8 Oracle Connection Manager Parameters

This chapter provides a complete listing of the cman.ora file configuration parameters.

8.1 Overview of Oracle Connection Manager Configuration File

Oracle Connection Manager configuration information is stored in the cman.ora file.

Oracle Connection Manager Configuration File

Oracle Connection Manager configuration information consists of the following elements:

  • Protocol address of the Oracle Connection Manager listener

  • Access control parameters

  • Performance parameters

By default, the cman.ora file is located in the ORACLE_HOME/network/admin directory. You can also store the cman.ora file in the following locations:

  • The directory specified by the TNS_ADMIN environment variable or registry value.
  • On Linux and UNIX operating systems, the global configuration directory. For example, on the Oracle Solaris operating system, this directory is /var/opt/oracle.
  • ORACLE_BASE_HOME/network/admin directory.
  • ORACLE_HOME/network/admin directory.

Example 8-1 Sample cman.ora File

CMAN=
  (CONFIGURATION=
    (ADDRESS=(PROTOCOL=tcp)(HOST=proxysvr)(PORT=1521))
    (RULE_LIST=
      (RULE=(SRC=192.0.2.32/27)(DST=sales-server)(SRV=*)(ACT=accept))
        (ACTION_LIST=(AUT=on)(MCT=120)(MIT=30)))
      (RULE=(SRC=foo)(DST=hr-server)(SRV=cmon)(ACT=accept)))
    (PARAMETER_LIST=
      (MAX_GATEWAY_PROCESSES=8)
      (MIN_GATEWAY_PRCESSSES=3)
      (DIAG_ADR_ENABLED=ON)
      (ADR_BASE=/oracle/log)))

cman.ora File Sections

  • Listening address: Preceded by ADDRESS=, this section contains information pertinent to the listener. The ADDRESS parameter is required.

  • Rule list: Preceded by RULE_LIST=, this section contains rule information. TheRULE parameter is listed in the rule list section of the file. The RULE parameter is required.

  • Rule Group: Preceded by RULE_GROUP=, this section contains rule_list grouped by service names. You can use either the rule_group syntax or the rule_list syntax.

  • Parameter list: Preceded by PARAMETER_LIST=, this section contains all other parameters including those listed in " ADR Diagnostic Parameters for Oracle Connection Manager", and "Non-ADR Diagnostic Parameters for Oracle Connection Manager".

    The following parameters are allowed in the parameter list section of the cman.ora file. The default values are bold. To override the default setting for a parameter, enter the parameter and a nondefault value.

    ASO_AUTHENTICATION_FILTER={off | on}

    CONNECTION_STATISTICS={no | yes}

    EVENT_GROUP={init_and_term | memory_ops | conn_hdlg | proc_mgmt | reg_and_load | wake_up | timer | cmd_proc | relay}

    IDLE_TIMEOUT=0 or greater

    INBOUND_CONNECT_TIMEOUT=0 or greater. The default value is 60.

    LOG_DIRECTORY=log_directory. The default value is ORACLE_HOME/network/log.

    LOG_LEVEL={off | user | admin | support}

    MAX_CMCTL_SESSIONS= Any positive number. The default value is 4.

    MAX_CONNECTIONS= A value between 1 and 1024. The default value is 256.

    MAX_GATEWAY_PROCESSES= Any number greater than the minimum number of gateway processes up to 64. The default value is 16.

    MIN_GATEWAY_PROCESSES= Any positive number less than or equal to 64. Must be less than or equal to the maximum number of gateway processes. The default value is 2.

    OUTBOUND_CONNECT_TIMEOUT=0 or greater

    PASSWORD_instance_name= Value is the encrypted instance password, if one has been set. The default value is no value.

    SESSION_TIMEOUT=0 or greater

    TRACE_DIRECTORY=trace_directory. The default value is ORACLE_HOME/network/trace.

    TRACE_FILELEN= Any positive number. The default value is 0 (zero).

    TRACE_FILENO= Any positive number. The default value is 0 (zero).

    TRACE_LEVEL={off | user | admin | support}

    TRACE_TIMESTAMP={off | on}

    Note:

    You cannot add the parameter PASSWORD_instance_name directly to the cman.ora file. The parameter is added using the SAVE_PASSWD command.

Parameter List Section of a cman.ora File
(PARAMETER_LIST= 
      (ASO_AUTHENTICATION_FILTER=ON)
      (CONNECTION_STATISTICS=NO)
      (EVENT_GROUP=INIT_AND_TERM,MEMORY_OPS,PROCESS_MGMT)
      (IDLE_TIMEOUT=30)
      (INBOUND_CONNECT_TIMEOUT=30)
      (LOG_DIRECTORY=/home/user/network/admin/log)   
      (LOG_LEVEL=SUPPORT)
      (MAX_CMCTL_SESSIONS=6)
      (MAX_CONNECTIONS=512)
      (MAX_GATEWAY_PROCESSES=10)
      (MIN_GATEWAY_PROCESSES=4)
      (OUTBOUND_CONNECT_TIMEOUT=30)
      (SESSION_TIMEOUT=60)
      (TRACE_DIRECTORY=/home/user/network/admin/trace)
      (TRACE_FILELEN=100)
      (TRACE_FILENO=2)
      (TRACE_LEVEL=SUPPORT)
      (TRACE_TIMESTAMP=ON)
      (VALID_NODE_CHECKING_REGISTRATION=ON)
      (REGISTRATION_EXCLUDED_NODES = 10.1.26.*)
      (REGISTRATION_INVITED_NODES = 10.1.35.*)
)  

8.2 Oracle Connection Manager Parameters

This section lists and describes the following cman.ora file parameters:

8.2.1 ADDRESS

The ADDRESS networking parameter specifies the protocol address of Oracle Connection Manager.

Purpose

To specify the protocol address of Oracle Connection Manager.

Syntax

(ADDRESS=(PROTOCOL=protocol)(HOST=host_name)(PORT=port_number)

Usage Notes

You can tag Oracle Connection Manager addresses as admin endpoints. This is helpful in cases where you do not want to close all listening endpoints, so that Oracle Connection Manager Control utility continues to run admin commands using tagged listening endpoints. To do so, set the value of the ADMIN parameter to YES using the following syntax:
(ADDRESS=(PROTOCOL=protocol)(HOST=host_name)(PORT=port_number)(ADMIN=YES))

Example

(ADDRESS=(PROTOCOL=tcp)(HOST=sales-server)(PORT=1521)

Related Topics

8.2.2 ASO_AUTHENTICATION_FILTER

It is a networking parameter for Oracle Connection Manager. It instructs Oracle Connection Manager to check the connection requests for Secure Network Services (SNS).

Purpose

To specify whether Oracle Database security authentication settings must be used by the client.

Usage Notes

The global setting can be overridden by a rule-level setting in ACTION_LIST.

Values

  • on to instruct Oracle Connection Manager to reject connection requests that are not using Secure Network Services (SNS). SNS is part of Oracle Database security.

