Don't let firewalls block database connections

  From: http://www.360doc.com/content/08/0524/18/49194_1281450.shtml

In my technical support projects, in many cases, the firewall settings will bring some trouble to J2EE applications . Have you ever met?  

  Usually Web applications are stateless connections, which are generally very friendly to firewalls. However, most JavaEE application servers have the concept of connection pooling. To improve performance, the application server will pre-open and maintain some connections to the backend database server, LDAP server, or other servers. These connections usually hold the TCP connection forever unless something unexpected happens. 

   I have several projects where the problem is that there are different firewalls between the application server and the database due to security level issues. While the system is running, there are occasional errors that the database connection cannot be obtained (when the system is idle). The client suspects the instability of the application server.

   Through the analysis of various tools (snoop), it is found that when there is a problem with the database connection of the application server, there is no problem on the database side, all session connections are there, but the TCP request sent from the application server does not reach the database server. It is the firewall in the middle that blocks the connection to the database. Many TCP/IP beginners are surprised by the fact that an idle TCP connection can go without any data flow for a long time. Therefore, when the database connection is not used for a long time (this situation is very common, for example, there are 10 connections in the connection pool, due to the small load, only the first few are used all the time). Generally speaking, firewall software will regularly check idle connections and block them to ensure that some abnormally interrupted connections are cleared. 

    In this way, we have found the cause of the database connection problem. The main reason is that the idle database connection is not blocked by the firewall for a long time. Aren't blocked database connections automatically reconnected when in use? Professional database connection pools used by most application servers will have automatic reconnection to solve this problem. There are also some customers who use their own connection pools, or some simple open source solutions, which do not have the function of automatic reconnection, which makes the application unavailable. 

     Even if some connection pools can automatically reconnect interrupted connections, they will not check whether these connections in the connection pool are available all the time. Because this check is time-consuming and affects the application, it is checked every few minutes. Connection interruptions that occur during the interval can still cause system errors.
     Another solution is to configure from the database server side to ensure smooth connections. For example, in Oracle, you can set SQLNET.EXPIRE_TIME to be less than the interruption time of the firewall, which means that the database connection of Oracle will automatically send out detection datagrams without data exchange, so that the firewall no longer thinks that the database connection is idle. connect.