9 Oracle Connection Manager Parameters
This chapter provides a complete listing of the cman.ora
file configuration parameters.
- Overview of Oracle Connection Manager Configuration File
Oracle Connection Manager configuration information is stored in thecman.ora
file. - Oracle Connection Manager Parameters
This section lists and describes the followingcman.ora
file parameters: - Oracle Connection Manager in Traffic Director Mode Parameters
This section lists and describes thecman.ora
file parameters. - ADR Diagnostic Parameters for Oracle Connection Manager
The diagnostic data for critical errors is quickly captured and stored in the ADR for Oracle Connection Manager. - Non-ADR Diagnostic Parameters for Oracle Connection Manager
This section lists the parameters used when ADR is disabled: - Oracle Connection Manager Tunneling Parameters
This section lists the parameters that you must configure to enable tunneling.
9.1 Overview of Oracle Connection Manager Configuration File
Oracle Connection Manager configuration information is stored in the cman.ora
file.
Oracle Connection Manager Configuration File
Oracle Connection Manager configuration information consists of the following elements:
-
Protocol address of the Oracle Connection Manager listener
-
Access control parameters
-
Performance parameters
By default, the cman.ora
file is located in the
ORACLE_HOME/network/admin
directory. You can also
store the cman.ora
file in the following locations:
- The directory specified by the
TNS_ADMIN
environment variable or registry value. - On Linux and UNIX operating systems, the global configuration directory. For
example, on the Oracle Solaris operating system, this directory is
/var/opt/oracle
. ORACLE_BASE_HOME/network/admin
directory.ORACLE_HOME/network/admin
directory.
Example 9-1 Sample cman.ora File
CMAN=
(CONFIGURATION=
(ADDRESS=(PROTOCOL=tcp)(HOST=proxysvr)(PORT=1521))
(RULE_LIST=
(RULE=(SRC=192.0.2.32/27)(DST=sales-server)(SRV=*)(ACT=accept))
(ACTION_LIST=(AUT=on)(MCT=120)(MIT=30)))
(RULE=(SRC=foo)(DST=hr-server)(SRV=cmon)(ACT=accept)))
(PARAMETER_LIST=
(MAX_GATEWAY_PROCESSES=8)
(MIN_GATEWAY_PRCESSSES=3)
(DIAG_ADR_ENABLED=ON)
(ADR_BASE=/oracle/log)))
cman.ora File Sections
-
Listening address: Preceded by
ADDRESS=
, this section contains information pertinent to the listener. TheADDRESS
parameter is required. -
Rule list: Preceded by
RULE_LIST=
, this section contains rule information. TheRULE
parameter is listed in the rule list section of the file. TheRULE
parameter is required. -
Rule Group: Preceded by
RULE_GROUP=
, this section containsrule_list
grouped by service names. You can use either therule_group
syntax or therule_list
syntax. -
Parameter list: Preceded by
PARAMETER_LIST=
, this section contains all other parameters including those listed in " ADR Diagnostic Parameters for Oracle Connection Manager", and "Non-ADR Diagnostic Parameters for Oracle Connection Manager".The following parameters are allowed in the parameter list section of the
cman.ora
file. The default values are bold. To override the default setting for a parameter, enter the parameter and a nondefault value.ASO_AUTHENTICATION_FILTER={
off
| on}
ADMIN_GROUP=
user_group
CONNECTION_STATISTICS={
no
| yes}
EVENT_GROUP={init_and_term | memory_ops | conn_hdlg | proc_mgmt | reg_and_load | wake_up | timer | cmd_proc | relay}
IDLE_TIMEOUT=
0
or greaterINBOUND_CONNECT_TIMEOUT=0
or greater. The default value is 60.LOG_DIRECTORY=
log_directory
. The default value isORACLE_HOME/network/log
.LOG_LEVEL={off | user | admin |
support
}
MAX_CMCTL_SESSIONS=
Any positive number. The default value is 4.MAX_CONNECTIONS=
A value between 1 and 1024. The default value is 256.MAX_GATEWAY_PROCESSES=
Any number greater than the minimum number of gateway processes up to 64. The default value is 16.MIN_GATEWAY_PROCESSES=
Any positive number less than or equal to 64. Must be less than or equal to the maximum number of gateway processes. The default value is 2.OUTBOUND_CONNECT_TIMEOUT=
0
or greaterSESSION_TIMEOUT=
0
or greaterTRACE_DIRECTORY=
trace_directory
. The default value isORACLE_HOME/network/trace
.TRACE_FILELEN=
Any positive number. The default value is 0 (zero).TRACE_FILENO=
Any positive number. The default value is 0 (zero).TRACE_LEVEL={
off
| user | admin | support}
TRACE_TIMESTAMP={
off
| on}
(PARAMETER_LIST=
(ASO_AUTHENTICATION_FILTER=ON)
(ADMIN_GROUP=dba)
(CONNECTION_STATISTICS=NO)
(EVENT_GROUP=INIT_AND_TERM,MEMORY_OPS,PROCESS_MGMT)
(IDLE_TIMEOUT=30)
(INBOUND_CONNECT_TIMEOUT=30)
(LOG_DIRECTORY=/home/user/network/admin/log)
(LOG_LEVEL=SUPPORT)
(MAX_CMCTL_SESSIONS=6)
(MAX_CONNECTIONS=512)
(MAX_GATEWAY_PROCESSES=10)
(MIN_GATEWAY_PROCESSES=4)
(OUTBOUND_CONNECT_TIMEOUT=30)
(SESSION_TIMEOUT=60)
(TRACE_DIRECTORY=/home/user/network/admin/trace)
(TRACE_FILELEN=100)
(TRACE_FILENO=2)
(TRACE_LEVEL=SUPPORT)
(TRACE_TIMESTAMP=ON)
(VALID_NODE_CHECKING_REGISTRATION=ON)
(REGISTRATION_EXCLUDED_NODES = 10.1.26.*)
(REGISTRATION_INVITED_NODES = 10.1.35.*)
)
Parent topic: Oracle Connection Manager Parameters
9.2 Oracle Connection Manager Parameters
This section lists and describes the following cman.ora
file parameters:
- ADDRESS
TheADDRESS
networking parameter specifies the protocol address of Oracle Connection Manager. - ADMIN_GROUP
TheADMIN_GROUP
parameter of thecman.ora
file specifies the user group that can perform the Oracle Connection Manager (CMAN) administration. - ASO_AUTHENTICATION_FILTER
It is a networking parameter for Oracle Connection Manager. It instructs Oracle Connection Manager to check the connection requests for Secure Network Services (SNS). - BANDWIDTH
Use theBANDWIDTH
parameter to limit all the connections of a service to a specified value in bytes per second. - CLIENT_DN_RULE_MATCH
Use this parameter to enable filtering of Transport Layer Security (TLS) connections usingDN_LIST
inRULE_GROUP
. - COMPRESSION
TheCOMPRESSION
parameter of thecman.ora
file enables or disables data compression. - COMPRESSION_LEVELS
TheCOMPRESSION_LEVELS
networking parameter of thecman.ora
file specifies the CPU usage and compression ratio. - COMPRESSION_THRESHOLD
TheCOMPRESSION_THRESHOLD
parameter of thecman.ora
file specifies the minimum data size for which compression is required. - CONNECTION_STATISTICS
CONNECTION_STATISTICS
networking parameter of thecman.ora
file specifies whether theSHOW_CONNECTIONS
command displays connection statistics. - DN_LIST
Use this parameter to specify a list of common names (CN) that are allowed to connect to a service using Transport Layer Security (TLS). - ENABLE_IP_FORWARDING
Use thecman.ora
parameterENABLE_IP_FORWARDING
to forward client IP address to the database server. - EVENT_GROUP
EVENT_GROUP
networking parameter of thecman.ora
file specifies which event groups are logged. - EXPIRE_TIME
TheEXPIRE_TIME
networking parameter ofcman.ora
file specifies a time interval, in minutes, to send a check to verify that client/gateway connections are active. - GROUP
Use theGROUP
parameter to specify arule_list
for a service. - IDLE_TIMEOUT
TheIDLE_TIMEOUT
parameter of thecman.ora
file specifies the time that an established connection can remain active without transmitting data. - INBOUND_CONNECT_TIMEOUT
TheINBOUND_CONNECT_TIMEOUT
parameter of thecman.ora
file specifies the time limit that the Oracle Connection Manager listener waits for a valid connection before timing out. - IP_RATE_COUNT
TheIP_RATE_COUNT
parameter of thecman.ora
file specifies the maximum number of client connections allowed from an IP address in the specified time interval. - IP_RATE_INTERVAL
TheIP_RATE_INTERVAL
parameter of thecman.ora
file specifies the number of seconds for which Oracle Connection Manager accepts new connections from a single IP address. - IP_RATE_BLOCK
TheIP_RATE_BLOCK
parameter of thecman.ora
file specifies the time duration, in minutes, for which an IP address is blocked after exceeding the defined IP rate limit. - LOG_FILE_NUM
TheLOG_FILE_NUM
networking parameter of thecman.ora
file specifies the number of log file segments. - LOG_FILE_SIZE
LOG_FILE_SIZE
networking parameter of thecman.ora
file specifies the size of each log file segment. - LOG_SUPPRESS_NODES
Use thecman.ora
parameterLOG_SUPPRESS_NODES
to specify the addresses for which you want to disable logging of health check errors in the Oracle Connection Manager (CMAN) log file. - MAX_ALL_CONNECTIONS
TheMAX_ALL_CONNECTIONS
parameter of thecman.ora
file specifies the maximum number of concurrent registration and client connection sessions that can be supported by Oracle Connection Manager. - MAX_CMCTL_SESSIONS
TheMAX_CMCTL_SESSIONS
parameter of thecman.ora
file specifies the maximum number of concurrent local or remote sessions. - MAX_BANDWIDTH_GROUP
Use theMAX_BANDWIDTH_GROUP
parameter to specify the maximum number of services that can be configured. - MAX_CONNECTIONS
TheMAX_CONNECTIONS
parameter of thecman.ora
file specifies the maximum number of connection slots that a gateway process can handle. - MAX_GATEWAY_PROCESSES