  • off to instruct Oracle Connection Manager not to check for SNS between the client and server. This is the default.

8.2.3 BANDWIDTH

Use the BANDWIDTH parameter to limit all the connections of a service to a specified value in bytes per second.

Purpose

To specify a limit on the number of bytes transmitted per second.

Usage Notes

You must include this parameter in the parameter_list section of the cman.ora file.

You must also set the cman.ora parameter MAX_BANDWIDTH_GROUP, which is a mandatory parameter to enable the bandwidth functionality.

Example

BANDWIDTH=524288

Related Topics

8.2.4 CLIENT_DN_RULE_MATCH

Use this parameter to enable filtering of Transport Layer Security (TLS) connections using DN_LIST in RULE_GROUP.

Purpose

A TLS connection is allowed only if there is a GROUP specified in RULE_GROUP for the requested service. This GROUP must be configured with DN_LIST.

Values

ON, OFF. By default the value is set to OFF.

Example


CLIENT_DN_RULE_MATCH=ON

8.2.5 COMPRESSION

The COMPRESSION parameter of the cman.ora file enables or disables data compression.

Purpose

To enable or disable data compression. If both the Oracle Connection Manager and the other end (server or client or Oracle Connection Manager) have this parameter set to ON, then compression is used for the connection.

Default

off

Values

  • on to enable data compression.

  • off to disable data compression.

Example

COMPRESSION=on

8.2.6 COMPRESSION_LEVELS

The COMPRESSION_LEVELS networking parameter of the cman.ora file specifies the CPU usage and compression ratio.

Purpose

To specify the compression level.

Usage Notes

The compression levels are used at the time of negotiation to verify which levels are used at both ends, and select one level.

Default

low

Values

  • low for low CPU usage and a low compression ratio.

  • high for high CPU usage and a high compression ratio.

Example 8-2 Example

COMPRESSION_LEVELS=high,low

8.2.7 COMPRESSION_THRESHOLD

The COMPRESSION_THRESHOLD parameter of the cman.ora file specifies the minimum data size for which compression is required.

Purpose

To specify the minimum data size, in bytes, for which compression is required.

Usage Notes

Compression is not be done if the size of the data to be sent is less than this value.

Default

1024 bytes

Example

COMPRESSION_THRESHOLD=1024

8.2.8 CONNECTION_STATISTICS

CONNECTION_STATISTICS networking parameter of the cman.ora file specifies whether the SHOW_CONNECTIONS command displays connection statistics.

Purpose

To specify whether the SHOW_CONNECTIONS command displays connection statistics.

Usage Notes

The global setting can be overridden by a rule-level setting in ACTION_LIST.

Values

  • yes to display statistics.

  • no to not display statistics. This is the default.

8.2.9 DN_LIST

Use this parameter to specify a list of common names (CN) that are allowed to connect to a service using Transport Layer Security (TLS).

Purpose

An incoming TLS connection is allowed only if the string provided in common name (CN) of the distinguished name (DN) matches with at least one value in the list of values provided in the DN_LIST parameter.

Usage Notes

DN_LIST is a comma separated list of common names. The values in the DN_LIST parameter is matched only when the client_dn_rule_match parameter is set to ON.

You must configure DN_LIST inside DESCRIPTION of the GROUP parameter.

Example


(GROUP =
     (DESCRIPTION = (NAME = service_name)(DN_LIST = phx,blr))
     (RULE_LIST =
     (RULE=...)
)

8.2.10 ENABLE_IP_FORWARDING

Use the cman.ora parameter ENABLE_IP_FORWARDING to forward client IP address to the database server.

Purpose

When set to ON, Oracle Connection Manager (CMAN) forwards the client source address as seen by it to the database server.

Usage Notes

In addition to the ENABLE_IP_FORWARDING parameter, you must set the TCP.ALLOWED_PROXIES parameter in the server-side sqlnet.ora file. The TCP.ALLOWED_PROXIES parameter specifies a list of the CMAN instances that can forward client address.

You can use the SYS_CONTEXT ('USERENV','IP_ADDRESS') function to query the forwarded client address details.

Values

  • ON | TRUE | YES | 1: To enable client address forwarding

  • OFF | FALSE | NO | 0: To disable client address forwarding

Default

OFF

Example

ENABLE_IP_FORWARDING=ON

8.2.11 EVENT_GROUP

EVENT_GROUP networking parameter of the cman.ora file specifies which event groups are logged.

Purpose

To specify which event groups are logged.

Usage Notes

Multiple events may be designated using a comma-delimited list.

Values

  • alert for alert notifications.

  • cmd_proc for command processing.

  • conn_hdlg for connection handling.

  • init_and_term for initialization and termination.

  • memory_ops for memory operations.

  • proc_mgmt for process management.

  • reg_and_load for registration and load update.

  • relay for events associated with connection control blocks.

  • timer for gateway timeouts.

  • wake_up for events related to Connection Manager Administration (CMADMIN) wake-up queue.

Note:

The event group ALERT cannot be turned off.

8.2.12 EXPIRE_TIME

The EXPIRE_TIME networking parameter of cman.ora file specifies a time interval, in minutes, to send a check to verify that client/gateway connections are active.

Purpose

To specify a time interval, in minutes, to send a check to verify that client/server connections are active.

Usage Notes

Setting a value greater than 0 ensures that connections are not left open indefinitely, due to an unusual client termination. If the system supports TCP keepalive tuning, then Oracle Net Services automatically uses the enhanced detection model, and tunes the TCP keepalive parameters

If the probe finds a terminated connection, or a connection that is no longer in use, then it returns an error, causing the server process to exit.

This parameter is primarily intended for the database server, which typically handles multiple connections at any one time.

Limitations on using this terminated connection detection feature are:

  • It is not allowed on bequeathed connections.

  • Though very small, a probe packet generates additional traffic that may downgrade network performance.

  • Depending on which operating system is in use, the server may need to perform additional processing to distinguish the connection probing event from other events that occur. This can also result in degraded network performance.

Values

  • 0: To disable terminated connection detection.

  • Any number greater than 0: To enable terminated connection detection. The number equals the time interval in minutes.

Default

0

Example 8-3 Example

EXPIRE_TIME=10

8.2.13 GROUP

Use the GROUP parameter to specify a rule_list for a service.

Purpose

This parameter is listed in the RULE_GROUP section of the cman.ora file preceded by RULE_GROUP= .

Syntax

 (GROUP =
       (DESCRIPTION = (NAME = service_name))
       (RULE_LIST =
         (RULE=...)
       )

Usage Notes

The service name (SRV =) in the rule should match the service_name specified in the NAME parameter. Alternatively, you can specify the service name using an asterisk *.

You can configure a DEFAULT_GROUP in RULE_GROUP. The rules that you specify in this section applies to those services that do not have an explicit GROUP. You do not need to specify DESCRIPTION inside a DEFAULT_GROUP.

