EPICS Controls Argonne National Laboratory

Experimental Physics and
Industrial Control System

1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  <20122013  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024  Index 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  <20122013  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024 
<== Date ==> <== Thread ==>

Subject: Re: Question on configuring soft IOC server ports
From: Ralph Lange <[email protected]>
To: Mark Rivers <[email protected]>
Cc: "[email protected]" <[email protected]>
Date: Sat, 15 Sep 2012 00:05:15 +0200
On 14.09.2012 23:41, Mark Rivers wrote:
> Hi Ralph,
>
> Thanks for the reply.
>
>> That way you do not need to set
>> EPICS_CA_ADDR_LIST for all your other IOCs inside the beamline network
>> (to have them see all the non-standard soft IOCs).
> I'm not sure I understand that comment.  Why would my IOCs on the beamline network have a problem seeing the non-standard soft IOCs?  The other IOCs are just channel access clients with respect to the soft IOCs, and channel access clients on the beamline network have no problem connecting to the soft IOCs.  They just do a broadcast on the network and they find all IOCs, including soft IOCs with non-standard ports.

If you do not configure your soft IOCs, they all bind to 5064/UDP (name
resolution), but use dynamically assigned xxx/TCP ports.
When you set EPICS_CA_SERVER_PORT=nnn, they bind to nnn/UDP and nnn/TCP
- so your clients' broadcasts to 5064/UDP will not reach them.

To make things work, all your other IOCs and clients on the local net as
well as the outside clients will have to have EPICS_CA_ADDR_LIST set to
the ip/port combinations (or broadcast_address/port) of all your
non-standard soft IOCs. Whenever you add a new non-standard IOC, you
have to change all these configurations and restart everything. Not
really nice, at all.

EPICS_CA_SERVER_PORT was designed to allow separation of CA name spaces
on the same network, so shifting ports of both name res and data
connection is intentional and makes perfect sense. For that use.

In many cases, a CA Gateway serving the outside needs very little
configuration, and is by far easier to set up and maintain. Though in
some cases (e.g. when transferring large images), the Gateway adds
unacceptable limitations.

>> - Run a CA Nameserver for all soft IOCs, and point your outside clients
>> to the Nameserver. Answers to name resolution requests contain IP number
>> and port, making all soft IOCs visible.
> In that case the ports would still all need holes in the firewall, right?

Worse: the TCP ports are dynamically assigned, so you don't know them
beforehand. You would actually have to find out how to make your soft
IOC host system use a certain range for the assigned TCP ports. Or open
up everything in the firewall. Yuck.

Which leaves the Gateway being the only reasonable option, doesn't it?

Well...
~Ralph


> -----Original Message-----
> From: Ralph Lange [mailto:[email protected]] 
> Sent: Friday, September 14, 2012 4:26 PM
> To: Mark Rivers
> Cc: [email protected]
> Subject: Re: Question on configuring soft IOC server ports
>
> On 14.09.2012 22:38, Mark Rivers wrote:
>> I have a naïve question about configuring soft IOCs, of which we now have quite a number.  We have not been setting EPICS_CA_SERVER_PORT when running the soft IOCs, so we get the warning:
>>
>> cas warning: Configured TCP port was unavailable.
>> cas warning: Using dynamically assigned TCP port 44160,
>> cas warning: but now two or more servers share the same UDP port.
>> cas warning: Depending on your IP kernel this server may not be
>> cas warning: reachable with UDP unicast (a host's IP in EPICS_CA_ADDR_LIST)
>>
>> We have also realized that our soft IOCs are not visible from outside our beamline firewall.  We have opened up ports 5064 and 5065 in the beamline firewall, so we can access PVs from the wireless network, and that works for VME crates (and the first soft IOC on a given computer).
>>
>> If we want to be able to access the soft IOCs from the wireless as well, is the following sufficient:
>>
>> - Set each soft IOC to use a specific EPICS_CA_SERVER_PORT
>> - Open those ports in the firewall
> That should work.
>
> Two other options that might be preferable:
> - Run a CA Gateway on a (dedicated, maybe virtual) machine inside your
> beamline net, set it to a non-standard port, and open the firewall just
> for access to that machine/port. That way you do not need to set
> EPICS_CA_ADDR_LIST for all your other IOCs inside the beamline network
> (to have them see all the non-standard soft IOCs).
> - Run a CA Nameserver for all soft IOCs, and point your outside clients
> to the Nameserver. Answers to name resolution requests contain IP number
> and port, making all soft IOCs visible.
>
> ~Ralph


Replies:
Re: Question on configuring soft IOC server ports Kasemir, Kay
References:
Question on configuring soft IOC server ports Mark Rivers
Re: Question on configuring soft IOC server ports Ralph Lange
RE: Question on configuring soft IOC server ports Mark Rivers

Navigate by Date:
Prev: Re: Question on configuring soft IOC server ports Andrew Johnson
Next: Re: How to profile an EPICS application on Linux John A. Priller
Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  <20122013  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024 
Navigate by Thread:
Prev: RE: Question on configuring soft IOC server ports Mark Rivers
Next: Re: Question on configuring soft IOC server ports Kasemir, Kay
Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  <20122013  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024 
ANJ, 18 Nov 2013 Valid HTML 4.01! · Home · News · About · Base · Modules · Extensions · Distributions · Download ·
· Search · EPICS V4 · IRMIS · Talk · Bugs · Documents · Links · Licensing ·