TheMAX_GATEWAY_PROCESSES
parameter of thecman.ora
file specifies the maximum number of gateway processes supported by Oracle Connection Manager. - MAX_REG_CONNECTIONS
TheMAX_REG_CONNECTIONS
parameter of thecman.ora
file specifies the maximum number of concurrent registration connection sessions that can be supported by Oracle Connection Manager. - MIN_GATEWAY_PROCESSES
TheMIN_GATEWAY_PROCESSES
parameter of thecman.ora
file specifies the minimum number of gateway processes supported by Oracle Connection Manager. - NEXT_HOP
TheNEXT_HOP
parameter provides static routing of client connections from Oracle Connection Manager (Oracle CMAN). - OUTBOUND_CONNECT_TIMEOUT
TheOUTBOUND_CONNECT_TIMEOUT
parameter of thecman.ora
file specifies the time limit that the Oracle Connection Manager instance waits for a valid connection to be established before timing out. - REGISTRATION_EXCLUDED_NODES
The Oracle Connection Manager parameter file (cman.ora
) REGISTRATION_EXCLUDED_NODES specifies the list of nodes that cannot register with the listener. - REGISTRATION_INVITED_NODES
The Oracle Connection Manager parameter file (cman.ora
)REGISTRATION_EXCLUDED_NODES
parameter specifies the list of node that can register with the listener. - REST_ADDRESS
Use theREST_ADDRESS
parameter to configure REST endpoint hostname and port. Oracle CMAN listens totcps
endpoint based on the specified hostname and port. - RULE
TheRULE
parameter of thecman.ora
file specifies an access control rule list to filter incoming connections. - SDU
Use theSDU
parameter to specify the session data unit (SDU) size for connections. - SERVICE_RATE
The SERVICE_RATE parameter of cman.ora file specifies incoming connection rate that is allowed per service for an instance. - SESSION_TIMEOUT
TheSESSION_TIMEOUT
parameter of thecman.ora
file specifies the maximum time in seconds allowed for a user session. - SSL_CIPHER_SUITES
Use theSSL_CIPHER_SUITES
parameter to control the combination of authentication, encryption, and data integrity algorithms used by Transport Layer Security (TLS). - SSL_CLIENT_AUTHENTICATION
Use theSSL_CLIENT_AUTHENTICATION
parameter to specify whether the database client is authenticated using Transport Layer Security (TLS). - SSL_VERSION
Use theSSL_VERSION
parameter to define valid Transport Layer Security (TLS) versions to be used for connections. - TRACE_FILE
TheTRACE_FILE
parameter of thecman.ora
file specifies the directory for Oracle Connection Manager trace files. - USE_SERVICE_AS_TNSNAMES_ALIAS
Use this parameter for static routing of client connections from Oracle connection manager based on client’s service name. - USE_SID_AS_SERVICE
TheUSE_SID_AS_SERVICE
Oracle Connection Manager parameter enables the system identifier (SID) in the connect descriptor to be interpreted as a service name when a user attempts a database connection. - VALID_NODE_CHECKING_REGISTRATION
TheVALID_NODE_CHECKING_REGISTRATION
parameter of thecman.ora
file specifies whether valid node checking registration is performed. - WALLET_LOCATION
Use theWALLET_LOCATION
parameter to specify the location of Oracle wallets.
Parent topic: Oracle Connection Manager Parameters
9.2.1 ADDRESS
The ADDRESS
networking parameter specifies the protocol address of Oracle Connection Manager.
Purpose
To specify the protocol address of Oracle Connection Manager.
Syntax
(ADDRESS=(PROTOCOL=protocol)(HOST=host_name)(PORT=port_number)
Usage Notes
ADMIN
parameter to YES
using the following syntax:(ADDRESS=(PROTOCOL=protocol)(HOST=host_name)(PORT=port_number)(ADMIN=YES))
Example
(ADDRESS=(PROTOCOL=tcp)(HOST=sales-server)(PORT=1521)
Related Topics
Parent topic: Oracle Connection Manager Parameters
9.2.2 ADMIN_GROUP
The ADMIN_GROUP
parameter of the cman.ora
file specifies the user group that can perform the Oracle Connection Manager (CMAN) administration.
Purpose
To allow users of the specified group to perform CMAN administration operations. Users of the group are allowed to run Oracle Connection Manager control utility commands, such as show status, show services, show gateways, show rules, and so on.
Usage Notes
You can include ADMIN_GROUP
parameter in the PARAMETER_LIST
section of the cman.ora
file to specify the group that can run CMAN control utility commands and carry out administration operations.
Default
By default, only CMAN
user can perform the connection manager administration operations.
Example
ADMIN_GROUP=dba
Related Topics
Parent topic: Oracle Connection Manager Parameters
9.2.3 ASO_AUTHENTICATION_FILTER
It is a networking parameter for Oracle Connection Manager. It instructs Oracle Connection Manager to check the connection requests for Secure Network Services (SNS).
Purpose
To specify whether Oracle Database security authentication settings must be used by the client.
Usage Notes
The global setting can be overridden by a rule-level setting in ACTION_LIST
.
Values
-
on
to instruct Oracle Connection Manager to reject connection requests that are not using Secure Network Services (SNS). SNS is part of Oracle Database security. -
off
to instruct Oracle Connection Manager not to check for SNS between the client and server. This is the default.
Parent topic: Oracle Connection Manager Parameters
9.2.4 BANDWIDTH
Use the BANDWIDTH
parameter to limit all the connections of
a service to a specified value in bytes per second.
Purpose
To specify a limit on the number of bytes transmitted per second.
Usage Notes
You must include this parameter in the parameter_list
section of the cman.ora
file.
You must also set the cman.ora
parameter MAX_BANDWIDTH_GROUP
, which is a mandatory parameter to enable the bandwidth functionality.
Example
BANDWIDTH=524288
Related Topics
Parent topic: Oracle Connection Manager Parameters
9.2.5 CLIENT_DN_RULE_MATCH
Use this parameter to enable filtering of Transport Layer Security (TLS) connections using DN_LIST
in RULE_GROUP
.
Purpose
A TLS connection is allowed only if there is a GROUP
specified in RULE_GROUP
for the requested service. This GROUP
must be configured with DN_LIST
.
Values
ON
, OFF
. By default the value is set to
OFF
.
Example
CLIENT_DN_RULE_MATCH=ON
Parent topic: Oracle Connection Manager Parameters
9.2.6 COMPRESSION
The COMPRESSION
parameter of the cman.ora
file enables or disables data compression.
Purpose
To enable or disable data compression. If both the Oracle Connection Manager and the other end (server or client or Oracle Connection Manager) have this parameter set to ON
, then compression is used for the connection.
Default
off
Values
-
on
to enable data compression. -
off
to disable data compression.
Example
COMPRESSION=on
Parent topic: Oracle Connection Manager Parameters
9.2.7 COMPRESSION_LEVELS
The COMPRESSION_LEVELS
networking parameter of the cman.ora
file specifies the CPU usage and compression ratio.
Purpose
To specify the compression level.
Usage Notes
The compression levels are used at the time of negotiation to verify which levels are used at both ends, and select one level.
Default
low
Values
-
low
for low CPU usage and a low compression ratio. -
high
for high CPU usage and a high compression ratio.
Example 9-2 Example
COMPRESSION_LEVELS=high,low
Parent topic: Oracle Connection Manager Parameters
9.2.8 COMPRESSION_THRESHOLD
The COMPRESSION_THRESHOLD
parameter of the cman.ora
file specifies the minimum data size for which compression is required.
Purpose
To specify the minimum data size, in bytes, for which compression is required.
Usage Notes
Compression is not be done if the size of the data to be sent is less than this value.
Default
1024 bytes
Example
COMPRESSION_THRESHOLD=1024
Parent topic: Oracle Connection Manager Parameters
9.2.9 CONNECTION_STATISTICS
CONNECTION_STATISTICS
networking parameter of the cman.ora
file specifies whether the SHOW_CONNECTIONS
command displays connection statistics.
Purpose
To specify whether the SHOW_CONNECTIONS
command displays connection statistics.
Usage Notes
The global setting can be overridden by a rule-level setting in ACTION_LIST
.
Values
-
yes
to display statistics. -
no
to not display statistics. This is the default.
Parent topic: Oracle Connection Manager Parameters
9.2.10 DN_LIST
Use this parameter to specify a list of common names (CN) that are allowed to connect to a service using Transport Layer Security (TLS).
Purpose
An incoming TLS connection is allowed only if the string provided in common name (CN) of the distinguished name (DN) matches with at least one value in the list of values provided in the DN_LIST
parameter.
Usage Notes
DN_LIST
is a comma separated list of common names. The values in the
DN_LIST
parameter is matched only when the
client_dn_rule_match
parameter is set to
ON
.
You must configure DN_LIST
inside DESCRIPTION
of
the GROUP
parameter.
Example
(GROUP =
(DESCRIPTION = (NAME = service_name)(DN_LIST = phx,blr))
(RULE_LIST =
(RULE=...)
)
Parent topic: Oracle Connection Manager Parameters
9.2.11 ENABLE_IP_FORWARDING
Use the cman.ora
parameter ENABLE_IP_FORWARDING
to forward client IP address to the database server.