Example


(RULE_GROUP=
     (GROUP =
       (DESCRIPTION = (NAME = sales.us.example.com))
       (RULE_LIST =
         (RULE=
         (SRC=client1-pc)
         (DST=sales-server)
         (SRV=*)
         (ACT=reject))
       )
     )
     (GROUP =
       (DESCRIPTION = (NAME = hr.us.example.com))
       (RULE_LIST =
         (RULE=
           (SRC=192.0.2.45)
           (DST=192.0.2.200)
           (SRV=*)
           (ACT=accept))
       )
     )
     (DEFAULT_GROUP =
       (RULE_LIST=
         (RULE=(SRC=*)(DST=*)(SRV=cmon)(ACT=accept)))
      )
   )

8.2.14 IDLE_TIMEOUT

The IDLE_TIMEOUT parameter of the cman.ora file specifies the time that an established connection can remain active without transmitting data.

Purpose

To specify the amount of time that an established connection can remain active without transmitting data.

Usage Notes

The global setting can be overridden by a rule-level setting in ACTION_LIST.

Values

  • 0 to disable the timeout. This is the default.

  • Any number greater than 0 to enable the timeout. The number equals the timeout period in seconds.

8.2.15 INBOUND_CONNECT_TIMEOUT

The INBOUND_CONNECT_TIMEOUT parameter of the cman.ora file specifies the time limit that the Oracle Connection Manager listener waits for a valid connection before timing out.

Purpose

To specify how long, in seconds, the Oracle Connection Manager listener waits for a valid connection from a client or another instance of Oracle Connection Manager.

Values

  • 60 sec is the default. Use value 0 to disable timeout.

  • Any number greater than 0 to enable the timeout. The number equals the timeout period in seconds.

Example

INBOUND_CONNECT_TIMEOUT=30

8.2.16 LOG_FILE_NUM

The LOG_FILE_NUM networking parameter of the cman.ora file specifies the number of log file segments.

Purpose

To specify the number of log file segments. At any point of time there can be only n log file segments where n is LOG_FILE_NUM and if the log grows beyond this number, then the older segments are deleted.

Default

No default. Number of segments grow indefinitely, if not specified or set to zero.

Value

Any integer value up to the maximum integer.

Example

LOG_FILE_NUM=3

8.2.17 LOG_FILE_SIZE

LOG_FILE_SIZE networking parameter of thecman.ora file specifies the size of each log file segment.

Purpose

To specify the size of each log file segment. The size is in MB.

Default

300 MB

Values

Any integer value.

Example 8-4 Example

LOG_FILE_SIZE=10

8.2.18 LOG_SUPPRESS_NODES

Use the cman.ora parameter LOG_SUPPRESS_NODES to specify the addresses for which you want to disable logging of health check errors in the Oracle Connection Manager (CMAN) log file.

Purpose

A CMAN frontend component, such as a load balancer, may perform periodic health checks by connecting to CMAN endpoint at the backend followed by immediately disconnecting from it. These health check operations generate error entries in the CMAN log file and are logged as connect failures. You can set this parameter to disable logging of such errors.

Usage Notes

Set this parameter in the PARAMETER_LIST section of the cman.ora file.

The list of addresses can include host names or CIDR notation for IPv4 and IPv6 addresses. The wildcard format (*) is supported for IPv4 addresses.

The presence of a host name in the list results in the inclusion of all IP addresses mapped to the host name. The host name must be consistent with the public network interface.

Value

LOG_SUPPRESS_NODES=(list of load balancer addresses)

list of load balancer addresses specifies valid nodes, subnet IP addresses, or names for which you want to disable logging.

Default

None

Example

LOG_SUPPRESS_NODES=(10.1.35.*, 10.1.34.0/24, 2001:DB8:fe38:7303, node1)

8.2.19 MAX_ALL_CONNECTIONS

The MAX_ALL_CONNECTIONS parameter of the cman.ora file specifies the maximum number of concurrent registration and client connection sessions that can be supported by Oracle Connection Manager.

Purpose

To specify the maximum number of concurrent registration and client connection sessions that can be supported by Oracle Connection Manager.

Usage Notes

This number includes registration connections from databases, and ongoing client connection establishment requests. After a connection is established, the clients do not maintain a connection to the listener. This limit only applies to client connections that are in the initial connection establishment phase from a listener perspective.

Default

Operating system-specific

Example

MAX_ALL_CONNECTIONS=40

8.2.20 MAX_BANDWIDTH_GROUP

Use the MAX_BANDWIDTH_GROUP parameter to specify the maximum number of services that can be configured.

Purpose

This parameter is mandatory to enable the bandwidth functionality.

Usage Notes

Configure this parameter to a value of maximum services that your system supports. Add this parameter in the parameter section of the cman.ora file.

You can also configure this parameter with an additional 20% to 100% buffer, depending upon how often the services are created and destroyed in the system.

Example

MAX_BANDWIDTH_GROUP=100

Related Topics

8.2.21 MAX_CMCTL_SESSIONS

The MAX_CMCTL_SESSIONS parameter of the cman.ora file specifies the maximum number of concurrent local or remote sessions.

Purpose

To specify the maximum number of concurrent local or remote sessions of the Oracle Connection Manager control utility allowable for a given instance.

Usage Notes

One of the sessions must be a local session.

Value

Any number of sessions can be designated.

Example

MAX_CMCTL_SESSIONS=6

8.2.22 MAX_CONNECTIONS

The MAX_CONNECTIONS parameter of the cman.ora file specifies the maximum number of connection slots that a gateway process can handle.

Purpose

To specify the maximum number of connection slots that a gateway process can handle.

Values

Any number in the range of 1 to 1024.

Default

The default value is 256.

Example

MAX_CONNECTIONS=100

8.2.23 MAX_GATEWAY_PROCESSES

The MAX_GATEWAY_PROCESSES parameter of the cman.ora file specifies the maximum number of gateway processes supported by Oracle Connection Manager.

Purpose

To specify the maximum number of gateway processes that an instance of Oracle Connection Manager supports.

Value

The number designated must be greater than the minimum number of gateway processes. The maximum is 64.

Default

The default value is 16.

Example

MAX_GATEWAY_PROCESSES=8

8.2.24 MAX_REG_CONNECTIONS

The MAX_REG_CONNECTIONS parameter of the cman.ora file specifies the maximum number of concurrent registration connection sessions that can be supported by Oracle Connection Manager.

Purpose

To specify the maximum number of concurrent registration connection sessions that can be supported by Oracle Connection Manager.

Default

512

Example

MAX_REG_CONNECTIONS=20

8.2.25 MIN_GATEWAY_PROCESSES

The MIN_GATEWAY_PROCESSES parameter of the cman.ora file specifies the minimum number of gateway processes supported by Oracle Connection Manager.

Purpose

To specify the minimum number of gateway processes that an instance of Oracle Connection Manager supports.

Value

Any number of sessions can be designated up to 64.

The value can be any positive number less than or equal to 64. Must be less than or equal to the maximum number of gateway processes.

Default

The default value is 2.

