Objectives

After completing this lesson, you should be able to do the

following:
• CMAN Usage
• Understand setup and configuration of CMAN
 CMAN Usage
Oracle Connection Manager is a router through which a client
connection request is sent either to its next hop or directly to the
database server. Clients who route connection requests through
an Oracle Connection Manager can take advantage of the
session multiplexing and access control features configured on
that Oracle Connection Manager.

• Access control
• Session multiplexing
 CMAN Configuration

• CMAN.ORA is the admin file for Connection Manager.

• Oracle Net Manager does not support configuration of the
CMAN.ORA file.
• Only 1 CMAN.ORA per Oracle home but 10g onwards now
supports multiple CMAN’s.
• Must have a CMAN.ORA file to start Connection Manager
• Installs with Enterprise Edition only.
• No Support for TCPS .
 CMAN Architecture
Version 9i
CMCTL: The Connection Manager Control Utility
CMGW: A gateway process
CMADMIN: The Admin process for monitoring the health of all
things CMAN
Version 10g onwards
CMCTL: The Connection Manager Control Utility
CMADMIN: The Admin process for monitoring the health of all
things CMAN
TNS Listener: A normal listener used for accepting connections
via CMAN (invisible)
CMGW: A gateway process. Similar to a dispatcher.
Connections funnel through this process. Default 2 gateways
 CMAN Services
CMCTL:cman1> show services
Services Summary...
Proxy service "cmgw" has 1 instance(s).
Instance "cman", status READY, has 2 handler(s) for this service...
Handler(s):
"cmgw001" established:0 refused:0 current:0 max:256 state:ready
<machine: 127.0.0.1, pid: 5153>
(ADDRESS=(PROTOCOL=tcp)(HOST=127.0.0.1)(PORT=35912))
"cmgw000" established:0 refused:0 current:0 max:256 state:ready
<machine: 127.0.0.1, pid: 5151>
(ADDRESS=(PROTOCOL=tcp)(HOST=127.0.0.1)(PORT=35911))
Service "cmon" has 1 instance(s).
Instance "cman", status READY, has 1 handler(s) for this service...
Handler(s):
"cmon" established:1 refused:0 current:1 max:4 state:ready
<machine: 127.0.0.1, pid: 5147>
(ADDRESS=(PROTOCOL=tcp)(HOST=127.0.0.1)(PORT=35903))
The command completed successfully.
 CMAN Process

%ps -ef |grep cman1

oracle 5153 1 0 10:48:00 ? 0:00
/u01/Software/Oracle/64/10g/bin/cmgw cmgw1 1 16 cman1
SNLSM:39124000
oracle 5147 1 0 10:47:59 ? 0:00
/u01/Software/Oracle/64/10g/bin/cmadmin cman1 -inherit
oracle 5151 1 0 10:48:00 ? 0:00
/u01/Software/Oracle/64/10g/bin/cmgw cmgw0 0 16 cman1
SNLSM:39124000
 CMON

• From CMADMIN process

• CMON Monitors health of connection manager gateways
• CMON will restart Hung or crashed gateways process
• CMON will start /stop gateways as required for work load
 CMAN.ORA Listener

cman1 = #CMAN instance name

(Configuration =
(Address =
(Protocol = tcp ) #Protocol
(Host = sample.com ) #CMAN server hostname/ip address
( Port = 1999 )) #Port Number
 CMAN.ORA Parameter List

• The parameter list sets attributes for an Oracle Connection

Manager.
• Parameters take two forms: global level and rule level.
• A global parameter applies to all Oracle Connection
Manager connections, unless a rule-level parameter
overrides it
 CMAN Parameter List

(PARAMETER_LIST=
(ASO_AUTHENTICATION_FILTER=ON)
(CONNECTION_STATISTICS=NO)
(EVENT_GROUP=INIT_AND_TERM,MEMORY_OPS,PROCESS_MGMT)
(IDLE_TIMEOUT=30)
(INBOUND_CONNECT_TIMEOUT=30)
(MAX_CMCTL_SESSIONS=6)
(MAX_CONNECTIONS=512)
(MAX_GATEWAY_PROCESSES=10)
(MIN_GATEWAY_PROCESSES=4)
(OUTBOUND_CONNECT_TIMEOUT=30)
(REMOTE_ADMIN=YES)
(SESSION_TIMEOUT=60)
 CMAN Parameter List