Purpose
When set to ON
, Oracle Connection Manager (CMAN) forwards the client source address as seen by it to the database server.
Usage Notes
In addition to the ENABLE_IP_FORWARDING
parameter, you must set the TCP.ALLOWED_PROXIES
parameter in the server-side sqlnet.ora
file. The TCP.ALLOWED_PROXIES
parameter specifies a list of the CMAN instances that can forward client address.
You can use the SYS_CONTEXT ('USERENV','IP_ADDRESS')
function to query the forwarded client address details.
Values
-
ON
|TRUE
|YES
|1
: To enable client address forwarding -
OFF
|FALSE
|NO
|0
: To disable client address forwarding
Default
OFF
Example
ENABLE_IP_FORWARDING=ON
Related Topics
Parent topic: Oracle Connection Manager Parameters
9.2.12 EVENT_GROUP
EVENT_GROUP
networking parameter of the cman.ora
file specifies which event groups are logged.
Purpose
To specify which event groups are logged.
Usage Notes
Multiple events may be designated using a comma-delimited list.
Values
-
alert
for alert notifications. -
cmd_proc
for command processing. -
conn_hdlg
for connection handling. -
init_and_term
for initialization and termination. -
memory_ops
for memory operations. -
proc_mgmt
for process management. -
reg_and_load
for registration and load update. -
relay
for events associated with connection control blocks. -
timer
for gateway timeouts. -
wake_up
for events related to Connection Manager Administration (CMADMIN) wake-up queue.
Note:
The event group ALERT
cannot be turned off.
Parent topic: Oracle Connection Manager Parameters
9.2.13 EXPIRE_TIME
The EXPIRE_TIME
networking parameter of cman.ora
file specifies a time interval, in minutes, to send a check to verify that client/gateway connections are active.
Purpose
To specify a time interval, in minutes, to send a check to verify that client/server connections are active.
Usage Notes
Setting a value greater than 0
ensures that connections are not left open indefinitely, due to an unusual client termination. If the system supports TCP keepalive tuning, then Oracle Net Services automatically uses the enhanced detection model, and tunes the TCP keepalive parameters
If the probe finds a terminated connection, or a connection that is no longer in use, then it returns an error, causing the server process to exit.
This parameter is primarily intended for the database server, which typically handles multiple connections at any one time.
Limitations on using this terminated connection detection feature are:
-
It is not allowed on bequeathed connections.
-
Though very small, a probe packet generates additional traffic that may downgrade network performance.
-
Depending on which operating system is in use, the server may need to perform additional processing to distinguish the connection probing event from other events that occur. This can also result in degraded network performance.
Values
-
0
: To disable terminated connection detection. -
Any number greater than
0
: To enable terminated connection detection. The number equals the time interval in minutes.
Default
0
Example 9-3 Example
EXPIRE_TIME=10
Parent topic: Oracle Connection Manager Parameters
9.2.14 GROUP
Use the GROUP
parameter to specify a
rule_list
for a service.
Purpose
This parameter is listed in the RULE_GROUP
section of the cman.ora
file preceded by RULE_GROUP=
.
Syntax
(GROUP =
(DESCRIPTION = (NAME = service_name))
(RULE_LIST =
(RULE=...)
)
Usage Notes
The service name (SRV =)
in the rule should match the
service_name
specified in the NAME
parameter.
Alternatively, you can specify the service name using an asterisk *
.
You can configure a DEFAULT_GROUP
in RULE_GROUP
.
The rules that you specify in this section applies to those services that do not
have an explicit GROUP
. You do not need to specify
DESCRIPTION
inside a DEFAULT_GROUP
.
Example
(RULE_GROUP=
(GROUP =
(DESCRIPTION = (NAME = sales.us.example.com))
(RULE_LIST =
(RULE=
(SRC=client1-pc)
(DST=sales-server)
(SRV=*)
(ACT=reject))
)
)
(GROUP =
(DESCRIPTION = (NAME = hr.us.example.com))
(RULE_LIST =
(RULE=
(SRC=192.0.2.45)
(DST=192.0.2.200)
(SRV=*)
(ACT=accept))
)
)
(DEFAULT_GROUP =
(RULE_LIST=
(RULE=(SRC=*)(DST=*)(SRV=cmon)(ACT=accept)))
)
)
Parent topic: Oracle Connection Manager Parameters
9.2.15 IDLE_TIMEOUT
The IDLE_TIMEOUT
parameter of the cman.ora
file specifies the time that an established connection can remain active without transmitting data.
Purpose
To specify the amount of time that an established connection can remain active without transmitting data.
Usage Notes
The global setting can be overridden by a rule-level setting in ACTION_LIST
.
Values
-
0
to disable the timeout. This is the default. -
Any number greater than 0 to enable the timeout. The number equals the timeout period in seconds.
Parent topic: Oracle Connection Manager Parameters
9.2.16 INBOUND_CONNECT_TIMEOUT
The INBOUND_CONNECT_TIMEOUT
parameter of the cman.ora
file specifies the time limit that the Oracle Connection Manager listener waits for a valid connection before timing out.
Purpose
To specify how long, in seconds, the Oracle Connection Manager listener waits for a valid connection from a client or another instance of Oracle Connection Manager.
Values
-
60 sec
is the default. Use value0
to disable timeout. -
Any number greater than
0
to enable the timeout. The number equals the timeout period in seconds.
Example
INBOUND_CONNECT_TIMEOUT=30
Parent topic: Oracle Connection Manager Parameters
9.2.17 IP_RATE_COUNT
The IP_RATE_COUNT
parameter of the cman.ora
file specifies the maximum number of client connections allowed from an IP address in the specified time interval.
Purpose
To enforce IP rate limit on the number of client connections allowed to Oracle Connection Manager (CMAN) from a single IP address. This security feature enables you to protect your database against potential denial-of-service (DoS) attacks.
Usage Notes
Use the IP_RATE_COUNT
parameter under the PARAMETER_LIST
section of the CMAN configuration. When set to a value greater than 1
, the specified IP rate limit is enforced at the CMAN endpoint level.
You can use this parameter along with the optional IP_RATE_INTERVAL
and IP_RATE_BLOCK
parameters. IP_RATE_INTERVAL
allows you to specify the number of seconds for which IP_RATE_COUNT
connections are accepted. IP_RATE_BLOCK
allows you to specify the duration for which the IP address is blocked after exceeding the defined IP_RATE_COUNT
per IP_RATE_INTERVAL
limit.
Default
None
Value
Any number greater than 1
Example
CMAN=
(CONFIGURATION=
(ADDRESS=(PROTOCOL=tcp)(HOST=proxysvr)(PORT=1521))
(PARAMETER_LIST=(IP_RATE_COUNT=512)))
Parent topic: Oracle Connection Manager Parameters
9.2.18 IP_RATE_INTERVAL
The IP_RATE_INTERVAL
parameter of the cman.ora
file specifies the number of seconds for which Oracle Connection Manager accepts new connections from a single IP address.
Purpose
To specify the number of seconds for which IP_RATE_COUNT
connections are accepted. This security feature enforces IP rate limit on client connections and thus protects your database against potential denial-of-service (DoS) attacks.
Usage Notes
This is an optional parameter. You can use it under the PARAMETER_LIST
section along with the IP_RATE_COUNT
parameter. IP_RATE_COUNT
allows you to specify the number of connections allowed from an IP address.
You can also set the optional IP_RATE_BLOCK
parameter to specify the duration for which the IP address is blocked after exceeding the defined IP_RATE_COUNT
per IP_RATE_INTERVAL
limit.
Default
1
second
Value
Any number less than or equal to 60
. The number equals the time duration in seconds.
Example
CMAN=
(CONFIGURATION=
(ADDRESS=(PROTOCOL=tcp)(HOST=proxysvr)(PORT=1521))
(PARAMETER_LIST=(IP_RATE_INTERVAL=5)))
Parent topic: Oracle Connection Manager Parameters
9.2.19 IP_RATE_BLOCK
The IP_RATE_BLOCK
parameter of the cman.ora
file specifies the time duration, in minutes, for which an IP address is blocked after exceeding the defined IP rate limit.
Purpose
To specify the time duration for which an IP address is blocked from establishing new connections. This security feature enforces IP rate limit on client connections and thus protects your database against potential denial-of-service (DoS) attacks.
Usage Notes
This is an optional parameter. You can use it under the PARAMETER_LIST
section along with the IP_RATE_COUNT
parameter. IP_RATE_COUNT
allows you to specify the number of connections allowed from an IP address.
You can also set the optional IP_RATE_INTERVAL
parameter to specify the number of seconds for which IP_RATE_COUNT
connections are accepted. The IP address is blocked after exceeding the defined IP_RATE_COUNT
per IP_RATE_INTERVAL
limit.
Default
15
minutes
Value
Any number greater than 0
. The number equals the time duration in minutes.
Example
CMAN=
(CONFIGURATION=
(ADDRESS=(PROTOCOL=tcp)(HOST=proxysvr)(PORT=1521))
(PARAMETER_LIST=(IP_RATE_BLOCK=30)))
Parent topic: Oracle Connection Manager Parameters
9.2.20 LOG_FILE_NUM
The LOG_FILE_NUM
networking parameter of the cman.ora
file specifies the number of log file segments.
Purpose
To specify the number of log file segments. At any point of time there can be only n
log file segments where n
is LOG_FILE_NUM
and if the log grows beyond this number, then the older segments are deleted.
Default
No default. Number of segments grow indefinitely, if not specified or set to zero.
Value
Any integer value up to the maximum integer.