Example

MIN_GATEWAY_PROCESSES=4

8.2.26 NEXT_HOP

The NEXT_HOP parameter provides static routing of client connections from Oracle Connection Manager (Oracle CMAN).

Purpose

To specify a fixed address for Oracle CMAN to connect and to relay all client connection requests.

Usage Notes

This parameter contains the next hop address to which Oracle CMAN should connect to, whenever there is a client connection to it. This parameter provides static routing of client connections from Oracle CMAN and does not require service registration.

Values

You must specify this parameter in the CONFIGURATION section. Use description or address list to specify multiple addresses along with other characteristics such as load_balance and failover.

Default

Not enabled.

Example


CMAN=
(CONFIGURATION=
	(ADDRESS=(PROTOCOL=tcp)(HOST=proxysvr)(PORT=4555))
	(rule_list=(rule=(src=*)(dst=*)(srv=*)(act=accept)))     
	(PARAMETER_LIST=
	  (MAX_GATEWAY_PROCESSES=8)
	  (MIN_GATEWAY_PRCESSSES=3))
	(NEXT_HOP=(ADDRESS=(PROTOCOL=tcps)(HOST=proxysvr1)(PORT=1555)) 
     )

8.2.27 OUTBOUND_CONNECT_TIMEOUT

The OUTBOUND_CONNECT_TIMEOUT parameter of the cman.ora file specifies the time limit that the Oracle Connection Manager instance waits for a valid connection to be established before timing out.

Purpose

To specify the length of time in seconds that the Oracle Connection Manager instance waits for a valid connection to be established with the database server or with another Oracle Connection Manager instance.

Values

  • 60 to disable the timeout. This is the default.

  • Any number greater than 0 to enable the timeout. The number equals the timeout period in seconds.

Example

OUTBOUND_CONNECT_TIMEOUT=30

8.2.28 PASSWORD_instance_name

Purpose

To specify the encrypted instance password, if one has been set.

8.2.29 REGISTRATION_EXCLUDED_NODES

The Oracle Connection Manager parameter file (cman.ora) REGISTRATION_EXCLUDED_NODES specifies the list of nodes that cannot register with the listener.

Purpose

To specify the list of nodes that cannot register with the listener.

Usage Notes

The list can include host names or CIDR notation for IPv4 and IPv6 addresses. The wildcard format (*) is supported for IPv4 addresses. The presence of a host name in the list results in the inclusion of all IP addresses mapped to the host name. The host name should be consistent with the public network interface.

If the REGISTRATION_INVITED_NODES parameter and the REGISTRATION_EXCLUDED_NODES parameter are set, then the REGISTRATION_EXCLUDED_NODES parameter is ignored.

Values

Valid nodes and subnet IP addresses or names.

Example

REGISTRATION_EXCLUDED_NODES = 10.1.26.*, 10.16.40.0/24, \
                                       2001:DB8:3eff:fe38, node2

8.2.30 REGISTRATION_INVITED_NODES

The Oracle Connection Manager parameter file (cman.ora) REGISTRATION_EXCLUDED_NODES parameter specifies the list of node that can register with the listener.

Purpose

To specify the list of node that can register with the listener.

Usage Notes

The list can include host names or CIDR notation for IPv4 and IPv6 addresses. The wildcard format (*) is supported for IPv4 addresses. The presence of a host name in the list results in the inclusion of all IP addresses mapped to the host name. The host name should be consistent with the public network interface.

If the REGISTRATION_INVITED_NODES parameter and the REGISTRATION_EXCLUDED_NODES parameter are set, then the REGISTRATION_EXCLUDED_NODES parameter is ignored.

Values

Valid nodes and subnet IP addresses or names.

Example

REGISTRATION_INVITED_NODES = 10.1.35.*, 10.1.34.0/24, \
                                      2001:DB8:fe38:7303, node1

8.2.31 REST_ADDRESS

Use the REST_ADDRESS parameter to configure REST endpoint hostname and port. Oracle CMAN listens to tcps endpoint based on the specified hostname and port.

Usage Notes

Add the REST_ADDRESS attribute under the parameter_list of the cman.ora file.

Syntax

REST_ADDRESS=host name:port

Example

REST_ADDRESS=cman_host:1524

8.2.32 RULE

The RULE parameter of the cman.ora file specifies an access control rule list to filter incoming connections.

Purpose

To specify an access control rule list to filter incoming connections.

Usage Notes

A rule list specifies which connections are accepted, rejected, or dropped.

If no rules are specified, then all connections are rejected.

The source and destination can be a host name, IP address, or subnet mask.

There must be at least one rule for client connections and one rule for CMCTL connections. Omitting one or the other results in the rejection of all connections for the rule type omitted. The last rule in the example that follows is a CMCTL rule.

Oracle Connection Manager does not support wildcards for partial IP addresses. If you use a wildcard, then use it in place of a full IP address. The IP address of the client may, for example, be (SRC=*).

Oracle Connection Manager supports only the /nn notation for subnet addresses. In the first rule in Example “Sample cman.ora File”, /27 represents a subnet mask that comprises 27 left-most bits.

Values

This parameter is listed in the rule list section of the cman.ora file preceded by RULE_LIST=.

Syntax

(RULE_LIST=
  (RULE=
    (SRC=host)
    (DST=host)
    (SRV=service_name)
    (ACT={accept|reject|drop})
    (ACTION_LIST=AUT={on|off}
    ((CONN_STATS={yes|no})(MCT=time)(MIT=time)(MOCT=time)))
  (RULE= ...))

Additional Parameters

The RULE parameter filters a connection or group of connections using the following parameters:

SRC: The source host name or IP address of the client.

DST: The destination server host name or IP address of the database server.

SRV: The database service name of Oracle Database obtained from the SERVICE_NAME parameter in the initialization parameter file.

ACT: The action for the connection request. Use accept to accept incoming requests, reject to reject incoming requests, or drop to reject incoming requests without sending an error message.

ACTION_LIST: The rule-level parameter settings for some parameters. These parameters are as follows:

  • AUT: Oracle Database security authentication on client side.

  • CONN_STATS: Log input and output statistics.

  • MCT: Maximum connect time.

  • MIT: Maximum idle timeout.

  • MOCT: Maximum outbound connect time.

Rule-level parameters override their global counterparts.

Example

(RULE_LIST=
  (RULE=
    (SRC=client1-pc)
    (DST=sales-server)
    (SRV=sales.us.example.com)
    (ACT=reject))
  (RULE=
    (SRC=192.0.2.45)
    (DST=192.0.2.200)
    (SRV=db1)
    (ACT=accept))
  (RULE=
    (SRC=sale-rep)
    (DST=sales1-server)
    (SRV=cmon)
    (ACT=accept)))

8.2.33 SDU

Use the SDU parameter to specify the session data unit (SDU) size for connections.

Purpose

To specify the SDU size, in bytes, for connections

Usage Notes

Oracle Connection Manager can negotiate large SDU with client and server when configured. When the configured values of client, database server, and Oracle Connection Manager do not match for a session, the least value of all the three values is used.

