EPICS Home

Experimental Physics and Industrial Control System


 
1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  <20112012  2013  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024  Index 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  <20112012  2013  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024 
<== Date ==> <== Thread ==>

Subject: Re: Channel Access not connecting
From: Stephen Lewis <[email protected]>
To: Jeff Hill <[email protected]>
Cc: [email protected]
Date: Wed, 18 May 2011 00:25:15 -0700
Sounds like a hack to keep CA happy and maybe it was for me (In which case thanks so much) but in any case must surely by fixed).  --Steve

On 17 May 2011, at 16:24 PM, Jeff Hill wrote:

>> The IOC's server is not yet impacted by the 
>> EPICS_CA_INTF_ADDR_LIST configuration.
> 
> How about the caget client?

The EPICS_CA_INTF_ADDR_LIST is only used to configure  servers.
 
>Here's netstat -nr output:
 
Looks ok. Connecting on the same host requires that an interface sees the loopback of its broadcast, but that always seems to work.
 
So perhaps it _is_ a firewall issue.
 
BTW: We see the opposite issue here. When caget runs on the same host as the soft IOC we see the message about the same PV name on multiple servers because of the soft interface for virtualized OS  that is typically installed in the new Linux versions (named typically virbr0 in the our systems). I could possibly cause this virbr0 to be left out of the autoconfiguration if I discriminate against the hardware address?
 
Jeff
______________________________________________________
Jeffrey O. Hill           Email        
[email protected]
LANL MS H820              Voice        505 665 1831
Los Alamos NM 87545 USA   FAX          505 665 5107
 
Message content: TSPA
 
With sufficient thrust, pigs fly just fine. However, this is
not necessarily a good idea. It is hard to be sure where they
are going to land, and it could be dangerous sitting under them
as they fly overhead. -- RFC 1925
 
From: Bruce Hill [mailto:[email protected]] 
Sent: Tuesday, May 17, 2011 2:55 PM
To: Jeff Hill
Cc: 'Claude Saunders'; 'Mark Rivers'; [email protected]
Subject: Re: Channel Access not connecting
 
On 05/17/2011 08:47 AM, Jeff Hill wrote:
oops, yes I said that backwards, its typically broadcasts that are received
by all servers (on the same host), and unicasts that are received by only by
one of multiple servers (on the same host).
  
I'm running with defaults for the EPICS_CA* and EPICS_CAS* env
variables, but have also played with EPICS_CA_ADDR_LIST,
EPICS_CA_AUTO_ADDR_LIST, and EPICS_CA_INTF_ADDR_LIST with no success.
    
The IOC's server is not yet impacted by the EPICS_CA_INTF_ADDR_LIST
configuration.
  
How about the caget client?

I've been having trouble with one linux machine where my IOC's
appear to be running correctly, dbgf works from iocsh, but caget
from another window on the same machine fails to connect.
    
Sounds like a routing level issue. The output from "netstat -r" might be
interesting.
 
Jeff
Here's netstat -nr output:
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
192.168.254.0   0.0.0.0         255.255.255.0   U         0 0          0 eth2
134.79.32.0     0.0.0.0         255.255.252.0   U         0 0          0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 eth2
0.0.0.0         134.79.35.1     0.0.0.0         UG        0 0          0 eth0

Mark suggested a firewall issue.   I'm looking into that now.   This
isn't our normal deployment system.   It's for an experimental chamber that's
currently in a different building at SLAC that wanted to run the same EPICS
motor control as they do when their chamber is installed in the hutch.   That
machine is visible from the internet, and I don't administer it, so I'll need
to find the sysadmin for this machine before making any changes.

This system, kernel 2.6.26.3-29.fc9.x86_64, does have a package called system-config-firewall
installed that says the firewall is enabled.   iptables shows:
# /sbin/iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
ACCEPT     icmp --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:mysql 
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited 

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited 

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         


Thanks,
- Bruce


References:
Channel Access not connecting Bruce Hill
Re: Channel Access not connecting Claude Saunders
RE: Channel Access not connecting Mark Rivers
Re: Channel Access not connecting Claude Saunders
RE: Channel Access not connecting Jeff Hill
Re: Channel Access not connecting Bruce Hill
RE: Channel Access not connecting Jeff Hill

Navigate by Date:
Prev: RE: Channel Access not connecting Jeff Hill
Next: Re: Channel Access not connecting Bruce Hill
Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  <20112012  2013  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024 
Navigate by Thread:
Prev: RE: Channel Access not connecting Jeff Hill
Next: Re: Channel Access not connecting Bruce Hill
Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  <20112012  2013  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024