Argonne National Laboratory

Experimental Physics and
Industrial Control System

1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  <2017 Index 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  <2017
<== Date ==> <== Thread ==>

Subject: RE: Questions regarding CA protocol specification and phylosophy
From: Mark Rivers <rivers@cars.uchicago.edu>
To: Diego Sanz <dshernan80@gmail.com>, Ralph Lange <ralph.lange@gmx.de>
Cc: EPICS Tech Talk <tech-talk@aps.anl.gov>
Date: Fri, 15 Sep 2017 11:58:34 +0000
> Then I try with 127.255.255.255 and !IT WORKS!
> regarding EPICS_CA_AUTO_ADDR_LIST set to NO, I have try without configuring it, and it works, I put both YES or NO, and it works.

This is not the correct way to configure it. You should set

EPICS_CA_AUTO_ADDR_LIST=NO
EPICS_CA_ADDR_LIST=10.0.2.255

As others have said, I strongly suspect that the reason this is not working is that you have a firewall running.  The configuration I show is what most other sites are using with no problems.

The problem with using 127.255.255.255 is that will prevent you  from accessing PVs from other IOCs on your network (at least if EPICS_CA_AUTO_ADDR_LIST=NO), and that is not what you want.

Mark


________________________________
From: tech-talk-bounces@aps.anl.gov [tech-talk-bounces@aps.anl.gov] on behalf of Diego Sanz [dshernan80@gmail.com]
Sent: Friday, September 15, 2017 6:07 AM
To: Ralph Lange
Cc: EPICS Tech Talk
Subject: Re: Questions regarding CA protocol specification and phylosophy

Dear Ralph, Michael, Mark, Kay, Dirk, et al.

FIrst of all thank you again for all recommendations. I am going to try to explain which configuration does work and which doesn't.

I have check the following in two different virtual Machines, One Fedora 26, and the other one CentOS7. In both everything works exactly the same.

config 1. CentOS7 (both EPICS 3.14.12.6 and 3.15.5)
I run 2 IOCs without any specific epicsEnv configuration (as some of you recommended), and I open a new console and I run caget, for reach 2 different PVs from the different IOCs. caget does not find any PV. Then I configure the EPICS_CA_ADDRS_LIST=127.0.0.1  or 10.0.2.15, and it only works for  the last one executed. Right. Now I check with wirshark and netstat, and I can see that both IOCs are sending beacon messages from 10.0.2.15, so I suppose that if I configure EPICS_CA_ADDR_LIST=10.0.2.255 (this is the broadcast address of that private subnet of my computer) it should work, but it doesn't. the messages are:

[dsanz@localhost ~]$ export EPICS_CA_ADDR_LIST="10.0.2.255"
[dsanz@localhost ~]$ caget dsanzHost:ai1
Warning: Duplicate EPICS CA Address list entry "10.0.2.255:5064<http://10.0.2.255:5064>" discarded
Channel connect timed out: 'dsanzHost:ai1' not found.
[dsanz@localhost ~]$ caget pcounter
Warning: Duplicate EPICS CA Address list entry "10.0.2.255:5064<http://10.0.2.255:5064>" discarded
Channel connect timed out: 'pcounter' not found.

Then I try with 127.255.255.255 and !IT WORKS!

[dsanz@localhost ~]$ export EPICS_CA_ADDR_LIST="127.255.255.255"
[dsanz@localhost ~]$ caget pcounter
pcounter                       0
[dsanz@localhost ~]$ caget dsanzHost:ai1
dsanzHost:ai1                  6

Mark,

regarding EPICS_CA_AUTO_ADDR_LIST set to NO, I have try without configuring it, and it works, I put both YES or NO, and it works. I do  not know if this should be work in this way or not... but it is absolutely the same, even if you put EPICS_CA_AUTO_ADDR_LIST="come to ICALPECS2017" :)

Well, if 127.255.255.255 works, but 10.0.2.255 doesn't, I thought to configure the 2 IOCs with EPICS_CAS_INTF_ADDR=10.0.5.15... and then I configure the client with EPICS_CA_ADDR_LIST=10.0.2.255 (broadcast IP address) but in this way it neither works.

Then it looks, that is crucial the loopback interface for this configuration?

Thank you very much to everybody, I hope this questions help other people too.

Regards

Diego
















2017-09-14 21:00 GMT+02:00 Ralph Lange <ralph.lange@gmx.de<mailto:ralph.lange@gmx.de>>:
On Thu, Sep 14, 2017 at 8:55 PM, Ralph Lange <ralph.lange@gmx.de<mailto:ralph.lange@gmx.de>> wrote:
[...]
Outside of CA, there are a zillion different ways to use firewalls and packet filtering/rewriting software to make the client only see the PVs on one interface.
Key point: the name resolution request package (UDP from client to port 5065) must reach the IOC on only one interface. Everything else won't matter much.

UDP from client to port 5064, of course.
Sorry!!
~Ralph



Replies:
Re: Questions regarding CA protocol specification and phylosophy Diego Sanz
References:
Questions regarding CA protocol specification and phylosophy Diego Sanz
Re: Questions regarding CA protocol specification and phylosophy Kasemir, Kay
Re: Questions regarding CA protocol specification and phylosophy Dirk Zimoch
Re: Questions regarding CA protocol specification and phylosophy Diego Sanz
Re: Questions regarding CA protocol specification and phylosophy Michael Davidsaver
Re: Questions regarding CA protocol specification and phylosophy Diego Sanz
Re: Questions regarding CA protocol specification and phylosophy Ralph Lange
RE: Questions regarding CA protocol specification and phylosophy Mark Rivers
Re: Questions regarding CA protocol specification and phylosophy Ralph Lange
Re: Questions regarding CA protocol specification and phylosophy Ralph Lange
Re: Questions regarding CA protocol specification and phylosophy Diego Sanz

Navigate by Date:
Prev: Re: Questions regarding CA protocol specification and phylosophy Ralph Lange
Next: Re: triggerPV in DisplayBuilder Kasemir, Kay
Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  <2017
Navigate by Thread:
Prev: Re: Questions regarding CA protocol specification and phylosophy Ralph Lange
Next: Re: Questions regarding CA protocol specification and phylosophy Diego Sanz
Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  <2017
ANJ, 15 Sep 2017 Valid HTML 4.01! · Home · News · About · Base · Modules · Extensions · Distributions · Download ·
· EPICS V4 · IRMIS · Talk · Bugs · Documents · Links · Licensing ·