Example
LOG_FILE_NUM=3
Parent topic: Oracle Connection Manager Parameters
9.2.21 LOG_FILE_SIZE
LOG_FILE_SIZE
networking parameter of thecman.ora
file specifies the size of each log file segment.
Purpose
To specify the size of each log file segment. The size is in MB
.
Default
300 MB
Values
Any integer value.
Example 9-4 Example
LOG_FILE_SIZE=10
Parent topic: Oracle Connection Manager Parameters
9.2.22 LOG_SUPPRESS_NODES
Use the cman.ora
parameter LOG_SUPPRESS_NODES
to specify the addresses for which you want to disable logging of health check errors in the Oracle Connection Manager (CMAN) log file.
Purpose
A CMAN frontend component, such as a load balancer, may perform periodic health checks by connecting to CMAN endpoint at the backend followed by immediately disconnecting from it. These health check operations generate error entries in the CMAN log file and are logged as connect failures. You can set this parameter to disable logging of such errors.
Usage Notes
Set this parameter in the PARAMETER_LIST
section of the cman.ora
file.
The list of addresses can include host names or CIDR notation for IPv4 and IPv6 addresses. The wildcard format (*
) is supported for IPv4 addresses.
The presence of a host name in the list results in the inclusion of all IP addresses mapped to the host name. The host name must be consistent with the public network interface.
Value
LOG_SUPPRESS_NODES=(list of load balancer addresses)
list of load balancer addresses
specifies valid nodes, subnet IP addresses, or names for which you want to disable logging.
Default
None
Example
LOG_SUPPRESS_NODES=(10.1.35.*, 10.1.34.0/24, 2001:DB8:fe38:7303, node1)
Parent topic: Oracle Connection Manager Parameters
9.2.23 MAX_ALL_CONNECTIONS
The MAX_ALL_CONNECTIONS
parameter of the cman.ora
file specifies the maximum number of concurrent registration and client connection sessions that can be supported by Oracle Connection Manager.
Purpose
To specify the maximum number of concurrent registration and client connection sessions that can be supported by Oracle Connection Manager.
Usage Notes
This number includes registration connections from databases, and ongoing client connection establishment requests. After a connection is established, the clients do not maintain a connection to the listener. This limit only applies to client connections that are in the initial connection establishment phase from a listener perspective.
Default
Operating system-specific
Example
MAX_ALL_CONNECTIONS=40
Parent topic: Oracle Connection Manager Parameters
9.2.24 MAX_CMCTL_SESSIONS
The MAX_CMCTL_SESSIONS
parameter of the cman.ora
file specifies the maximum number of concurrent local or remote sessions.
Purpose
To specify the maximum number of concurrent local or remote sessions of the Oracle Connection Manager control utility allowable for a given instance.
Usage Notes
One of the sessions must be a local session.
Value
Any number of sessions can be designated.
Example
MAX_CMCTL_SESSIONS=6
Parent topic: Oracle Connection Manager Parameters
9.2.25 MAX_BANDWIDTH_GROUP
Use the MAX_BANDWIDTH_GROUP
parameter to specify the maximum
number of services that can be configured.
Purpose
This parameter is mandatory to enable the bandwidth functionality.
Usage Notes
Configure this parameter to a value of maximum services that your system supports.
Add this parameter in the parameter
section of the
cman.ora
file.
You can also configure this parameter with an additional 20% to 100% buffer, depending upon how often the services are created and destroyed in the system.
Example
MAX_BANDWIDTH_GROUP=100
Related Topics
Parent topic: Oracle Connection Manager Parameters
9.2.26 MAX_CONNECTIONS
The MAX_CONNECTIONS
parameter of the cman.ora
file specifies the maximum number of connection slots that a gateway process can handle.
Purpose
To specify the maximum number of connection slots that a gateway process can handle.
Values
Any number in the range of 1
to 1024
.
Default
The default value is 256
.
Example
MAX_CONNECTIONS=100
Parent topic: Oracle Connection Manager Parameters
9.2.27 MAX_GATEWAY_PROCESSES
The MAX_GATEWAY_PROCESSES
parameter of the cman.ora
file specifies the maximum number of gateway processes supported by Oracle Connection Manager.
Purpose
To specify the maximum number of gateway processes that an instance of Oracle Connection Manager supports.
Value
The number designated must be greater than the minimum number of gateway processes. The maximum is 64
.
Default
The default value is 16
.
Example
MAX_GATEWAY_PROCESSES=8
Parent topic: Oracle Connection Manager Parameters
9.2.28 MAX_REG_CONNECTIONS
The MAX_REG_CONNECTIONS
parameter of the cman.ora
file specifies the maximum number of concurrent registration connection sessions that can be supported by Oracle Connection Manager.
Purpose
To specify the maximum number of concurrent registration connection sessions that can be supported by Oracle Connection Manager.
Default
512
Example
MAX_REG_CONNECTIONS=20
Parent topic: Oracle Connection Manager Parameters
9.2.29 MIN_GATEWAY_PROCESSES
The MIN_GATEWAY_PROCESSES
parameter of the cman.ora
file specifies the minimum number of gateway processes supported by Oracle Connection Manager.
Purpose
To specify the minimum number of gateway processes that an instance of Oracle Connection Manager supports.
Value
Any number of sessions can be designated up to 64
.
The value can be any positive number less than or equal to 64
. Must be less than or equal to the maximum number of gateway processes.
Default
The default value is 2
.
Example
MIN_GATEWAY_PROCESSES=4
Parent topic: Oracle Connection Manager Parameters
9.2.30 NEXT_HOP
The NEXT_HOP
parameter provides static routing of client
connections from Oracle Connection Manager (Oracle CMAN).
Purpose
To specify a fixed address for Oracle CMAN to connect and to relay all client connection requests.
Usage Notes
This parameter contains the next hop address to which Oracle CMAN should connect to, whenever there is a client connection to it. This parameter provides static routing of client connections from Oracle CMAN and does not require service registration.
Values
You must specify this parameter in the CONFIGURATION
section. Use description
or address list
to
specify multiple addresses along with other characteristics such as
load_balance
and failover
.
Default
Not enabled.
Example
CMAN=
(CONFIGURATION=
(ADDRESS=(PROTOCOL=tcp)(HOST=proxysvr)(PORT=4555))
(rule_list=(rule=(src=*)(dst=*)(srv=*)(act=accept)))
(PARAMETER_LIST=
(MAX_GATEWAY_PROCESSES=8)
(MIN_GATEWAY_PRCESSSES=3))
(NEXT_HOP=(ADDRESS=(PROTOCOL=tcps)(HOST=proxysvr1)(PORT=1555))
)
Parent topic: Oracle Connection Manager Parameters
9.2.31 OUTBOUND_CONNECT_TIMEOUT
The OUTBOUND_CONNECT_TIMEOUT
parameter of the cman.ora
file specifies the time limit that the Oracle Connection Manager instance waits for a valid connection to be established before timing out.
Purpose
To specify the length of time in seconds that the Oracle Connection Manager instance waits for a valid connection to be established with the database server or with another Oracle Connection Manager instance.
Values
-
60
to disable the timeout. This is the default. -
Any number greater than
0
to enable the timeout. The number equals the timeout period in seconds.
Example
OUTBOUND_CONNECT_TIMEOUT=30
Parent topic: Oracle Connection Manager Parameters
9.2.32 REGISTRATION_EXCLUDED_NODES
The Oracle Connection Manager parameter file (cman.ora
) REGISTRATION_EXCLUDED_NODES specifies the list of nodes that cannot register with the listener.
Purpose
To specify the list of nodes that cannot register with the listener.
Usage Notes
The list can include host names or CIDR notation for IPv4 and IPv6 addresses. The wildcard format (*
) is supported for IPv4 addresses. The presence of a host name in the list results in the inclusion of all IP addresses mapped to the host name. The host name should be consistent with the public network interface.
If the REGISTRATION_INVITED_NODES
parameter and the REGISTRATION_EXCLUDED_NODES
parameter are set, then the REGISTRATION_EXCLUDED_NODES
parameter is ignored.
Values
Valid nodes and subnet IP addresses or names.
Example
REGISTRATION_EXCLUDED_NODES = 10.1.26.*, 10.16.40.0/24, \
2001:DB8:3eff:fe38, node2
Parent topic: Oracle Connection Manager Parameters
9.2.33 REGISTRATION_INVITED_NODES
The Oracle Connection Manager parameter file (cman.ora
) REGISTRATION_EXCLUDED_NODES
parameter specifies the list of node that can register with the listener.
Purpose
To specify the list of node that can register with the listener.
Usage Notes
The list can include host names or CIDR notation for IPv4 and IPv6 addresses. The wildcard format (*
) is supported for IPv4 addresses. The presence of a host name in the list results in the inclusion of all IP addresses mapped to the host name. The host name should be consistent with the public network interface.
If the REGISTRATION_INVITED_NODES
parameter and the REGISTRATION_EXCLUDED_NODES
parameter are set, then the REGISTRATION_EXCLUDED_NODES
parameter is ignored.
Values
Valid nodes and subnet IP addresses or names.
Example
REGISTRATION_INVITED_NODES = 10.1.35.*, 10.1.34.0/24, \
2001:DB8:fe38:7303, node1
Parent topic: Oracle Connection Manager Parameters
9.2.34 REST_ADDRESS
Use the REST_ADDRESS
parameter to configure REST endpoint
hostname and port. Oracle CMAN listens to tcps
endpoint based on the
specified hostname and port.
Usage Notes
Add the REST_ADDRESS
attribute under the
parameter_list
of the cman.ora
file.
Syntax
REST_ADDRESS=host name:port
Example
REST_ADDRESS=cman_host:1524
Parent topic: Oracle Connection Manager Parameters
9.2.35 RULE
The RULE
parameter of the cman.ora
file specifies an access control rule list to filter incoming connections.