(LOG_DIRECTORY=/tmp)
(LOG_LEVEL=SUPPORT)
(TRACE_DIRECTORY=/tmp)
(TRACE_FILELEN=1000)
(TRACE_FILENO=2)
(TRACE_LEVEL=SUPPORT)
(TRACE_TIMESTAMP=ON))
CMAN Access Control
 CMAN.ORA Access control
• The access control rule list specifies which connections are
accepted, rejected, or dropped

(RULE_LIST=
(RULE= (SRC=host)(DST=host)(SRV=service_name)
(ACT={accept|reject|drop})
(ACTION_LIST=AUT=on|off ((CONN_STATS=yes|no)
(MCT=time)(MIT=time)(MOCT=time)))

RULE_LIST
SRC = Source (client) DST = Destination
SRV = Service OR SID ACT = Action
(accept,reject,drop)
 CMAN.ORA Access control II
(RULE_LIST=
(RULE= (SRC=host)(DST=host)(SRV=service_name)
(ACT={accept|reject|drop})
(ACTION_LIST=AUT=on|off ((CONN_STATS=yes|no)
(MCT=time)(MIT=time)(MOCT=time)))

ACTION_LIST
AUT = Oracle Advanced Security authentication on client side
CONN_STATS = log input and output statistics
MCT = maximum connect time MIT = maximum idle timeout
MOCT = maximum outbound connect time
 CMON service
Access control must have a rule for CMON, otherwise cman will
not start

CMCTL:cman1> show rules

Number of filtering rules currently in effect: 2
(rule_list=
(rule=
(src=<cman server>)(dst=*)(srv=cmon)(act=accept))
(rule=
(src=*)(dst=*)(srv=orcl.sample.com)(act=drop)
(action_list=(aut=off)(moct=0)(mct=0)(mit=0)(conn_stats=on))
)
)
 Access Example

1. Change MCT value and Stop/start CMAN

2. Make a connection
3. Wait for MCT to kick in

SQL> set time on

12:11:34 SQL> select * from user_tables;
No rows selected
12:12:23 SQL> /
select * from user_tables
*
ERROR at line 1:
ORA-03113: end-of-file on communication channel
 Access Example II

(rule_list=
(rule=
(src=client1)(dst=*)(srv=ORCL)(act=drop)

• If the source is “client1” and service called ORCL, drop the

connection.
• Any other client would be okay.
• Any other service for client “client1” would be okay
CMAN Multiplexing
 CMAN Multiplexing Setup

Client address 10.167.248.185

Make 2 SQL*plus connections to RDBMS via CMAN from same client

Sqlplus scott/tiger@test
Sqlplus scott/tiger@test

% netstat -an |grep 10.167.248.185

10.167.240.186.23 10.167.248.185.2699 65446 1 24960 0
ESTABLISHED
10.167.240.186.1999 10.167.248.185.2856 64830 0 24960 0
ESTABLISHED
10.167.240.186.1999 10.167.248.185.2878 64860 0 24960 0
ESTABLISHED
 CMAN Multiplexing Setup
Change DISPATCHERS to MULTIPLEX

SQL > alter system set dispatchers

="(protocol=tcp)(multiplex=on)"

Make 2 SQL*plus connections to RDBMS vi CMAN >>

Sqlplus scott/tiger@test
Sqlplus scott/tiger@test

% netstat -an |grep 10.167.248.185

10.167.240.186.23 10.167.248.185.2699 65446 1 24960
0 ESTABLISHED
10.167.240.186.1999 10.167.248.185.2856 64830 0 24960
0 ESTABLISHED
 Database Registration

• Use REMOTE_LISTENER to register the database with

CMAN

REMOTE_LISTENER=cman_listener_alias

Or

REMOTE_LISTENER=(ADDRESS = (PROTOCOL =
TCP)(HOST = sample.com )(PORT = 1999))
 RDBMS Service
CMCTL:cman1> show services
Services Summary...
……
Service “orcl.sample.com" has 1 instance(s).
Instance “orcl", status READY, has 2 handler(s) for this service...
Handler(s):
"D000" established:0 refused:0 current:0 max:16383 state:ready
DISPATCHER <machine: sample, pid: 6906>

(ADDRESS=(PROTOCOL=tcp)(HOST=sample.com)(PORT=5028
3))
"DEDICATED" established:0 refused:0 state:ready
REMOTE SERVER
(address=(protocol=tcp)(host=sample)(port=1525))
The command completed successfully.
 Client Setup
No SOURCE_ROUTE as per versions < 9i

