Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: 9i Replication & Firewall Policy
Michael VanDercreek wrote:
> Hello All,
>
> I am trying to create a Oracle 9i Advanced Replication environment that
> spans multiple firewalled networks. The goal is to have a Single Master
> that can push to and pull from multiple Targets (via Materialized Views).
> The firewall policies will allow TCP port 1521 from the Master to the
> Targets but not vice versa. Therefore all sessions will need to be
> initiated from the Master Site.
>
> ==> target_site_1.lookup_table (read only)
> //
> master_site.lookup_table >== (push)
> \\
> ==> target_site_2.lookup_table (read only)
>
> target_site_1.results_table_1 >==
> \\
> (pull) ==> master_site.results_table_all
> //
> target_site_2.results_table_2 >==
>
> My team and I have created a test lab that simulates the production network
> architecture. From our initial tests it appears the Master is sending
> update advertisements to the Targets and in turn they are attempting to pull
> the updates. Of course this fails due to the firewall policy.
>
> Is it possible to force all replication to take place through Master site
> initiated traffic?
>
> Thanks in advance!
>
> Namaste,
> Michael
>
>
Methinks you are over the top with your firewall. Nothing against opening 1521 (or a completely different port) both ways - there's no service at the other side...
You have a couple of options:
- use shared_socket=true (if that was fixed in 9i... worked in 816,
broke in 817...)
- use MTS on 1521
- use connection manager.
Either of the above would/could force Oracle network traffic on a single port.
Frank Received on Tue Feb 11 2003 - 13:43:04 CST