Purpose
To specify an access control rule list to filter incoming connections.
Usage Notes
A rule list specifies which connections are accepted, rejected, or dropped.
If no rules are specified, then all connections are rejected.
The source and destination can be a host name, IP address, or subnet mask.
There must be at least one rule for client connections and one rule for CMCTL connections. Omitting one or the other results in the rejection of all connections for the rule type omitted. The last rule in the example that follows is a CMCTL rule.
Oracle Connection Manager does not support wildcards for partial IP addresses. If you use a wildcard, then use it in place of a full IP address. The IP address of the client may, for example, be (SRC=*).
Oracle Connection Manager supports only the /nn
notation for subnet addresses. In the first rule in Example “Sample cman.ora File”, /27 represents a subnet mask that comprises 27 left-most bits.
Values
This parameter is listed in the rule list section of the cman.ora
file preceded by RULE_LIST=
.
Syntax
(RULE_LIST= (RULE= (SRC=host) (DST=host) (SRV=service_name) (ACT={accept|reject|drop}) (ACTION_LIST=AUT={on|off} ((CONN_STATS={yes|no})(MCT=time)(MIT=time)(MOCT=time))) (RULE= ...))
Additional Parameters
The RULE
parameter filters a connection or group of connections using the following parameters:
SRC
: The source host name or IP address of the client.
DST
: The destination server host name or IP address of the database server.
SRV
: The database service name of Oracle Database obtained from the SERVICE_NAME
parameter in the initialization parameter file.
ACT
: The action for the connection request. Use accept
to accept incoming requests, reject
to reject incoming requests, or drop
to reject incoming requests without sending an error message.
ACTION_LIST
: The rule-level parameter settings for some parameters. These parameters are as follows:
-
AUT
: Oracle Database security authentication on client side. -
CONN_STATS
: Log input and output statistics. -
MCT
: Maximum connect time. -
MIT
: Maximum idle timeout. -
MOCT
: Maximum outbound connect time.
Rule-level parameters override their global counterparts.
Example
(RULE_LIST= (RULE= (SRC=client1-pc) (DST=sales-server) (SRV=sales.us.example.com) (ACT=reject)) (RULE= (SRC=192.0.2.45) (DST=192.0.2.200) (SRV=db1) (ACT=accept)) (RULE= (SRC=sale-rep) (DST=sales1-server) (SRV=cmon) (ACT=accept)))
Parent topic: Oracle Connection Manager Parameters
9.2.36 SDU
Use the SDU
parameter to specify the session data unit (SDU) size for connections.
Purpose
To specify the SDU size, in bytes, for connections.
Usage Notes
Oracle Connection Manager can negotiate large SDU with client and server when configured. When the configured values of client, database server, and Oracle Connection Manager do not match for a session, the least value of all the three values is used.
Default
65536
bytes (64 KB)
Value
512
to 2097152
bytes
Example
SDU=32768
Parent topic: Oracle Connection Manager Parameters
9.2.37 SERVICE_RATE
The SERVICE_RATE parameter of cman.ora file specifies incoming connection rate that is allowed per service for an instance.
Purpose
To specify incoming connection rate that is allowed per service for an instance.
Usage Notes
Any user-specified value greater than 0
sets the maximum limit on the number of new connections per service-instance handled by the proxy listener every second. Listener rejects connections after it reaches the maximum limit. Client side connection failure is reported with “TNS:listener: rate limit reached”.
Values
-
0
to disable service rate limit. This is the default. -
Any number greater than 0 to enable service rate limit.
Example 9-5 Example
SERVICE_RATE=10
Parent topic: Oracle Connection Manager Parameters
9.2.38 SESSION_TIMEOUT
The SESSION_TIMEOUT
parameter of the cman.ora
file specifies the maximum time in seconds allowed for a user session.
Purpose
To specify the maximum time in seconds allowed for a user session.
Usage Notes
The global setting can be overridden by a rule-level setting in ACTION_LIST
.
Values
-
0
to disable the timeout. This is the default. -
Any number greater than
0
to enable the timeout. The number equals the timeout period in seconds.
Example
SESSION_TIMEOUT=60
Parent topic: Oracle Connection Manager Parameters
9.2.39 SSL_CIPHER_SUITES
Use the SSL_CIPHER_SUITES
parameter to control the combination of authentication, encryption, and data integrity algorithms used by Transport Layer Security (TLS).
Purpose
To control the combination of authentication, encryption, and data integrity algorithms used by TLS. By default, the strongest protocol and cipher are negotiated between the database client and server. Setting this parameter will override the default behavior. You must use this parameter only if you have internal security controls that dictate the usage of certain protocol versions.
Usage Notes
Starting with Database 23ai, the use of Transport Layer Security protocol versions 1.0 and 1.1 are desupported.
In most cases, this change will not have any impact, because the database client and server will negotiate the use of the most secure protocol and cipher algorithm. However, if TLS 1.0 or 1.1 has been specified, then you must either remove it to allow the database server and client to pick the most secure protocol, or you must specify either TLS 1.2, or TLS 1.3, or both, for the protocol. Oracle recommends using the latest, most secure protocol. That protocol is TLS 1.3, which is introduced with Oracle Database 23ai.
Enclose the SSL_CIPHER_SUITES
parameter value in parentheses. Otherwise, the cipher suite setting does not parse correctly.
Default
None
Values
-
TLS_AES_256_GCM_SHA384
-
TLS_CHACHA20_POLY1305_SHA256
(non-FIPS only) -
TLS_AES_128_CCM_SHA256
-
TLS_AES_128_GCM_SHA256
-
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
-
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
-
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
-
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
-
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
-
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
-
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
-
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
-
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
-
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
-
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
-
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
-
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
-
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
-
TLS_RSA_WITH_AES_256_GCM_SHA384
-
TLS_RSA_WITH_AES_256_CBC_SHA256
-
TLS_RSA_WITH_AES_256_CBC_SHA
-
TLS_RSA_WITH_AES_128_GCM_SHA256
-
TLS_RSA_WITH_AES_128_CBC_SHA256
-
TLS_RSA_WITH_AES_128_CBC_SHA
-
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
-
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
-
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Examples
SSL_CIPHER_SUITES=(TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256)
SSL_CIPHER_SUITES=(TLS_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256)
Parent topic: Oracle Connection Manager Parameters
9.2.40 SSL_CLIENT_AUTHENTICATION
Use the SSL_CLIENT_AUTHENTICATION
parameter to specify whether the database client is authenticated using Transport Layer Security (TLS).
Purpose
To enable client authentication in a TLS connection. The connection can be one-way or two-way (mutual TLS or mTLS).
Usage Notes
When set to TRUE
, a two-way TLS connection is initiated. Both the client and server (including the listener) authenticate each other. For example, if you set this parameter to TRUE
in the server configuration (server-side sqlnet.ora
), then the server attempts to authenticate the client. If you set it to TRUE
in the listener configuration (listener.ora
), then the listener attempts to authenticate the client.
When set to FALSE
, only the client authenticates the server and listener as a one-way TLS connection. For example, if you set this parameter to FALSE
in the server configuration, then the server does not authenticate the client. If you set it to FALSE
in the listener configuration, then the listener does not authenticate the client.
OPTIONAL
, the server behaves as follows:
-
If the client sends a certificate, then the connection is completed as a two-way TLS connection after authenticating the client.
-
If the client does not send a certificate, then the connection is completed as a one-way TLS connection.
Ensure that this parameter setting is consistent for the server or listener (on one side) and the client (on the other). Otherwise, the connection may fail. For example, if you enable client authentication in the server or listener configuration, then you must enable it in the client configuration.
Default
TRUE
Values
-
TRUE
|ON
|YES
|1
: To enable mTLS -
FALSE
|OFF
|NO
|0
: To enable one-way TLS -
OPTIONAL
: To enable both TLS and mTLS
Example
SSL_CLIENT_AUTHENTICATION=FALSE
Related Topics
Parent topic: Oracle Connection Manager Parameters
9.2.41 SSL_VERSION
Use the SSL_VERSION
parameter to define valid Transport Layer Security (TLS) versions to be used for connections.
Purpose
To define the version of TLS that must run on the systems with which the database server communicates. By default, the database server and client negotiate the strongest security protocol. Oracle does not recommend modifying this parameter, unless your security requirements mandate the usage of certain protocol versions.
Usage Notes
-
Clients, listeners, and database servers must use compatible versions. Modify this parameter only when necessary to enforce the use of the more secure TLS protocol and not allow clients that only work with the older TLS protocols. The current default uses TLS 1.3, which is the version required for multiple security compliance requirements. If you need to specify TLS 1.2, then also include TLS 1.3 to allow more secure connections.
-
In addition to
sqlnet.ora
,listener.ora
, andcman.ora
, you can specify this parameter under theSECURITY
section oftnsnames.ora
or directly as part of the connect string. The parameter value specified in the connect string takes precedence over the other specified values. -
Starting with Database 23ai, the use of Transport Layer Security protocol versions 1.0 and 1.1 are desupported.
In most cases, this change will not have any impact, because the database client and server will negotiate the use of the most secure protocol and cipher algorithm. However, if TLS 1.0 or 1.1 has been specified, then you must either remove it to allow the database server and client to pick the most secure protocol, or you must specify either TLS 1.2, or TLS 1.3, or both, for the protocol. Oracle recommends using the latest, most secure protocol. That protocol is TLS 1.3, which is introduced with Oracle Database 23ai.