Default

8192 bytes (8 KB)

Value

512 to 2097152 bytes

Example

SDU=32768

8.2.34 SERVICE_RATE

The SERVICE_RATE parameter of cman.ora file specifies incoming connection rate that is allowed per service for an instance.

Purpose

To specify incoming connection rate that is allowed per service for an instance.

Usage Notes

Any user-specified value greater than 0 sets the maximum limit on the number of new connections per service-instance handled by the proxy listener every second. Listener rejects connections after it reaches the maximum limit. Client side connection failure is reported with “TNS:listener: rate limit reached”.

Values

  • 0 to disable service rate limit. This is the default.

  • Any number greater than 0 to enable service rate limit.

Example 8-5 Example

SERVICE_RATE=10

8.2.35 SESSION_TIMEOUT

The SESSION_TIMEOUT parameter of the cman.ora file specifies the maximum time in seconds allowed for a user session.

Purpose

To specify the maximum time in seconds allowed for a user session.

Usage Notes

The global setting can be overridden by a rule-level setting in ACTION_LIST.

Values

  • 0 to disable the timeout. This is the default.

  • Any number greater than 0 to enable the timeout. The number equals the timeout period in seconds.

Example

SESSION_TIMEOUT=60

8.2.36 SSL_CIPHER_SUITES

Use the SSL_CIPHER_SUITES parameter to control the combination of authentication, encryption, and data integrity algorithms used by Transport Layer Security (TLS).

Purpose

To control the combination of authentication, encryption, and data integrity algorithms used by TLS. By default, the strongest protocol and cipher are negotiated between the database client and server. Setting this parameter will override the default behavior. You must use this parameter only if you have internal security controls that dictate the usage of certain protocol versions.

Usage Notes

Starting with Oracle Database 21c, Transport Layer Security protocol version 1.0 (TLS 1.0) and 1.1 (TLS 1.1) are deprecated.

In accordance with security best practices, Oracle has deprecated the use of TLS 1.0 and TLS 1.1. To meet your security requirements, Oracle strongly recommends that you use TLS 1.2 instead.

Enclose the SSL_CIPHER_SUITES parameter value in parentheses. Otherwise, the cipher suite setting does not parse correctly.

Default

None

Values

Approved ciphers compatible with TLS 1.2:
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
  • TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
Deprecated ciphers compatible with TLS 1.2:
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
  • TLS_RSA_WITH_AES_256_GCM_SHA384
  • TLS_RSA_WITH_AES_256_CBC_SHA256
  • TLS_RSA_WITH_AES_128_GCM_SHA256
  • TLS_RSA_WITH_AES_128_CBC_SHA256
  • TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
  • TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
  • TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
  • TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
  • TLS_DH_anon_WITH_AES_256_GCM_SHA384
  • TLS_DH_anon_WITH_AES_128_GCM_SHA256
Deprecated ciphers compatible with TLS 1.0, TLS 1.1, and TLS 1.2:
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
  • TLS_RSA_WITH_AES_256_CBC_SHA
  • TLS_RSA_WITH_AES_128_CBC_SHA
  • TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
  • TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
  • TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
  • TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA
  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA
  • TLS_ECDHE_RSA_WITH_RC4_128_SHA
  • TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
  • TLS_ECDH_RSA_WITH_RC4_128_SHA
  • TLS_ECDH_ECDSA_WITH_RC4_128_SHA
  • SSL_RSA_WITH_RC4_128_SHA
  • SSL_RSA_WITH_RC4_128_MD5
  • TLS_ECDHE_ECDSA_WITH_NULL_SHA
  • TLS_ECDHE_RSA_WITH_NULL_SHA
  • TLS_ECDH_ECDSA_WITH_NULL_SHA
  • TLS_ECDH_RSA_WITH_NULL_SHA
  • SSL_RSA_WITH_NULL_SHA
  • SSL_RSA_WITH_NULL_MD5
  • SSL_DH_anon_WITH_RC4_128_MD5
Deprecated ciphers compatible with TLS 1.0 and TLS 1.1:
  • TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
  • TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
  • TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
  • TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
  • SSL_RSA_WITH_3DES_EDE_CBC_SHA
  • SSL_DH_anon_WITH_3DES_EDE_CBC_SHA

Note:

The DH_anon cipher suites do not provide authentication of the communicating parties, and can be vulnerable to man-in-the-middle attacks. Oracle recommends that you do not use these cipher suites to protect sensitive data.

Examples

SSL_CIPHER_SUITES=(TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384)
SSL_CIPHER_SUITES=(TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256)

8.2.37 SSL_CLIENT_AUTHENTICATION

Use the SSL_CLIENT_AUTHENTICATION parameter to specify whether a client is authenticated using Transport Layer Security (TLS).

Purpose

To specify whether a client is authenticated using TLS.

Usage Notes

The database server authenticates the client. Therefore, this value should be set to false. If this parameter is set to true, then the listener attempts to authenticate the client, which can result in a failure.

Default

true

Values

true | false

Example

SSL_CLIENT_AUTHENTICATION=false

8.2.38 SSL_VERSION

Use the SSL_VERSION parameter to define valid Transport Layer Security (TLS) versions to be used for connections.

Purpose

To define the version of TLS that must run on the systems with which the database server communicates. By default, the database server and client negotiate the strongest security protocol. Oracle does not recommend modifying this parameter, unless your security requirements mandate the usage of certain protocol versions.

Usage Notes

  • Clients, listeners, and database servers must use compatible versions. Modify this parameter only when necessary to enforce the use of the more secure TLS protocol and not allow clients that only work with the older TLS protocols. If you need to specify TLS 1.0 or TLS 1.1, then also include TLS 1.2 to allow more secure connections. The current default uses TLS 1.2, which is the version required for multiple security compliance requirements.

  • Starting with Oracle Database 21c, Transport Layer Security protocol version 1.0 (TLS 1.0) and 1.1 (TLS 1.1) are deprecated.

    In accordance with security best practices, Oracle has deprecated the use of TLS 1.0 and TLS 1.1. To meet your security requirements, Oracle strongly recommends that you use TLS 1.2 instead.

  • If you set SSL_VERSION to undetermined, then the most secure TLS protocol version is used. You can use the SSL_VERSION=undetermined setting in the connect string for a specific connection to override the SSL_VERSION value configured in the sqlnet.ora file.

  • If you do not set SSL_VERSION to any value, then all the supported TLS protocol versions are tried starting with the most secure version. This is typically the most common configuration, ensuring that the strongest protocol is chosen during TLS negotiation.

Default

undetermined

Values

undetermined | 1.0 | 1.1 | 1.2

The version numbers correspond to the TLS versions, such as TLSv1.0, TLSv1.1, and TLSv1.2.

Note:

The sqlnet.ora parameter ADD_SSLV3_TO_DEFAULT has no impact on this parameter.

