Syntax for the ntllsnr command is explained in Table 6-5.

Table 6-5 Syntax for the ntllsnr Command

`luname`	in `tnsnames.ora`, this specifies the name for the remote partner LU. When this keyword appears in `listener.ora`, it specifies the name of the local LU. LU_NAME can be ignored on many platforms or overridden by the values in other parameters. Due to the requirements of some APPC/LU6.2 implementations, `luname` should always specify the fully qualified LU_NAME (that is, `netid.luname`).
`tpname`	specifies the name of the transaction program to run at the target or the transaction program name to use when listening for incoming connection requests.
`modename`	Defines the characteristics of sessions between logical units. The mode, along with the partner LU and the transaction program name, is specified in the ALLOCATE segments. The `modename` must be common to both the local and partner LU.

Specifying an APPC/LU6.2 ADDRESS

The APPC/LU6.2 protocol parameters are defined in a connect descriptor for each node. Each connect descriptor contains several keyword=value pairs. The APPC/LU6.2-specific keywords can be entered in any order within the connect descriptor.

(ADDRESS=

(PROTOCOL=LU62)
(TP_NAME=tpname)
(LU_NAME=luname)
(MODE=modename)
(PLU=partner_lu_name)

)

The syntax for the APPC/LU6.2 protocol connection is described in Table 6-6.

Table 6-6 Syntax for the APPC/LU6.2 Protocol

PROTOCOL	Specifies the protocol to be used. The value can be uppercase or lowercase. For APPC/LU6.2, the value is `lu62`.
TP_NAME	Specifies the name of the transaction program to run at the target or the transaction program name to use when listening for incoming connection requests. This value is required.
LU_NAME	With reference to `tnsnames.ora`, it specifies the name for the remote partner LU. When this keyword appears in `listener.ora`, it specifies the name of the local LU. LU_NAME can be ignored on many platforms or overridden by the values in other parameters. Due to the requirements of some APPC/LU6.2 implementations, LU_NAME should always specify the fully qualified LU_NAME (that is, `netid.lu_name`).
MODE	Defines the characteristics of sessions between logical units. The mode, along with the partner LU and the transaction program name, is specified in the ALLOCATE segments. The `modename` must be common to both the local and partner LU. This value is required.
PLU	Specifies the name of the partner LU. This value is required on Solaris, and can be set to the TP_NAME.

NIS Naming Support

Network Information Service (NIS) is Sun Microsystems' Yellow Pages (yp) client-server protocol for distributing system configuration data such as user and host names between computers on a network. Organizations and corporations already using NIS as part of their systems infrastructure have the option to store net service names and addresses in NIS, using NIS external naming.

For example, when a user gives a command such as

sqlplus scott/tiger@payroll

where "payroll" is an Oracle service, NIS external naming on the node running the client program (or server acting as a client program) contacts an NIS server located somewhere in the network, and passes the net service name to the NIS server. The NIS server resolves the net service name into a Net8 address and returns this address to the client program (or server acting as a client program). The client program then uses this address to connect to the Oracle database.

See Also:
For information about configuring the NIS external naming, see the Net8 Administrator's Guide.

Oracle Enterprise Manager

Agent Service Discovery and Auto-Configuration

The Oracle Intelligent Agent requires no configuration, unless you want to integrate it with a Simple Network Management Protocol (SNMP) system (see "Configuring Oracle Intelligent Agent for Oracle SNMP".)

See Also:
For information on Oracle Names and the Net8 Assistant, see the Net8 Administrator's Guide.

Debugging Tcl Scripts

The executable oratclsh is provided for debugging your Tcl scripts. Before executing oratclsh, set the environment variable TCL_LIBRARY to point to $ORACLE_HOME/network/agent/tcl.

See Also:
The Oracle Enterprise Manager Application Developer's Guide for additional details.

Configuring Oracle Intelligent Agent for Oracle SNMP

Although Oracle Intelligent Agent does not require Simple Network Management Protocol (SNMP) to work, Oracle SNMP support can be configured before starting the Intelligent Agent. Note that all the configuration files for the following steps are located in the $ORACLE_HOME/network/snmp/peer directory.

Configure Master Agent

In the CONFIG.master file, make the following change:

Search for the line beginning with MANAGER.
Change the ipaddr field, coded as 130.35.10.210, to the IP address or hostname of the machine where you want SNMP trap messages sent.

You can also make other changes to the CONFIG.master file as documented within the file.

Configure the Encapsulator

Add the following line to the snmpd.conf file:

trap hostname_or_IP_address

where hostname_or_IP_address represents the local machine's IP address.

In the CONFIG.encap file, you can optionally modify the port number, which is set to 1161 in the default file. If you modify the port number, you must also modify the port number for NEW_SNMPD_PORT in the start_peer script.

NEW_SNMPD_PORT is the port on which the snmpd agent (the native Sun SPARC Solaris SNMP agent) listens. Make sure this is the same port as specified in the CONFIG.encap file. NEW_TRAPD_PORT is the PEER encapsulator port to which the snmpd agent sends traps.

NEW_SNMPD_PORT and NEW_TRAPD_PORT in the start_peer script must have different port numbers. You may also modify the
NEW_TRAPD_PORT port number.

Verify start_peer Script

The start_peer script contains a line like the following:

SNMPD = snmpd_executable_path

If the snmpd executable on your system is not in the location indicated by the start_peer script, edit snmpd_executable_path to the correct location of the snmpd executable.

Start the SNMP Components

Perform the following steps to start the SNMP components:

Verify that the SNMP components, master_peer, encap_peer, and snmpd, are not running:
```
$ ps -aef | grep peer
```
$ ps -aef | grep snmp
- As the root user, run the start_peer script to start the PEER master agent, PEER encapsulator, and native Sun SPARC Solaris SNMP agent:
# cd $ORACLE_HOME/network/snmp/peer
# ./start_peer -a

Note:
If you do not have the native Sun SPARC Solaris SNMP agent on your system, you must not use the PEER encapsulator. To start the master agent only, run start_peer -m.
Verify that the SNMP components are running:
# ps -aef | grep peer # ps -aef | grep snmp
Configure and Start the Database Subagent

Configuration and startup of the database subagent (the Oracle Intelligent Agent) is described in the Oracle Enterprise Manager Configuration Guide.

Oracle Advanced Security

`.bak` Files

During Oracle Advanced Security installation, three.bak files are created: naeet.o.bak, naect.o.bak, and naedhs.o.bak. They are located in $ORACLE_HOME/lib. These files are required for relinking during Oracle Advanced Security de-install and should not be deleted.

Security and Single Sign-On

For more information about details on configuring Security and Single Sign-On, see the Oracle Advanced Security Administrator's Guide.

DCE Integration

For details on configuring DCE Integration, see the Oracle Advanced Security Administrator's Guide.

Supplementary Documentation

Table 6-7 shows the location of README files for various bundled products. The README files describe changes since the last release.

Table 6-7 Location of README Files for Oracle Products

Product	README File
Net8	`$ORACLE_HOME/network/doc/README.Net8`
Advanced Security Option	`$ORACLE_HOME/network/doc/README.ASO`
Oracle Intelligent Agent	`$ORACLE_HOME/network/doc/README.oemagent`

6 Configuring Net8