Just thought I’d do a quick post on this one; came out of a conversation about a month or two ago.
We had a single-instance database running on a failover cluster (RHCS). A database link existed for a related database and the connection had to pass through a firewall. The problem was the firewall: it had a rule which only allowed connections from the VIP.
The database server has two IP addresses – a system IP and a VIP. Is there any way to bind the dblink to one specific interface? (Note: we would still like the system IP to be used for other traffic.)
I couldn’t think of a way for Oracle to do that. But we did find a workaround, of sorts (though not perfect) – by using the operating system route command.
Sometimes there’s a misconception that the purpose of OS routing is just to set the default gateway. For example, in the windows networking GUI that function is visible and it’s rare to need much else. However the command-line OS route command is in fact much more powerful (on all platforms).
Here’s a detailed manual page for the linux version of route:
First, in addition to setting the default gateway, the route command can also determine which physical interface to use. Second, in addition to configuration for a subnet, the route command can also do configuration for only one specific host. So the syntax we’d want is something like this:
route add -host [targetIP] dev [interface/ethX]
Of course it’s important to check that there’s nothing else connecting from the database cluster to the target host IP. Also, you’d want to link this command with the cluster VIP resource so that it follows the VIP around the cluster.
But it does seem to be one possible solution to the dilemma.
Comments are closed.