Syntax and Examples

  • To specify a single TLS version:
    SSL_VERSION=TLS_protocol_version
    For example:
    SSL_VERSION=1.2
  • To specify multiple TLS versions, use the or operator as follows:
    SSL_VERSION=TLS_protocol_version1 or TLS_protocol_version2
    For example:
    SSL_VERSION=1.1 or 1.2
    SSL_VERSION=1.0 or 1.1 or 1.2

8.2.39 TRACE_FILE

The TRACE_FILE parameter of the cman.ora file specifies the directory for Oracle Connection Manager trace files.

Purpose

To specify the directory for Oracle Connection Manager trace files.

8.2.40 USE_SERVICE_AS_TNSNAMES_ALIAS

Use this parameter for static routing of client connections from Oracle connection manager based on client’s service name.

Usage Notes

Oracle connection manager uses the service name specified by the client as an alias. You must configure alias in tnsnames.ora file of CMAN home. If an alias is not configured for a service, then the NEXT_HOP parameter in cman.ora acts as a default connect string.

Values

OFF and ON. The default is OFF.

Example

Configuration in CMAN home:

cman.ora
USE_SERVICE_AS_TNSNAMES_ALIAS=ON
tnsnames.ora

sales= 
 (DESCRIPTION= 
   (ADDRESS=(PROTOCOL=TCP)(HOST=sales-server)(port=1521))
   (CONNECT_DATA=(SERVICE_NAMES=sales)))

Note:

DESCRIPTION_LIST is not supported in the tnsnames.ora file of CMAN home.

Configuration in client home:

tnsnames.ora

sales_cman= 
 (DESCRIPTION= 
   (ADDRESS=(PROTOCOL=TCP)(HOST=cman-server)(port=1523))
   (CONNECT_DATA=(SERVICE_NAMES=sales)))
In this example, the client is connecting to service sales. CMAN will use the sales alias in tnsnames.ora of the CMAN home for connecting to the next hop.

8.2.41 USE_SID_AS_SERVICE

The USE_SID_AS_SERVICE Oracle Connection Manager parameter enables the system identifier (SID) in the connect descriptor to be interpreted as a service name when a user attempts a database connection.

Purpose

To enable the system identifier (SID) in the connect descriptor to be interpreted as a service name when a user attempts a database connection.

Usage Notes

Database clients with earlier releases of Oracle Database that have hard-coded connect descriptors can use this parameter to connect to a container or pluggable database.

For an Oracle container database, the client must specify a service name in order to connect to it. Setting this parameter to on instructs the Oracle Connection Manager listener to use the SID in the connect descriptor as a service name and connect the client to the specified database.

Values

  • off (default value)

  • on

Example 8-6 Example

USE_SID_AS_SERVICE=on

8.2.42 VALID_NODE_CHECKING_REGISTRATION

The VALID_NODE_CHECKING_REGISTRATION parameter of the cman.ora file specifies whether valid node checking registration is performed.

Purpose

To determine whether valid node checking registration is performed, and if the subnet is allowed.

Usage Notes

When set to on, valid node checking registration is performed at the listener for any incoming registration request, and only local IP addresses are allowed.

Default

on

Values

  • off | 0 to specify valid node checking registration is off, and no checking is performed.

  • on | 1 | local to specify valid node checking registration is on, and all local IP addresses can register. If a list of invited nodes is set, then all IP addresses, host names, or subnets in the list as well as local IP addresses are allowed.

  • subnet | 2 to specify valid node checking registration is on, and all machines in the local subnets are allowed to register. If a list of invited nodes is set, then all nodes in the local subnets as well as all IP addresses, host names and subnets in the list are allowed.

Example

VALID_NODE_CHECKING_REGISTRATION=on

8.2.43 WALLET_LOCATION

Purpose

To specify the location of wallets. Wallets are certificates, keys, and trustpoints processed by SSL.

Usage Notes

The key/value pair for Microsoft certificate store (MCS) omits the METHOD_DATA parameter because MCS does not use wallets. Instead, Oracle PKI (public key infrastructure) applications obtain certificates, trustpoints and private keys directly from the user's profile.

If an Oracle wallet is stored in the Microsoft Windows registry and the wallet's key (KEY) is SALESAPP, then the storage location of the encrypted wallet is HKEY_CURRENT_USER\SOFTWARE\ORACLE\WALLETS\SALESAPP\EWALLET.P12. The storage location of the decrypted wallet is HKEY_CURRENT_USER\SOFTWARE\ORACLE\WALLETS\SALESAPP\CWALLET.SSO.

Note:

This parameter must be specified outside Oracle Connection Manager alias

Syntax

The syntax depends on the wallet, as follows:

  • Oracle wallets on the file system:

    WALLET_LOCATION=
      (SOURCE=
        (METHOD=file)
        (METHOD_DATA=
           (DIRECTORY=directory)
           [(PKCS11=TRUE/FALSE)]))
    
  • Microsoft certificate store:

    WALLET_LOCATION=
      (SOURCE=
         (METHOD=mcs))
    
  • Oracle wallets in the Microsoft Windows registry:

    WALLET_LOCATION=
       (SOURCE=
          (METHOD=reg)
          (METHOD_DATA=
             (KEY=registry_key)))
    
  • Entrust wallets:

    WALLET_LOCATION=
       (SOURCE=
          (METHOD=entr)
          (METHOD_DATA=
             (PROFILE=file.epf)
             (INIFILE=file.ini)))

Additional Parameters

WALLET_LOCATION supports the following parameters:

  • SOURCE: The type of storage for wallets, and storage location.

  • METHOD: The type of storage.

  • METHOD_DATA: The storage location.

  • DIRECTORY: The location of Oracle wallets on file system.

  • KEY: The wallet type and location in the Microsoft Windows registry.

  • PROFILE: The Entrust profile file (.epf).

  • INIFILE: The Entrust initialization file (.ini).

Default

None

Values

true | false

Examples

Oracle wallets on file system:

WALLET_LOCATION=  
  (SOURCE=
      (METHOD=file)
      (METHOD_DATA=  
         (DIRECTORY=/etc/oracle/wallets/databases)))

Microsoft certificate store:

WALLET_LOCATION=
   (SOURCE=
     (METHOD=mcs))
   

Oracle Wallets in the Microsoft Windows registry:

WALLET_LOCATION=
   (SOURCE=
     (METHOD=REG)
     (METHOD_DATA=
        (KEY=SALESAPP)))

Entrust Wallets:

WALLET_LOCATION=
   (SOURCE=
     (METHOD=entr)
     (METHOD_DATA=
       (PROFILE=/etc/oracle/wallets/test.epf)
       (INIFILE=/etc/oracle/wallets/test.ini)))

8.3 Oracle Connection Manager in Traffic Director Mode Parameters

This section lists and describes the cman.ora file parameters.

8.3.1 SERVICE_AFFINITY

Use the cman.ora parameter SERVICE_AFFINITY to modify the default load distribution mechanism for Oracle Connection Manager in Traffic Director Mode.

