Giuseppe Larosa Sat, 06/13/2009 - 04:18
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Recef,

you may want to use an extended ACL matching the well known TCP ports used by oracle applications.


something like


access-list 121 permit tcp any any eq 1521


if 1521 is one port used.


Notice that the well known port follows the server: if you are applying qos for flows coming from the oracle servers you need to use something like:


access-list 122 permit tcp any eq 1521 any


then you create a class map


class-map oracle_traffic

match ip address 121


(or match ip address 122 as noted above)


then in the policy-map you can apply whatever action you want


service-policy cbwfq

class oracle_traffic

bandwidth 500


this provides a queue with 500 kbps guarenteed when the link is full (you can apply this only outbound)


see here table 4-2 the usual TCP ports used


http://download.oracle.com/docs/cd/B28359_01/network.111/b28317/protocoladd.htm#NETRF004


Hope to help

Giuseppe


recep.sefer Sat, 06/13/2009 - 20:36
User Badges:

Thanks,


1521 is the Oracle server listener port,

After client starts with 1521

They will continue with other port such 10000

I see them from packet sniffer

I want to learn what are theese numbers?


Giuseppe Larosa Sat, 06/13/2009 - 23:05
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Recep,

in general a TCP socket involves an ip address and a TCP port for each endpoint:


oracle server ip addr tcp 1521 --- client ip address tcp xx


where xx is a dynamic port with no special meaning that is chosen by the client operating system because it is free.


Some communications are more complex and use multiple sockets with one used as out-of-band control channel and one or mode data channel sockets.

This can be the case also with Oracle.


If you see two sockets between oracle server and client you are in this second more complex scenario.


if so you would need to use a more advanced feature like NBAR that can inspect the control channel socket to understand what are the ports of the second socket.

ACLs can be used if at least one port of the second port is a well-known port.


Hope to help

Giuseppe


Actions

This Discussion