Oracle Networking Concepts — From Oracle 11g R2 to Oracle 23ai and OCI

Oracle has led the way in implementing distributed database connectivity since the early days of client/server computing. The networking layer that connects applications to Oracle databases has evolved continuously — from SQL*Net in Oracle7, through Net8 in Oracle8, through Oracle Net Services in Oracle9i and beyond, to the cloud-native networking model used in Oracle Database 23ai and Oracle Cloud Infrastructure today. This module examines that evolution and builds the foundation for understanding Oracle's current networking architecture.

Oracle 11g R2 still accounts for an estimated 10–15% of on-premises Oracle database installations worldwide. For organizations running 11g R2, the networking model is familiar — TCP/IP on port 1521, tnsnames.ora on every client machine, and listener.ora on every server. For organizations moving to Oracle 23ai — whether on-premises or in OCI — the underlying Oracle Net protocol has not changed, but the infrastructure, security model, and operational approach are dramatically more modern. This lesson explains both worlds and the demarcation between them.

Oracle Networking History — SQL*Net to Oracle Net Services

Oracle's network interface layer has carried several names across releases, each reflecting the Oracle version it shipped with:

• SQL*Net — the original networking protocol used in Oracle7 and earlier. SQL*Net version 1 required clients to supply the full connection string including protocol, hostname, and database name. SQL*Net version 2 introduced the tnsnames.ora lookup file, eliminating the need to embed connection details in every application.
• Net8 — the networking layer shipped with Oracle8 and Oracle8i. Net8 introduced the Oracle Net Listener as a standalone process and added the connection manager (CMAN) for connection concentration and protocol conversion.
• Oracle Net / Oracle Net Services — the current name, introduced in Oracle9i and carried through Oracle 10g, 11g R2, 12c, 19c, 21c, and 23ai without a name change. Oracle Net Services is the umbrella term covering Oracle Net, the listener, Oracle Connection Manager, and the configuration files that govern them.

The SQL*Net → Net8 → Oracle Net Services upgrade path was relevant for organizations moving from Oracle7 or Oracle8 to Oracle9i. Those upgrade procedures — involving the Oracle Universal Installer, the Database Upgrade Assistant, and configuration file parameter replacements — are now historical context. No supported Oracle release requires migration from SQL*Net 2.x or Net8 8.0. The current focus is the transition from Oracle 11g R2 on-premises networking to Oracle 23ai and OCI.

Oracle Networking Concepts in Oracle 23ai

Oracle Database 23ai uses the same foundational Oracle Net Services layer that has powered Oracle connectivity for decades. Oracle Net Services is a software layer residing on both the client and the database server that establishes and maintains connections between applications and Oracle Database in distributed, heterogeneous environments. The core components are unchanged from prior releases, with specific 23ai enhancements:

• Oracle Net: The protocol stack that handles session establishment, data transfer, and error handling. It sits on top of standard network protocols — primarily TCP/IP and TCPS (TCP with TLS encryption). Oracle Net is transport-agnostic by design; the application sees a consistent interface regardless of whether the connection uses plain TCP, TLS, or an OCI private endpoint.
• Oracle Net Listener: A server-side process that listens for incoming client connection requests on port 1521 (TCP) or 2484 (TCPS) by default and hands them off to dedicated or shared server processes. The listener is configured through listener.ora and managed through the lsnrctl utility. In Oracle 23ai, listener error messages have been improved — ORA-12514 now includes a CONNECTION_ID to aid diagnostics.
• Session Data Unit (SDU): Controls the packet size for data transfer between client and server. In Oracle 23ai, the default SDU on the database server side is increased to 64 KB, improving throughput for large data transfers without requiring manual reconfiguration in the connection descriptor.
• Naming methods: Oracle 23ai supports four methods for resolving service names to connection descriptors:
  1. Easy Connect Plus — the simplest and recommended method for most connections: //hostname:port/service_name. Oracle 23ai extends Easy Connect Plus to support LDAP/LDAPS parameters, ADDRESS_LIST grouping, and additional connection properties directly in the connection string without a tnsnames.ora entry.
  2. Local naming — the traditional tnsnames.ora file containing full connection descriptors. Still widely used for complex configurations, RAC load balancing, and environments where Easy Connect is not sufficient.
  3. Directory naming — LDAP or LDAPS-based resolution through Oracle Internet Directory or third-party LDAP servers.
  4. Centralized Configuration Providers (new in Oracle 23ai) — connect descriptors, credentials, and parameters stored centrally in OCI Object Storage as JSON or Azure App Configuration. This eliminates scattered tnsnames.ora files across client machines in cloud and hybrid environments — a significant operational improvement for large deployments.
• Security and authentication in Oracle 23ai: TLS 1.3 is now supported, providing a more efficient handshake and stronger cipher suites than TLS 1.2. System wallets enable one-way TLS without requiring a client wallet when the server certificate is signed by a common root CA. Token-based authentication using OAuth 2.0 and OCI IAM tokens eliminates passwords from connection strings entirely — a major security improvement for cloud and hybrid deployments.
• TCP Fast Open: A networking optimization that reduces connection establishment latency, particularly beneficial in OCI and Autonomous Database environments where connection frequency is high.