-
Starting with Oracle Database 23ai, the Secure Socket Layer v3 protocol (SSLv3) is no longer supported for database server-client connections, and the
sqlnet.ora
parameterADD_SSLV3_TO_DEFAULT
has been removed.SSLv3 is a much less secure protocol to secure the database server-to-client connection. Instead of using SSLv3, allow the database server and client to negotiate the most secure protocol that is common between the server and the client. Oracle Database 23ai provides TLS 1.2 and TLS 1.3 protocols for certificate-based network encryption.
-
If you set
SSL_VERSION
toundetermined
, then the most secure TLS protocol version is used. You can also use theSSL_VERSION=undetermined
setting in the connect string for a specific connection to override theSSL_VERSION
value configured in thesqlnet.ora
,listener.ora
, orcman.ora
file. -
If you do not set
SSL_VERSION
to any value, then all the supported TLS protocol versions are tried starting with the most secure version. This is typically the most common configuration, ensuring that the strongest protocol is chosen during TLS negotiation.
Values
undetermined
| TLSv1.2
| TLSv1.3
Default
undetermined
Syntax and Examples
-
To specify a single protocol version:
SSL_VERSION=TLS_protocol_version
For example:SSL_VERSION=TLSv1.3
-
To specify multiple protocol versions, use a comma-separated string of values, enclosed in parenthesis:
SSL_VERSION=(TLS_protocol_version1,TLS_protocol_version2)
For example:SSL_VERSION=(TLSv1.2,TLSv1.3)
Note:
Do not enclose protocol versions in parenthesis while specifying this parameter in the
tnsnames.ora
file or as part of the connect string, otherwise the setting will not parse correctly. For example:net_service_name= (DESCRIPTION= (ADDRESS=(PROTOCOL=tcps)(HOST=salesserver)(PORT=1522)) (SECURITY=(SSL_VERSION=TLSv1.2,TLSv1.3)) )
Related Topics
Parent topic: Oracle Connection Manager Parameters
9.2.42 TRACE_FILE
The TRACE_FILE
parameter of the cman.ora
file specifies the directory for Oracle Connection Manager trace files.
Purpose
To specify the directory for Oracle Connection Manager trace files.
Parent topic: Oracle Connection Manager Parameters
9.2.43 USE_SERVICE_AS_TNSNAMES_ALIAS
Use this parameter for static routing of client connections from Oracle connection manager based on client’s service name.
Usage Notes
Oracle connection manager uses the service name specified by the client as an alias.
You must configure alias in tnsnames.ora
file of CMAN home. If an
alias is not configured for a service, then the NEXT_HOP
parameter
in cman.ora
acts as a default connect string.
Values
OFF
and ON
. The default is
OFF
.
Example
Configuration in CMAN home:
cman.ora
USE_SERVICE_AS_TNSNAMES_ALIAS=ON
tnsnames.ora
sales=
(DESCRIPTION=
(ADDRESS=(PROTOCOL=TCP)(HOST=sales-server)(port=1521))
(CONNECT_DATA=(SERVICE_NAMES=sales)))
Note:
DESCRIPTION_LIST
is not supported in the tnsnames.ora
file of CMAN
home.
Configuration in client home:
tnsnames.ora
sales_cman=
(DESCRIPTION=
(ADDRESS=(PROTOCOL=TCP)(HOST=cman-server)(port=1523))
(CONNECT_DATA=(SERVICE_NAMES=sales)))
In
this example, the client is connecting to service sales
. CMAN will
use the sales
alias in tnsnames.ora
of the CMAN
home for connecting to the next hop.
Parent topic: Oracle Connection Manager Parameters
9.2.44 USE_SID_AS_SERVICE
The USE_SID_AS_SERVICE
Oracle Connection Manager parameter enables the system identifier (SID) in the connect descriptor to be interpreted as a service name when a user attempts a database connection.
Purpose
To enable the system identifier (SID) in the connect descriptor to be interpreted as a service name when a user attempts a database connection.
Usage Notes
Database clients with earlier releases of Oracle Database that have hard-coded connect descriptors can use this parameter to connect to a container or pluggable database.
For an Oracle container database, the client must specify a service name in order to connect to it. Setting this parameter to on
instructs the Oracle Connection Manager listener to use the SID in the connect descriptor as a service name and connect the client to the specified database.
Values
-
off
(default value) -
on
Example 9-6 Example
USE_SID_AS_SERVICE=on
Parent topic: Oracle Connection Manager Parameters
9.2.45 VALID_NODE_CHECKING_REGISTRATION
The VALID_NODE_CHECKING_REGISTRATION
parameter of the cman.ora
file specifies whether valid node checking registration is performed.
Purpose
To determine whether valid node checking registration is performed, and if the subnet is allowed.
Usage Notes
When set to on
, valid node checking registration is performed at the listener for any incoming registration request, and only local IP addresses are allowed.
Default
on
Values
-
off | 0
to specify valid node checking registration is off, and no checking is performed. -
on | 1 | local
to specify valid node checking registration is on, and all local IP addresses can register. If a list of invited nodes is set, then all IP addresses, host names, or subnets in the list as well as local IP addresses are allowed. -
subnet | 2
to specify valid node checking registration is on, and all machines in the local subnets are allowed to register. If a list of invited nodes is set, then all nodes in the local subnets as well as all IP addresses, host names and subnets in the list are allowed.
Example
VALID_NODE_CHECKING_REGISTRATION=on
Parent topic: Oracle Connection Manager Parameters
9.2.46 WALLET_LOCATION
Use the WALLET_LOCATION
parameter to specify the location of Oracle wallets.
Purpose
To specify the directory path where you want to store an Oracle wallet. Wallets securely contain certificates, secrets, private keys, and trust points used by Oracle Database.
Usage Notes
-
Where to set this parameter:
You can set
WALLET_LOCATION
in thecman.ora
file to specify a common wallet location for all the Oracle Connection Manager (CMAN) aliases. You can also set it in the connect string to specify a different wallet location for a particular outgoing connection when using the parametersUSE_SERVICE_AS_TNSNAMES_ALIAS
orNEXT_HOP
.Note:
Only oneWALLET_LOCATION
configuration is allowed per cman.ora file. Setting this parameter more than once in the cman.ora is invalid. -
Setting to use the system default certificate store
If you set
WALLET_LOCATION=SYSTEM
in the outgoing connect string, then the CMAN gateway uses the default certificate store to validate the Oracle Database server certificate for outgoing connections instead of creating a local wallet with root certificate. The default certificate store is located in /etc/pki/tls/cert.pem on Linux and Microsoft Certificate Store (MCS) on Windows. In this case, the server certificate needs to be signed by a trusted root certificate that is already installed in the default certificate store. - Setting for walletless TLS connections:
The
WALLET_LOCATION
parameter is optional for TLS connections that do not use a client wallet. If you do not includeWALLET_LOCATION
in cman.ora, then the driver automatically picks up common root certificates from the system default certificate store (if the system is Windows or Linux). This is applicable only to the outbound connections from gateway. - Storage of wallet files:
The password-protected wallet is stored in an
ewallet.p12
file. The auto-login and local auto-login wallets are stored in acwallet.sso
file.For example, if an Oracle wallet is stored in the Microsoft Windows registry and the wallet's key
(KEY)
isSALESAPP
, then the storage location of the password-protected wallet isHKEY_CURRENT_USER\SOFTWARE\ORACLE\WALLETS\SALESAPP\EWALLET.P12
. The storage location of the auto-login and local auto-login wallets isHKEY_CURRENT_USER\SOFTWARE\ORACLE\WALLETS\SALESAPP\CWALLET.SSO
.
Additional Parameters
SOURCE
to specify the type of storage and storage location for wallets, as follows:
-
METHOD
: Type of storage -
METHOD_DATA
: Storage location:-
DIRECTORY
: Location of wallet on the file system -
KEY
: Wallet type and location in the Microsoft Windows registry
-
Syntax and Examples
The syntax depends on the wallet as follows:
-
Wallet on the file system:
WALLET_LOCATION= (SOURCE= (METHOD=file) (METHOD_DATA= (DIRECTORY=directory)))
For example:WALLET_LOCATION= (SOURCE= (METHOD=file) (METHOD_DATA= (DIRECTORY=/etc/oracle/wallets/databases)))
-
Microsoft certificate store:
WALLET_LOCATION= (SOURCE= (METHOD=mcs))
The key-value pair for MCS omits the
METHOD_DATA
parameter because MCS does not use wallets. Instead, Oracle PKI (public key infrastructure) applications obtain certificates, trust points and private keys directly from a user's profile. -
Wallet in the Microsoft Windows registry:
WALLET_LOCATION= (SOURCE= (METHOD=reg) (METHOD_DATA= (KEY=registry_key)))
For example:WALLET_LOCATION= (SOURCE= (METHOD=reg) (METHOD_DATA= (KEY=SALESAPP)))
Default
None
Parent topic: Oracle Connection Manager Parameters
9.3 Oracle Connection Manager in Traffic Director Mode Parameters
This section lists and describes the cman.ora
file parameters.
- SERVICE_AFFINITY
Use thecman.ora
parameterSERVICE_AFFINITY
to modify the default load distribution mechanism for Oracle Connection Manager in Traffic Director Mode. - TDM
- TDM_BIND_THREAD
- TDM_DATATYPE_CHECK
- TDM_PERPDB_PRCP_CONNFACTOR
Use thecman.ora
parameterTDM_PERPDB_PRCP_CONNFACTOR
to configure per-PDB Proxy Resident Connection Pooling (PRCP). - TDM_PRCP_MAX_CALL_WAIT_TIME
- TDM_PRCP_MAX_TXN_CALL_WAIT_TIME
- TDM_SHARED_THREADS_MAX
- TDM_SHARED_THREADS_MIN
- TDM_STATS_FREQUENCY
Use thecman.ora
parameterTDM_STATS_FREQUENCY
to configure the frequency at which usage statistics are uploaded to PDB for per-PDB Proxy Resident Connection Pooling (PRCP) connections. - TDM_THREADING_MODE
Parent topic: Oracle Connection Manager Parameters
9.3.1 SERVICE_AFFINITY
Use the cman.ora
parameter SERVICE_AFFINITY
to modify the default load distribution mechanism for Oracle Connection Manager in Traffic Director Mode.