Test =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST =
sample.com)(PORT = 1999))
)
(CONNECT_DATA =
(SERVICE_NAME = ORCL)
)
)

SQLplus username/password@test
 Migration Tool

• If you want to migrate an Oracle9i cman.ora file to CMAN

10g or 11g, use the cmmigr tool.

cmmigr [cman.ora_location]
xxx_alert.log
xxx_cmadmin_pid.trc
xxx_pid.trc Tracing and Logging
xxx_cmgw_pid.trc
xxx_cmgw_pid.trc

xxx_cmadmin_pid.log
xxx_pid.log
xxx_cmgw_pid.log
xx_cmgw_pid.log

xxx being the cman instance name

PID = Process ID
There are three kinds of trace files:

Instance-name_pid.trc for the listener

Instance-name_cmadmin_pid.trc for CMADMIN
Instance-name_cmgw_pid.trc for the gateway processes
 Question 1
SQLNET.ORA
Trace_level_client =16
Sqlnet.authentication_services=(none)
TNSNAMES.ORA
Prod =(description=(address_list=(address=(protocol=tcp)(host=sample.com)(port=1999))
(connect_data=(service_name=orcl)))
CMAN.ORA
Cman1=
(configuration=
(address=(protocol=tcp)(host=sample.com)(port=1999))
(Rule=(src=*)(dst=*)(srv=*)
(action_list=(aut=on)(mct=30)(mit=60)(moct=45)))
(parameter_list=
(outbound_connect_timeout=15)))
Question : How long will this users session last, 30, 45, 60 seconds or ???
 Question 3
SQLNET.ORA
Trace_level_client=16
Sqlnet.authentication_services=(none)
TNSNAMES.ORA
Prod=(description=(address_list=(address=(protocol=tcp)(host=sample.com)(port=1999))
(connect_data=(service_name=orcl)))
CMAN.ORA
Cman=
(configuration=
(address=(protocol=tcp)(host=sample.com)(port=1999))
(Rule=(src=*)(dst=*)(srv=*)
(action_list=(aut=off)(mct=30)(mit=60)(moct=45)))
(parameter_list=
(outbound_connect_timeout=15)))
Question: How long will CMAN wait to connect to next destination 60, 45,30 or 15 seconds
?
 Practise
1. Before starting this practice, make sure that you do not have any connections to
your database instance.

Start a telnet session and connect to your database server. Log in and check the
usage of sockets/ports by issuing the following command:
netstat -na | grep your_client_ip_address | grep ESTABLISHED
where your_client_ip_address is the IP address of your PC.
You should see something similar to the following:

> netstat -na | grep 130.35.30.13 | grep ESTABLISHED

ed-ixsun1.telnet 130.35.30.13.1165 8538 1 24820 0 ESTABLISHED

The output line will show the established connections from your client using the
TCP protocol. This indicates the socket used by your telnet session. More than one
line of output indicates that you have more than one connection established to the
server.

2. On your PC, configure and start Oracle Connection Manager.

.
3.Use Oracle Net Manager to add a service name entry that will specify that
Oracle Connection Manager should be used to connect to the database on your
server.

4. Establish two connections to the server using SQL*Plus.

Specify the user name of system, password manager, and your new service name

5.From your telnet session, check how many sockets you are now using.
What is the explanation for the number of sockets used?

6.Exit your SQL*Plus sessions and verify that you just have one socket where a
connection is established.

7.Configure the initialization parameters for Shared Server and multiplexing.

DBCA will help you here

8.Start your instance and establish two SQL*Plus connections from your client.
9.Specify the user name of system, password manager, and your new service name.

10Check how many sockets are now in use.

What is the explanation for the number of sockets used?
 Notes and Known Problems

298916.1 A Guide to 10G CMAN configuration

579660.1 Troubleshooting Connection Manager
733421.1 Troubleshooting Guide: TNS-04012: Unable to Start Oracle Connection Manager
Instance
739792.1 ORA-12537: TNS:connection closed When SDU Set to Value Greater Than Default
558451.1 ORA-12637 when Connection to RAC via Connection Manager
373259.1 TNS-12537 or ORA-12518 Connecting Through 10g Connection Manager to a 9i
Database
406549.1 Client Connection via CMAN Fail with ORA-12537 TNS:Connection Closed
393941.1 ORA-12564 Reported When Using 10g Connection Manager