Purpose

To configure load distribution mechanism for Oracle Connection Manager in Traffic Director Mode. By default, Oracle Connection Manager in Traffic Director Mode uses service affinity to select a gateway for routing incoming connection requests. All new connection requests are routed to the gateways associated with database services.

Usage Notes

If you set this parameter to ON, then all new connection requests are routed to the gateways associated with database services.

If you set this parameter to OFF, then all new connection requests are routed to the least-loaded gateways.

When using Proxy Resident Connection Pooling (PRCP), Oracle recommends that you set the SERVICE_AFFINITY parameter to OFF for better performance and resource utilization of gateway processes.

Values

ON | OFF

Default

ON

Example

SERVICE_AFFINITY = {ON | OFF}

8.3.2 TDM

Purpose

To configure Oracle Connection Manager to act as Oracle Connection Manager in Traffic Director Mode.

Default

FALSE

Values

  • TRUE

  • FALSE

Example

tdm = TRUE

8.3.3 TDM_BIND_THREAD

Purpose

To make the application connection hold on to the TDM thread and has different implications with and without PRCP. This parameter only applies when TDM_THREADING_MODE is set to SHARED.

Usage Notes

Without PRCP, setting this parameter to yes makes the application connection hold on the TDM worker thread as long as there is a transaction in progress.

With PRCP, setting this parameter to yes makes the application connection hold on to the TDM thread from the time OCISessionGet is done by the application till it does an OCISessionRelease.

Default

no

Values

  • yes

  • no

Example

TDM_BIND_THREAD = yes

8.3.4 TDM_DATATYPE_CHECK

Purpose

To validate all the inbound data to the database, of the data type NUMBER, DATE, TIMESTAMP, TIMESTAMP WITH LOCAL TIMEZONE, TIMESTAMP WITH TIMEZONE, BLOB, CLOB, BFILE, UROWID and REF. The following error is received by the application if there is any problem with the data sent to the Oracle Connection Manager in Traffic Director Mode.

ORA-03137: malformed TTC packet from client rejected: [3101]

Usage Notes

Turning ON/OFF this parameter enables or disables the data validation.

Default

OFF

Values

  • ON

  • OFF

Example

tdm_datatype_check={ON | OFF}

8.3.5 TDM_PRCP_MAX_CALL_WAIT_TIME

Purpose

To record the maximum time of inactivity, in seconds, for a client after obtaining a session from the PRCP pool. This parameter is applicable when the Oracle Connection Manager in Traffic Director Mode is configured to have Proxy Resident Connection Pool.

Usage Notes

After obtaining a session from the PRCP pool, if the client application does not issue a database call for the time specified by TDM_PRCP_MAX_CALL_WAIT_TIME parameter, then the PRCP session is freed and the client connection is terminated. As a result, if the client application attempts a round trip call on such a connection, then it receives an ORA-3113 or ORA-3115 error.

Default

30 seconds

Values

Any non negative value. However, Oracle recommends not to use a value of 0 as that implies that a connection can acquire a PRCP session for an indefinite amount of time

8.3.6 TDM_PRCP_MAX_TXN_CALL_WAIT_TIME

Purpose

To record the maximum time of inactivity, in seconds, for a client after it obtains a session from the Proxy Resident Connection Pool and starts a transaction. This parameter is applicable when the Oracle Connection Manager in Traffic Director Mode is configured to have PRCP.

Usage Notes

If the client application does not issue a database call for the time specified by TDM_PRCP_MAX_TXN_CALL_WAIT_TIME parameter while in a transaction, the PRCP session is freed, the transaction is rolled back, and the client connection is terminated. As a result, if the client application attempts a round trip call on such a connection, then it receives an ORA-3113 or ORA-3115 error.

Default

0

Values

Any nonnegative value. However, it is recommended not to use a value of0 as it implies that a connection can acquire a PRCP session for an indefinite amount of time.

8.3.7 TDM_SHARED_THREADS_MAX

Purpose

To configure the maximum number of threads that an Oracle Connection Manager process in Traffic Director Mode should have, when tdm_threading_mode is set to SHARED.

Values

Any number can be designated for the maximum number of threads. For DEDICATED mode, the maximum number of threads is same as the maximum number of connections. In SHARED mode, though there is no fixed upper bound, it should ideally be proportional to the load.

8.3.8 TDM_SHARED_THREADS_MIN

Purpose

To configure the minimum number of threads that an Oracle Connection Manager process in Traffic Director Mode should have, when tdm_threading_mode is set to SHARED.

Values

Any number can be designated for the minimum number of threads. For SHARED mode, there is no limit enforced. However, the number of threads should be proportional to the load.

8.3.9 TDM_THREADING_MODE

Purpose

To configure the usage of threads by the Oracle Connection Manager in Traffic Director Mode.

Usage Notes

If this parameter is set to DEDICATED, then a worker thread is spawned for each inbound connection and the maximum number of threads is determined by the max_connections parameter

If this parameter is set to SHARED, then a shared pool of worker threads handle all inbound connections. The minimum number of worker threads is specified by the tdm_shared_threads_min setting and the maximum number of worker threads is specified by the tdm_shared_threads_max setting. The thread pool is internally managed within these bounds.

Default

DEDICATED

Values

  • DEDICATED

  • SHARED

Example

tdm_threading_mode={DEDICATED | SHARED}

tdm_shared_threads_min = 4

tdm_shared_threads_max = 5

8.4 ADR Diagnostic Parameters for Oracle Connection Manager

The diagnostic data for critical errors is quickly captured and stored in the ADR for Oracle Connection Manager.

Since Oracle Database 11g, Oracle Database includes an advanced fault diagnosability infrastructure for preventing, detecting, diagnosing, and resolving problems. The problems are critical errors such as those caused by database code bugs, metadata corruption, and customer data corruption.

When a critical error occurs, it is assigned an incident number, and diagnostic data for the error, such as traces and dumps, are immediately captured and tagged with the incident number. The data is then stored in the Automatic Diagnostic Repository (ADR), a file-based repository outside the database.

This section describes the parameters used when ADR is enabled. ADR is enabled by default. Non-ADR parameters listed in the cman.ora file are ignored when ADR is enabled.

8.4.1 ADR_BASE

It is a diagnostic parameter in the cman.ora file and it specifies the base directory to store tracing and logging incidents when ADR is enabled.

Purpose

To specify the base directory to store tracing and logging incidents when ADR is enabled.

Default

The default is ORACLE_BASE, or ORACLE_HOME/log if ORACLE_BASE is not defined.

Values

Any valid directory path to a directory with write permission.

Example 8-7 Example

ADR_BASE=/oracle/network/trace

8.4.2 DIAG_ADR_ENABLED

DIAG_ADR_ENABLED diagnostic parameter of the cman.ora file indicates whether ADR tracing is enabled.

Purpose

To indicate whether ADR tracing is enabled.

Usage Notes

When the DIAG_ADR_ENABLED parameter is set to OFF, then non-ADR file tracing is used.

