If the user specifies a host name for the HOST parameter in the ADDRESS line of the listener.ora file, the listener listens on IN_ADDRANY in case the host name is default host name. If the user wants the listener to listen on the first IP to which the specified host name resolves, the address must further be
qualified with (IP=FIRST).
LISTENER_JOORDS = (DESCRIPTION_LIST = (DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST = racnode1-vip)(PORT = 1521)(IP = FIRST)) (ADDRESS = (PROTOCOL = TCP)(HOST = racnode1)(PORT = 1521)(IP = FIRST)) ) ) )
If RAC is setup without the (IP=FIRST) option everthing seems to work perfectly, but it will no
t work properly in all failure scenarios. If you don't use this parameter, users may be able to connect to the base IP address on the host when they should only be able to connect via the VIP. If they connect to the base IP address of the host, they may have to wait for several minutes if that host crashes while the TCP timeout ticks away. If they use the VIP to connect, when that node crashes, they will very quickly get a response from the VIP (which has been moved to a surviving node) and be able to get reconnected to a surviving instance quickly (like in a second or two).
Internet protocol network addresses may be classified into three functional categories:
- Boot IP addresses
- Common (non-boot) IP addresses
- Service IP addresses
Table 1 summarizes the TNS Listener’s IP address binding behavior .
Note that the TNS Listener’s behavior for boot IP address, non-boot IP address or host name, and service IP addresses or host name is identical, irrespective of the option IP=FIRST. In other words, IP=FIRST solely has an impact when the system’s host name is used in listener.ora. The first row of the table represents the TNS Listener’s behavior when a system’s host name is used in the configuration file listener.ora and IP=FIRST is set. Columns 3–5 indicate the IP address binding behavior under the settings in columns 1 and 2. The value “yes” means that the TNS Listener does bind to the type of IP address indicated in the table’s column heading. Thus, the TNS listener binds solely to the boot IP address under the settings depicted in the first row.
Lessons LearnedWhen assigned a system’s host name, the TNS Listener uses INADDR_ANY and thus can be reached from any network as well as via the loopback adapter, which always has the IP address 127.0.0.1.
- When assigned the boot IP address or a non-boot IP address or host name, the TNS Listener does not use INADDR_ANY, but instead binds specifically to the address assigned. It also refrains from using the loopback adapter.
- When the option IP=FIRST is enabled, the TNS Listener binds specifically to the IP address, which the configured host name resolves to and cannot be reached from any other IP address including the loopback address. This option is relevant only if the system’s host name is assigned to the parameter HOST in listener.ora
SummaryThree solutions for TNS Listeners, which shall not be reached from any network:
Use the boot IP address instead of the system’s host name (which maps to the boot IP address)
- Use a non-boot or service IP address or host name (neither the system’s host name nor a host name that resolves to the boot IP address)
- Configure the option IP=FIRST when referencing the system’s host name in listener.ora
(requires Oracle10g or later release).
For more information see:
- Oracle Documentation 11g
- Oracle Support id 300729.1 - What is IP=FIRST in the LISTENER.ORA file?
- Oracle Support id 421305.1 - How The Listener Binds On TCP Protocol Addresses