Purpose
To configure load distribution mechanism for Oracle Connection Manager in Traffic Director Mode. By default, Oracle Connection Manager in Traffic Director Mode uses service affinity to select a gateway for routing incoming connection requests. All new connection requests are routed to the gateways associated with database services.
Usage Notes
If you set this parameter to ON
, then all new connection requests are routed to the gateways associated with database services.
If you set this parameter to OFF
, then all new connection requests are routed to the least-loaded gateways.
When using Proxy Resident Connection Pooling (PRCP), Oracle recommends that you set the SERVICE_AFFINITY
parameter to OFF
for better performance and resource utilization of gateway processes.
Values
ON
| OFF
Default
ON
Example
SERVICE_AFFINITY = {ON | OFF}
9.3.2 TDM
Purpose
To configure Oracle Connection Manager to act as Oracle Connection Manager in Traffic Director Mode.
Default
FALSE
Values
-
TRUE
-
FALSE
Example
tdm = TRUE
9.3.3 TDM_BIND_THREAD
Purpose
To make the application connection hold on to the TDM thread and has different implications with and without PRCP. This parameter only applies when TDM_THREADING_MODE
is set to SHARED
.
Usage Notes
Without PRCP, setting this parameter to yes
makes the application connection hold on the TDM worker thread as long as there is a transaction in progress.
With PRCP, setting this parameter to yes
makes the application connection hold on to the TDM thread from the time OCISessionGet
is done by the application till it does an OCISessionRelease
.
Default
no
Values
-
yes
-
no
Example
TDM_BIND_THREAD = yes
9.3.4 TDM_DATATYPE_CHECK
Purpose
To validate all the inbound data to the database, of the data type NUMBER, DATE, TIMESTAMP, TIMESTAMP WITH LOCAL TIMEZONE, TIMESTAMP WITH TIMEZONE, BLOB, CLOB, BFILE, UROWID
and REF
. The following error is received by the application if there is any problem with the data sent to the Oracle Connection Manager in Traffic Director Mode.
ORA-03137: malformed TTC packet from client rejected: [3101]
Usage Notes
Turning ON/OFF
this parameter enables or disables the data validation.
Default
OFF
Values
-
ON
-
OFF
Example
tdm_datatype_check={ON | OFF}
9.3.5 TDM_PERPDB_PRCP_CONNFACTOR
Use the cman.ora
parameter TDM_PERPDB_PRCP_CONNFACTOR
to configure per-PDB Proxy Resident Connection Pooling (PRCP).
Purpose
To configure per-PDB PRCP. This parameter value sets a connection factor, which helps in dynamically determining the maximum size of every per-PDB PRCP pool.
Usage Notes
-
The per-PDB PRCP setting determines the maximum size of a per-PDB PRCP pool based on the
TDM_PERPDB_PRCP_CONNFACTOR
parameter value and the Oracle Compute Unit (OCPU) count allocated to each PDB automatically.A background process automatically fetches these values and resizes the pool. This derived maximum size value overrides the
<session_pool> MAX_SIZE
parameter configured in theoraaccess.xml
file. -
PRCP dynamically rereads the
TDM_PERPDB_PRCP_CONNFACTOR
value and accordingly refreshes the maximum size of a per-PDB pool, if needed. You can change this parameter value using the Oracle Connection Manager Control utility (CMCTL)RELOAD
command. There is no need to restart Oracle Connection Manager in Traffic Director Mode for the changes to take effect. -
In addition to
TDM_PERPDB_PRCP_CONNFACTOR
, you must set thesqlnet.ora
parameterTCP.ALLOWED_PROXIES
on the database server. Otherwise, the connection request fails.TCP.ALLOWED_PROXIES
specifies the CMAN instance (IP address or host name) that can fetch the OCPU count from the database server.
Values
-
0
to disable per-PDB PRCP -
Any number equal to or greater than
1
to enable per-PDB PRCPNote:
Ensure that you specify a connection factor value within the maximum connections limit defined by thecman.ora
parameterMAX_CONNECTIONS
.
Default
0
Example
TDM_PERPDB_PRCP_CONNFACTOR=10
9.3.6 TDM_PRCP_MAX_CALL_WAIT_TIME
Purpose
To record the maximum time of inactivity, in seconds, for a client after obtaining a session from the PRCP pool. This parameter is applicable when the Oracle Connection Manager in Traffic Director Mode is configured to have Proxy Resident Connection Pool.
Usage Notes
After obtaining a session from the PRCP pool, if the client application does not issue a database call for the time specified by TDM_PRCP_MAX_CALL_WAIT_TIME
parameter, then the PRCP session is freed and the client connection is terminated. As a result, if the client application attempts a round trip call on such a connection, then it receives an ORA-3113
or ORA-3115
error.
Default
30 seconds
Values
Any non negative value. However, Oracle recommends not to use a value of 0
as that implies that a connection can acquire a PRCP session for an indefinite amount of time
9.3.7 TDM_PRCP_MAX_TXN_CALL_WAIT_TIME
Purpose
To record the maximum time of inactivity, in seconds, for a client after it obtains a session from the Proxy Resident Connection Pool and starts a transaction. This parameter is applicable when the Oracle Connection Manager in Traffic Director Mode is configured to have PRCP.
Usage Notes
If the client application does not issue a database call for the time specified by TDM_PRCP_MAX_TXN_CALL_WAIT_TIME
parameter while in a transaction, the PRCP session is freed, the transaction is rolled back, and the client connection is terminated. As a result, if the client application attempts a round trip call on such a connection, then it receives an ORA-3113
or ORA-3115
error.
Default
0
Values
Any nonnegative value. However, it is recommended not to use a value of0
as it implies that a connection can acquire a PRCP session for an indefinite amount of time.
9.3.8 TDM_SHARED_THREADS_MAX
Purpose
To configure the maximum number of threads that an Oracle Connection Manager process in Traffic Director Mode should have, when tdm_threading_mode
is set to SHARED
.
Values
Any number can be designated for the maximum number of threads. For DEDICATED
mode, the maximum number of threads is same as the maximum number of connections. In SHARED
mode, though there is no fixed upper bound, it should ideally be proportional to the load.
9.3.9 TDM_SHARED_THREADS_MIN
Purpose
To configure the minimum number of threads that an Oracle Connection Manager process in Traffic Director Mode should have, when tdm_threading_mode
is set to SHARED
.
Values
Any number can be designated for the minimum number of threads. For SHARED
mode, there is no limit enforced. However, the number of threads should be proportional to the load.
9.3.10 TDM_STATS_FREQUENCY
Use the cman.ora
parameter TDM_STATS_FREQUENCY
to configure the frequency at which usage statistics are uploaded to PDB for per-PDB Proxy Resident Connection Pooling (PRCP) connections.
Purpose
To specify the time interval, in minutes, at which usage statistics for Oracle Connection Manager in Traffic Director Mode should be uploaded to PDB if per-PDB PRCP is enabled.
These usage statistics help in monitoring the behavior of your connection pools. PDB administrators can query the dynamic database view V$TDM_STATS
to view this statistical data.
Values
-
0
to disable statistics upload. -
Any number equal to or greater than
1
(up to the maximum value) to enable statistics upload. This value depends on your runtime load and connection pool usage.
Default Value
0
Minimum Value
0
Maximum Value
2800
Example
TDM_STATS_FREQUENCY=300
Related Topics
9.3.11 TDM_THREADING_MODE
Purpose
To configure the usage of threads by the Oracle Connection Manager in Traffic Director Mode.
Usage Notes
If this parameter is set to DEDICATED
, then a worker thread is spawned for each inbound connection and the maximum number of threads is determined by the max_connections
parameter
If this parameter is set to SHARED
, then a shared pool of worker threads handle all inbound connections. The minimum number of worker threads is specified by the tdm_shared_threads_min
setting and the maximum number of worker threads is specified by the tdm_shared_threads_max
setting. The thread pool is internally managed within these bounds.
Default
DEDICATED
Values
-
DEDICATED
-
SHARED
Example
tdm_threading_mode={DEDICATED | SHARED}
tdm_shared_threads_min = 4
tdm_shared_threads_max = 5
9.4 ADR Diagnostic Parameters for Oracle Connection Manager
The diagnostic data for critical errors is quickly captured and stored in the ADR for Oracle Connection Manager.
Since Oracle Database 11g, Oracle Database includes an advanced fault diagnosability infrastructure for preventing, detecting, diagnosing, and resolving problems. The problems are critical errors such as those caused by database code bugs, metadata corruption, and customer data corruption.
When a critical error occurs, it is assigned an incident number, and diagnostic data for the error, such as traces and dumps, are immediately captured and tagged with the incident number. The data is then stored in the Automatic Diagnostic Repository (ADR), a file-based repository outside the database.
This section describes the parameters used when ADR is enabled. ADR is enabled by default. Non-ADR parameters listed in the cman.ora
file are ignored when ADR is enabled.
- ADR_BASE
It is a diagnostic parameter in thecman.ora
file and it specifies the base directory to store tracing and logging incidents when ADR is enabled. - DIAG_ADR_ENABLED
DIAG_ADR_ENABLED
diagnostic parameter of thecman.ora
file indicates whether ADR tracing is enabled. - LOG_LEVEL
- TRACE_LEVEL
- TRACE_TIMESTAMP
Parent topic: Oracle Connection Manager Parameters
9.4.1 ADR_BASE
It is a diagnostic parameter in the cman.ora
file and it specifies the base directory to store tracing and logging incidents when ADR is enabled.
