On 16.07.2018 19:07, Andrew Johnson wrote:
You managed to get Cisco to support the conversion of a UDP packet sent
to a subnet's broadcast address into a real broadcast packet on that
subnet? I'm impressed! Our older HP switches used to allow this but IT
replaced them several years ago (we weren't relying on this behaviour,
which does have some fairly obvious DoS attack possibilities).
The switches can do that, but it may be disable by default for obvious
reasons. I don't know what the factory defaults are for Cisco switches,
but here at PSI, we have to ask out IT department to allow this feature
for every target network where we need it. We allow this typically only
for the EPICS search broadcast port 5064 and the beacon port 5065.
For the record, can you find out if that Cisco solution is specific to a
particular model or family of switches, or if they made it generic?
I will try to find out.
On 16.07.2018 20:59, Andrew Johnson wrote:
Hi Mark,
On 07/16/2018 12:18 PM, Mark Rivers wrote:
I thought we were doing directed UDP broadcasts to Cisco switches at
the APS.
...
Isn't that doing a directed UDP broadcast to the switch for the
164.54.162.* subnet?
Yes, that is a directed broadcast and any switch should be able to do
this. It may have to be enabled though.
Our main problem was that the switches somehow felt that a peak in the
directed broadcast rate is a problem (an attack perhaps) and its
solution was to shutdown the port for a while. When we complained to
Cisco, their first reaction was: "Don't do that. Nobody uses broadcasts
nowadays, definitely not directed broadcasts. Use multicast if you
must." Oh, EPICS is so 90s :-) ... as our vxWorks 5 IOCs.
But I don't know all the details. This is what out IT department told us.
Dirk
If my internal investigations are correct you have an HP ProCurve switch
connecting your two subnets, which is why this still works for you.
Apparently it *is* possible to configure Cisco switches to allow this,
according to the last answer to this StackOverflow question:
https://stackoverflow.com/questions/379015/udp-broadcast-packets-across-subnets
This article from Cisco seems to explain how:
http://www.ciscopress.com/articles/article.asp?p=330807&seqNum=9
If you have a system available with a network interface on both subnets
you could also run a pair of UDP Broadcast Packet Relays to pass
broadcasts between them, on both ports 5064 and 5065. More information
on this is available at
https://wiki-ext.aps.anl.gov/epics/index.php/How_to_Configure_Channel_Access#UDP_Broadcast_Packet_Relay
- Andrew
- Replies:
- Re: caget randomly returns Channel connect timed out Dirk Zimoch
- References:
- caget randomly returns Channel connect timed out Matt Rippa
- Re: caget randomly returns Channel connect timed out Andrew Johnson
- Re: caget randomly returns Channel connect timed out Michael Davidsaver
- Re: caget randomly returns Channel connect timed out Matt Rippa
- Re: caget randomly returns Channel connect timed out Dirk Zimoch via Tech-talk
- Re: caget randomly returns Channel connect timed out Andrew Johnson
- RE: caget randomly returns Channel connect timed out Mark Rivers
- Re: caget randomly returns Channel connect timed out Andrew Johnson
- Navigate by Date:
- Prev:
Question about store array in MySQL by using RDB Channel Archive lzf neu
- Next:
Re: Question about store array in MySQL by using RDB Channel Archive Kasemir, Kay
- Index:
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
<2018>
2019
2020
2021
2022
2023
2024
- Navigate by Thread:
- Prev:
Re: caget randomly returns Channel connect timed out Matt Rippa via Tech-talk
- Next:
Re: caget randomly returns Channel connect timed out Dirk Zimoch
- Index:
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
<2018>
2019
2020
2021
2022
2023
2024
| 
·
Home
·
News
·
About
·
Base
·
Modules
·
Extensions
·
Distributions
·
Download
·