Re: ca gateway configuration for subnets

[Chris Timossi <catimossi@lbl.gov>]

Thanks everyone. It sounds like the ca gateway will almost work my 
purpose (1 NIC, dedicated subnet). The only wrinkle is that we'd like 
the gateway to receive beacons so we need to add the gateway's broadcast 
or ip address to the IOC's EPICS_CAS_BEACON_ADDR_LIST; unfortunately 
this option is only available in R3.14.

Chris

Ralph Lange wrote:

> Hmmm....
>
> There is an environment variable (affecting the server side of the 
> Gateway) to mask out single IP addresses so that the Gateway will just 
> ignore name resolution requests from those addresses. That is normally 
> used to prevent loops in a multi-Gateway environment by making 
> Gateways ignore requests from other Gateways.
>
> For the client-side configuration it's either complete subnets or 
> single IP numbers, correct.
>
> I'm not sure if this will work on a single NIC machine, though. You 
> might be running into a situation, where the Gateway (on its server 
> side) while being perfectly configured for a -sip in network A still 
> sees name resolution requests coming form network B since it uses the 
> same NIC. For that case I'm not sure what has to be configured in 
> which way.
>
> For Chris' original description - wasn't the Gateway sitting on a 
> third, separate network anyway? So that clients that want to see the 
> Gateway have to add its IP explicitly to their EPICS_CA_ADDR_LIST 
> anyway? In that case I don't see that there should be a problem for 
> clients on the IOC side network (e.g. the IOCs themselves), as they 
> also would have to explicitly add the Gateway IP to EPICS_CA_ADDR_LIST 
> to have their name resolution requests directed to it. Broadcast 
> requests from clients (empty EPICS_CA_ADDR_LIST) will usually stay 
> within the network. (Only advanced switch/router configuration can 
> change this.)
>
> Cheers,
> Ralph
>
>
> Dayle Kotturi wrote:
>
> > Hi Chris,
> >
> > I have some experience with this. A single host with dual-NICs needed to
> > act as a CA gateway server in two directions. In order to prevent the
> > ambiguity you suggest, it was necessary to explicitly lists the 
> > sources of
> > PVs (since there is no way to mask out an IP addr) for each CA gateway
> > process AND to make sure the CA gateway process ran as the correct IP
> > (that's the -sip arg or the EPICS_CAS_INTF_ADDR_LIST env var). Note that
> > wildcards wouldn't work in my case, since if I used them, I'd be 
> > including
> > the server and creating ambiguity.
> >
> > HTH,
> > Dayle Kotturi                                            
> > dayle@stanford.edu
> > LINAC Coherent Light Source
> > Stanford Linear Accelerator Center
> >