Connection Naming — tnsnames.ora in Oracle 11g R2 vs Oracle 23ai

The tnsnames.ora file remains supported in Oracle 23ai for backward compatibility and for configurations that require full connection descriptor control. The SERVICE_NAME parameter — introduced to replace the legacy SID parameter in Oracle 8.1 — is the correct identifier in all modern tnsnames.ora entries. The following example shows the Oracle 23ai tnsnames.ora syntax for a single-address connection:

sales =
  (DESCRIPTION =
    (ADDRESS = (PROTOCOL = TCPS)(HOST = sales-server)(PORT = 2484))
    (CONNECT_DATA =
      (SERVICE_NAME = sales.us.example.com))
    (SECURITY =
      (SSL_SERVER_DN_MATCH = YES)))

Note that the protocol is now TCPS rather than tcp — reflecting the Oracle 23ai recommendation to use TLS encryption for all connections. The port has moved from 1521 to 2484, the standard TCPS listener port. For environments requiring load balancing and connect-time failover across multiple addresses:

sales =
  (DESCRIPTION =
    (ADDRESS_LIST =
      (FAILOVER = ON)
      (LOAD_BALANCE = ON)
      (ADDRESS = (PROTOCOL = TCPS)(HOST = sales1-server)(PORT = 2484))
      (ADDRESS = (PROTOCOL = TCPS)(HOST = sales2-server)(PORT = 2484)))
    (CONNECT_DATA =
      (SERVICE_NAME = sales.us.example.com))
    (SECURITY =
      (SSL_SERVER_DN_MATCH = YES)))

The Easy Connect Plus equivalent for the single-address connection above eliminates the tnsnames.ora entry entirely:

tcps://sales-server:2484/sales.us.example.com?ssl_server_dn_match=yes

How OCI Networking Differs from Oracle 11g R2 On-Premises

The core database protocol — Oracle Net over TCP/TCPS — has not changed between Oracle 11g R2 and Oracle 23ai in OCI. A client using a 11g R2 tnsnames.ora entry can still connect to a 23ai database using the same TNS syntax. What has changed fundamentally is the network infrastructure, security model, and operational management layer beneath Oracle Net.

For organizations still running Oracle 11g R2 on-premises, the transition to Oracle 23ai in OCI does not require learning a new database protocol. Oracle Net still runs over TCP/TCPS and the tnsnames.ora syntax is backward compatible. What does change is the operational model: manual TCP and firewall management is replaced by OCI's software-defined VCN with private-by-default connectivity, TLS 1.3 as the standard rather than the exception, and centralized configuration that eliminates the distributed tnsnames.ora maintenance problem that has challenged Oracle DBAs since SQL*Net version 2.

Module Overview — What This Module Covers

The lessons in this module build the conceptual and technical foundation for Oracle distributed networking, covering three core areas:

1. Network protocols: TCP/IP as the dominant protocol for Oracle Net, the role of TCPS and TLS in securing connections, and how Oracle Net abstracts the underlying protocol from the application layer.
2. Oracle topology solution: Service names, TNS descriptors, tnsnames.ora, database links, and the role of the Oracle listener in establishing distributed database connectivity — covering both the 11g R2 on-premises model and the OCI equivalent.
3. Transparent Network Substrate (TNS): The communication layer model that Oracle Net uses to establish connections — the seven-step connection sequence from SQL database link through tnsnames.ora resolution, IP address lookup, listener interception, and remote database authentication.

Later lessons in this module examine each component in detail: the evolution from centralized to distributed database architectures, Oracle distributed database features, replication and distribution strategies, service naming, database links, TNS architecture, Oracle Net Services connection management, and the SQL*Net version history that led to the modern Oracle Net Services stack. The next lesson covers the history of networking and the evolution from centralized to decentralized computing.