Purpose
To specify the base directory to store tracing and logging incidents when ADR is enabled.
Default
The default is ORACLE_BASE
, or ORACLE_HOME/log
if ORACLE_BASE
is not defined.
Values
Any valid directory path to a directory with write permission.
Example 9-7 Example
ADR_BASE=/oracle/network/trace
Parent topic: ADR Diagnostic Parameters for Oracle Connection Manager
9.4.2 DIAG_ADR_ENABLED
DIAG_ADR_ENABLED
diagnostic parameter of the cman.ora
file indicates whether ADR tracing is enabled.
Purpose
To indicate whether ADR tracing is enabled.
Usage Notes
When the DIAG_ADR_ENABLED
parameter is set to OFF
, then non-ADR file tracing is used.
Values
on
| off
Example 9-8 Example
DIAG_ADR_ENABLED=on
Parent topic: ADR Diagnostic Parameters for Oracle Connection Manager
9.4.3 LOG_LEVEL
Purpose
To specify the level of logging performed by Oracle Connection Manager.
Usage Notes
This parameter is also applicable when non-ADR logging is used.
The following log files are used with Oracle Connection Manager:
-
instance-name_pid
.log
for the listener. -
instance-name_
cmadmin
_pid
.log
for CMADMIN. -
instance-name_
cmgw
_pid
.log
for the gateway processes.
The log files are located in the ORACLE_HOME/network/log
directory.
Default
off or 0
Values
-
off
or0
for no log output. -
user
or4
for user log information. -
admin
or10
for administration log information. -
support
or16
for Oracle Support Services log information.
Example
LOG_LEVEL=admin
Parent topic: ADR Diagnostic Parameters for Oracle Connection Manager
9.4.4 TRACE_LEVEL
Purpose
To specify the trace level for the Oracle Connection Manager instance.
Usage Notes
This parameter is also applicable when non-ADR tracing is used.
The following trace files are used with Oracle Connection Manager:
-
instance-name_pid
.trc
for the listener. -
instance-name_
cmadmin
_pid
.trc
for CMADMIN. -
instance-name_
cmgw
_pid
.trc
for the gateway processes.
The log files are located in the ORACLE_HOME/network/log
directory.
Default
off
Values
-
off
for no trace output. -
user
for user trace information. -
admin
for administration trace information. -
support
for Oracle Support Services trace information.
Example
TRACE_LEVEL=admin
Parent topic: ADR Diagnostic Parameters for Oracle Connection Manager
9.4.5 TRACE_TIMESTAMP
Purpose
To add a time stamp in the form of dd-mmm-yyyy hh:mi:ss:mil
to every trace event in the trace file for the listener.
Usage Notes
This parameter is used with the TRACE_LEVEL parameter. This parameter is also applicable when non-ADR tracing is used.
Default
on
Values
-
on
ortrue
-
off
orfalse
Example
TRACE_TIMESTAMP=true
Parent topic: ADR Diagnostic Parameters for Oracle Connection Manager
9.5 Non-ADR Diagnostic Parameters for Oracle Connection Manager
This section lists the parameters used when ADR is disabled:
Parent topic: Oracle Connection Manager Parameters
9.5.1 LOG_DIRECTORY
Purpose
To specify the location of Oracle Connection Manager log files.
Usage Notes
Use this parameter when ADR is not enabled.
Default
ORACLE_BASE_HOME/network/log
Values
Any valid directory path to a directory with write permission.
Example
LOG_DIRECTORY=/oracle/network/log
9.5.2 TRACE_DIRECTORY
Purpose
To specify the location of the Oracle Connection Manager trace files.
Usage Notes
Use this parameter when ADR is not enabled.
Default
ORACLE_BASE_HOME/network/trace
Values
Any valid directory path to a directory with write permission.
Example
TRACE_DIRECTORY=/oracle/network/admin/trace
9.5.3 TRACE_FILELEN
Purpose
To specify the size, in KB, of the trace file.
Usage Notes
When the size is met, the trace information is written to the next file. The number of files is specified with the TRACE_FILENO parameter. Any size can be designated. Use this parameter when ADR is not enabled.
Default
Unlimited
Example
TRACE_FILELEN=100
9.5.4 TRACE_FILENO
Purpose
To specify the number of trace files for Oracle Connection Manager tracing.
Usage Notes
When this parameter is set along with the TRACE_FILELEN parameter, trace files are used in a cyclical fashion. The first file is filled first, then the second file, and so on. When the last file has been filled, the first file is reused, and so on. Any number of files can be designated.
The trace file names are distinguished from one another by their sequence number. For example, if this parameter is set to 3
, then the gateway trace files would be named instance-name_
cmgw1
_pid
.trc
, instance_name_
cmgw2
_pid
.trc
and instance_name_
cmgw3
_pid
.trc
.
In addition, trace events in the trace files are preceded by the sequence number of the file. Use this parameter when ADR is not enabled.
Default
1
Example
TRACE_FILENO=3
9.6 Oracle Connection Manager Tunneling Parameters
This section lists the parameters that you must configure to enable tunneling.
- TUNNELING
Set this parameter to start Oracle Connection Manager as server in tunneling mode. - TUNNEL_CAPACITY
Use this parameter to specify the number of reverse connections that can be multiplexed over a tunnel. - MAX_TUNNELS
Use this parameter to specify the number of tunnels that a client connection manager in tunneling mode can create. - TUNNEL_PROBE_INTERVAL
Use this parameter in server connection manager to keep the tunnel connection open. - NON_TUNNEL_GATEWAYS
Use this parameter to specify the number of regular gateways that will not be used for tunneling. - TUNNEL_ADDRESS
Set this parameter on the client CMAN to point to the server CMAN that you want to connect to. - GATEWAY_PROCESSES
Use this parameter to specify the number of gateway processes.
Parent topic: Oracle Connection Manager Parameters
9.6.1 TUNNELING
Set this parameter to start Oracle Connection Manager as server in tunneling mode.
Purpose
Set this parameter to ON
to start Oracle Connection Manager in
tunneling mode. You must set this parameter on the server CMAN. When this parameter
is set, the CMAN starts processing and accepts tunnel requests.
Usage Notes
Use this parameter with PARAMETER_LIST
.
Default
OFF
Example
(PARAMETER_LIST=
(TUNNELING=ON))
Parent topic: Oracle Connection Manager Tunneling Parameters
9.6.2 TUNNEL_CAPACITY
Use this parameter to specify the number of reverse connections that can be multiplexed over a tunnel.
Purpose
You must set this parameter on the server CMAN. Only the number of connections that you specify for this parameter will be allowed per tunnel.
Usage Notes
Use this parameter with PARAMETER_LIST
.
Example
(PARAMETER_LIST=
(TUNNELING_CAPACITY=25))
Parent topic: Oracle Connection Manager Tunneling Parameters
9.6.3 MAX_TUNNELS
Use this parameter to specify the number of tunnels that a client connection manager in tunneling mode can create.
Purpose
This parameter creates the specified number of tunnels by each connection manager gateway. You must set this parameter on the client CMAN.
Usage Notes
Use this parameter with PARAMETER_LIST
.
Example
(PARAMETER_LIST=
(MAX_TUNNELS=4))
Parent topic: Oracle Connection Manager Tunneling Parameters
9.6.4 TUNNEL_PROBE_INTERVAL
Use this parameter in server connection manager to keep the tunnel connection open.
Purpose
Specify a time interval in minutes to send small probe packets to keep the tunnel connection open and avoid time out. You must set this parameter on the server CMAN.
Usage Notes
Use this parameter with PARAMETER_LIST
.
Example
(PARAMETER_LIST=
(TUNNEL_PROBE_INTERVAL=7))
Parent topic: Oracle Connection Manager Tunneling Parameters
9.6.5 NON_TUNNEL_GATEWAYS
Use this parameter to specify the number of regular gateways that will not be used for tunneling.
Purpose
Set this parameter at both the server CMAN and the client CMAN to specify the number of regular gateways. Regular gateways handle regular and forward connections. In tunneling mode, all gateways are tunnel gateways by default.
Usage Notes
Use this parameter with PARAMETER_LIST
.
Default
0
when tunneling is enabled.
Example
(PARAMETER_LIST=
(NON_TUNNEL_GATEWAYS=2))
Parent topic: Oracle Connection Manager Tunneling Parameters
9.6.6 TUNNEL_ADDRESS
Set this parameter on the client CMAN to point to the server CMAN that you want to connect to.
Purpose
The gateways connect to the specified server address to create tunnels. You can configure single or multiple addresses using address_list and description.
Usage Notes
Put this parameter under CONFIGURATION
.
Example
(CONFIGURATION=
(TUNNEL_ADDRESS=
(DESCRIPTION=(ADDRESS=(PROTOCOL=TCPS)(HOST=host_name)(PORT=port_number))
(CONNECT_DATA=(TUNNEL_ID=tunnel_id)))))
Parent topic: Oracle Connection Manager Tunneling Parameters
9.6.7 GATEWAY_PROCESSES
Use this parameter to specify the number of gateway processes.
Usage
Use this parameter with PARAMETER_LIST
.
gateway_processes=value
Example
(PARAMETER_LIST=
(gateway_processes=8))
Note:
MIN_GATEWAY_PROCESSES
parameter and
MAX_GATEWAY_PROCESSES
parameter are not supported with
tunneling option.
Parent topic: Oracle Connection Manager Tunneling Parameters