熱點推薦:
您现在的位置: 電腦知識網 >> 編程 >> Oracle >> 正文

ORACLE在HP-UX下的系列問題處理(38)

2013-11-13 15:39:12  來源: Oracle 

  OV IT/O: 無法在SG環境中通過防火牆分配模板問題描述
  
  我無法在Service Guard環境中通過防火牆分配模板同時安裝代理軟件時沒有任何問題
  
  為什麼會出現這個問題如何解決?
  
  配置信息
  
  操作系統 HPUX
  版本
  硬件系統 HP
  應用程序 Oracle
  
  解決方法
  
  你最初的問題是由於rpcd向代理程序報告物理結點的源地址
  
  根據你的防火牆配置的方式在通過防火牆時你不能用MC Service Guard配置IT/O
  
  這個問題可以追溯到這樣的事實即UDP是傳輸協議沒有辦法鎖定無連接協議的源地址
  
  當數據包發送給管理結點時選擇目標地址操作系統根據管理服務器中的網絡路由表分配源地址由於同一個網絡號使用相同的主機號因此使用給定網卡(MC Service Guard)上的第一個地址我們不能改變這個行為
  
  這個問題的解決方法是使用傳輸控制協議(TCP)進行傳輸由於TCP是一個基於連接的協議因此會話過程中源地址是統一的如果管理結點在可再定位的地址打開一個會話那麼從管理服務器到管理結點的所有流量(在該會話中)將都以這個可再定位的地址作為源地址
  
  你也可以考慮重新配置防火牆接受來自可再定位地址和固定地址的數據包
  
  當前的技術還無法為你馬上提供一個解決方法
  following with all English text
  Problem Description
  
  I cannot distribute templates in a Service Guard environment over the
  firewall At the same time I dont have any problems installing the agent software
  
  Why am I having this problem and do you have a solution?
  
  Configuration Info
  
  Operating System HPUX
  Version
  Hardware System HP
  Application Oracle
  
  Solution
  
  Your initial problem is due to rpcd reporting back to the agent with the source address of the physical node
  
  Based upon the way your firewall is configured you cannot configure IT/O with MC Service Guard while passing through a firewall
  
  The problem can be traced to the fact that UDP is the transport protocoland there is no way to lock down the origination address for a connectionless protocol
  
  When a packet is sent to a managed node the destination address is selected and the operating system assigns the source address according to network routing tables in the management server Since two host numbers exist for the same network number the first address on a given
  Network Interface Card (MC Service Guard) is used We cant change this behavior
  
  The solution to this problem is to use Tranmission Control Protocol (TCP) as the transport Because TCP is a connectionbased protocol the origination address is consistent for the session If the managed node opens a session to the relocatable address all traffic from the
  management server to the managed node (in that session) will have the
  relocatable address as the source address
  
  You could also consider reconfiguring the firewalls to allow packets from the relocatable address and the stationary address
  
  With the current technology it is not possible to give you an immediate solution
  

From:http://tw.wingwit.com/Article/program/Oracle/201311/17081.html
    推薦文章
    Copyright © 2005-2013 電腦知識網 Computer Knowledge   All rights reserved.