JDBC Connection Reset问题分析
Opened this issue · 3 comments
问题产生场景:
在Linux服务器上,应用启动连接Oracle很慢,启动日志有报异常:
java.sql.SQLRecoverableException: I/O Exception: Connection reset
应用使用的数据库是Oracle,版本为11g R1和R2,Oracle和应用都运行在Linux环境,JDBC驱动是从Oracle官网下载的ojdbc6.jar。
具体原因:
和Java的安全随机数生成器的实现原理
解决办法:
启动参数中增加: -Djava.security.egd=file:///dev/urandom
从Oracle官网论坛里找到一个帖子,讨论的问题和我遇到的问题类似,但提出的问题原因和解决方法比较有意思。按照帖子里的说法,问题的根因和Java的安全随机数生成器的实现原理相关。
java.security.SecureRandom is a standard API provided by sun. Among various methods offered by this class void nextBytes(byte[]) is one. This method is used for generating random bytes. Oracle 11g JDBC drivers use this API to generate random number during
login. Users using Linux have been encountering SQLException(“Io exception: Connection
reset”).
The problem is two fold
The JVM tries to list all the files in the /tmp (or alternate tmp directory set by -Djava.io.tmpdir) when SecureRandom.nextBytes(byte[]) is invoked. If the number of files is large the method takes a long time to respond and hence cause the server to timeout
The method void nextBytes(byte[]) uses /dev/random on Linux and on some machines which lack the random number generating hardware the operation slows down to the extent of bringing the whole login process to a halt. Ultimately the the user encounters SQLException(“Io exception:
Connection reset”)
Users upgrading to 11g can encounter this issue if the underlying OS is Linux which is running on a faulty hardware.
Cause
The cause of this has not yet been determined exactly. It could either be a problem in your hardware or the fact that for some reason the software cannot read from /dev/random
Solution
Change the setup for your application, so you add the next parameter to the java command:
-Djava.security.egd=file:///dev/urandom
随机数生成器
如果不是为了解决问题,平时也不会去刻意查阅底层实现相关的原理,这次是个好机会。网上关于/dev/random的介绍很多,只列出要点:
- /dev/random是Linux内核提供的安全随机数生成设备;
- /dev/random依赖系统中断信息来生成随机数,因而设备数目比较少时,产生随机数的速度比较慢,当应用对随机数的需求比较大时会供不应求;
- /dev/random在读取时会阻塞调用线程;
- /dev/urandom是/dev/random的改良版本,解决了随机数生成慢、阻塞调用的问题,但同时稍微降低了安全性;
- Linux环境下man random命令可以查阅到/dev/random和/dev/urandom的介绍,比较详尽;
参考资料