Values

on | off

Example 8-8 Example

DIAG_ADR_ENABLED=on

8.4.3 LOG_LEVEL

Purpose

To specify the level of logging performed by Oracle Connection Manager.

Usage Notes

This parameter is also applicable when non-ADR logging is used.

The following log files are used with Oracle Connection Manager:

  • instance-name_pid.log for the listener.

  • instance-name_cmadmin_pid.log for CMADMIN.

  • instance-name_cmgw_pid.log for the gateway processes.

The log files are located in the ORACLE_HOME/network/log directory.

Default

off or 0

Values

  • off or 0 for no log output.

  • user or 4 for user log information.

  • admin or 10 for administration log information.

  • support or 16 for Oracle Support Services log information.

Example

LOG_LEVEL=admin

8.4.4 TRACE_LEVEL

Purpose

To specify the trace level for the Oracle Connection Manager instance.

Usage Notes

This parameter is also applicable when non-ADR tracing is used.

The following trace files are used with Oracle Connection Manager:

  • instance-name_pid.trc for the listener.

  • instance-name_cmadmin_pid.trc for CMADMIN.

  • instance-name_cmgw_pid.trc for the gateway processes.

The log files are located in the ORACLE_HOME/network/log directory.

Default

off

Values

  • off for no trace output.

  • user for user trace information.

  • admin for administration trace information.

  • support for Oracle Support Services trace information.

Example

TRACE_LEVEL=admin

8.4.5 TRACE_TIMESTAMP

Purpose

To add a time stamp in the form of dd-mmm-yyyy hh:mi:ss:mil to every trace event in the trace file for the listener.

Usage Notes

This parameter is used with the TRACE_LEVEL parameter. This parameter is also applicable when non-ADR tracing is used.

Default

on

Values

  • on or true

  • off or false

Example

TRACE_TIMESTAMP=true

8.5 Non-ADR Diagnostic Parameters for Oracle Connection Manager

This section lists the parameters used when ADR is disabled:

8.5.1 LOG_DIRECTORY

Purpose

To specify the location of Oracle Connection Manager log files.

Usage Notes

Use this parameter when ADR is not enabled.

Default

ORACLE_BASE_HOME/network/log

Values

Any valid directory path to a directory with write permission.

Example

LOG_DIRECTORY=/oracle/network/log

8.5.2 TRACE_DIRECTORY

Purpose

To specify the location of the Oracle Connection Manager trace files.

Usage Notes

Use this parameter when ADR is not enabled.

Default

ORACLE_BASE_HOME/network/trace 

Values

Any valid directory path to a directory with write permission.

Example

TRACE_DIRECTORY=/oracle/network/admin/trace

8.5.3 TRACE_FILELEN

Purpose

To specify the size, in KB, of the trace file.

Usage Notes

When the size is met, the trace information is written to the next file. The number of files is specified with the TRACE_FILENO parameter. Any size can be designated. Use this parameter when ADR is not enabled.

Default

Unlimited

Example

TRACE_FILELEN=100

8.5.4 TRACE_FILENO

Purpose

To specify the number of trace files for Oracle Connection Manager tracing.

Usage Notes

When this parameter is set along with the TRACE_FILELEN parameter, trace files are used in a cyclical fashion. The first file is filled first, then the second file, and so on. When the last file has been filled, the first file is reused, and so on. Any number of files can be designated.

The trace file names are distinguished from one another by their sequence number. For example, if this parameter is set to 3, then the gateway trace files would be named instance-name_cmgw1_pid.trc, instance_name_cmgw2_pid.trc and instance_name_cmgw3_pid.trc.

In addition, trace events in the trace files are preceded by the sequence number of the file. Use this parameter when ADR is not enabled.

Default

1

Example

TRACE_FILENO=3

8.6 Oracle Connection Manager Tunneling Parameters

This section lists the parameters that you must configure to enable tunneling.

8.6.1 TUNNELING

Set this parameter to start Oracle Connection Manager as server in tunneling mode.

Purpose

Set this parameter to ON to start Oracle Connection Manager in tunneling mode. You must set this parameter on the server CMAN. When this parameter is set, the CMAN starts processing and accepts tunnel requests.

Usage Notes

Use this parameter with PARAMETER_LIST.

Default

OFF

Example


(PARAMETER_LIST=
      (TUNNELING=ON))
 

8.6.2 TUNNEL_CAPACITY

Use this parameter to specify the number of reverse connections that can be multiplexed over a tunnel.

Purpose

You must set this parameter on the server CMAN. Only the number of connections that you specify for this parameter will be allowed per tunnel.

Usage Notes

Use this parameter with PARAMETER_LIST.

Example


(PARAMETER_LIST=
      (TUNNELING_CAPACITY=25))
 

8.6.3 MAX_TUNNELS

Use this parameter to specify the number of tunnels that a client connection manager in tunneling mode can create.

Purpose

This parameter creates the specified number of tunnels by each connection manager gateway. You must set this parameter on the client CMAN.

Usage Notes

Use this parameter with PARAMETER_LIST.

Example


(PARAMETER_LIST=
      (MAX_TUNNELS=4))
 

8.6.4 TUNNEL_PROBE_INTERVAL

Use this parameter in server connection manager to keep the tunnel connection open.

Purpose

Specify a time interval in minutes to send small probe packets to keep the tunnel connection open and avoid time out. You must set this parameter on the server CMAN.

Usage Notes

Use this parameter with PARAMETER_LIST.

Example


(PARAMETER_LIST=
      (TUNNEL_PROBE_INTERVAL=7))
 

8.6.5 NON_TUNNEL_GATEWAYS

Use this parameter to specify the number of regular gateways that will not be used for tunneling.

Purpose

Set this parameter at both the server CMAN and the client CMAN to specify the number of regular gateways. Regular gateways handle regular and forward connections. In tunneling mode, all gateways are tunnel gateways by default.

Usage Notes

Use this parameter with PARAMETER_LIST.

Default

0 when tunneling is enabled.

Example


(PARAMETER_LIST=
  (NON_TUNNEL_GATEWAYS=2))

8.6.6 TUNNEL_ADDRESS

Set this parameter on the client CMAN to point to the server CMAN that you want to connect to.

Purpose

The gateways connect to the specified server address to create tunnels. You can configure single or multiple addresses using address_list and description.

Usage Notes

Put this parameter under CONFIGURATION.

Example


(CONFIGURATION=
  (TUNNEL_ADDRESS=
  (DESCRIPTION=(ADDRESS=(PROTOCOL=TCPS)(HOST=host_name)(PORT=port_number))
  (CONNECT_DATA=(TUNNEL_ID=tunnel_id)))))
 

8.6.7 GATEWAY_PROCESSES

Use this parameter to specify the number of gateway processes.

Usage

Use this parameter with PARAMETER_LIST.

gateway_processes=value

Example

(PARAMETER_LIST=
           (gateway_processes=8))

Note:

MIN_GATEWAY_PROCESSES parameter and MAX_GATEWAY_PROCESSES parameter are not supported with tunneling option.