EPICS Home EPICS Controls Argonne National Laboratory

Experimental Physics and
Industrial Control System

Format page
for printing


Search Tech-talk
1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  <20112012  2013  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024  Index 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  <20112012  2013  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024 
<== Date ==> <== Thread ==>
Subject: Re: problem with gateway and softIoc running on same server
From: Ralph Lange <[email protected]>
To: [email protected]
Date: Thu, 19 May 2011 12:17:17 +0200
Kevin,

All (soft) IOCs run the rsrv server code, so they will bind to all network interfaces found.

The Gateway runs the CAS server code, so it will honor EPICS_CAS_INTF_ADDR_LIST and only bind to the interface(s) defined therein.

In your log, the Gateway is configured not to use a broadcast to find channels.
Its client end points to 192.171.95.112:8164 and 192.168.134.51:8064, so it will only find channels on these two addresses/ports.
Its server end is configured to 128.171.95.112, which obviously is in a third network.

As you say the server only has two network cards - is that a typo, maybe?

As Dirk pointed out, you can run multiple soft IOCs on a server. (I've heard of installations running 200+ soft IOCs on one box.) You won't be able to reliably contact PVs on that host when using unicast name resolution, i.e. when the client sets EPICS_CA_AUTO_ADDR_LIST=NO and addresses in EPICS_CA_ADDR_LIST.

Running soft IOCs and a Gateway on one host means a client can in general always access the Gateway and the soft IOCs (directly). There is no way to make a soft IOC "hide" itself from one of the existing networks. You can obfuscate things by running the soft IOC on a different port, but a client that connects to that port will still see the soft IOC channels directly. If you want to securely hide the soft IOC from a client, the soft IOC must either run on a different machine behind the Gateway (seen from the client), on a network the client can not access, or you have to setup the firewall to not allow access to the special port from the client's network.
Note: On PC hardware, you may create a private network for the soft IOC using virtualization techniques. Running the soft IOC on a virtual machine connected to the server by a host-only network will make the soft IOC inaccessible from the client, but allow a Gateway running on that server to connect to the soft IOC through the host-only net.

Running a CA client (e.g. caget) on the server with no environment setting will always return multiple hits, as the soft IOC is visible on all configured network interfaces. When you set EPICS_CA_AUTO_ADDR_LIST=NO (to shut off broadcasts) and EPICS_CA_ADDR_LIST to exactly one of the configured network addresses, you should be able to connect without warnings.

For your setup, running the soft IOC with a special server port, and mentioning exactly one of its addresses in the Gateway's EPICS_CA_ADDR_LIST should work. If you setup the firewall to block access to the special port from the client's network, this should even be quite secure. You could further narrow it down by the firewall only allowing access to the special port from localhost, in which case everyone except the server has to go through the Gateway.

~Ralph


On 19.05.2011 05:49 Kevin Tsubota wrote:

Hi,

 

I want a gateway to publish PVs from 192.168.134.51:8064 which is on a private network connected to 192.171.95.112 (where a softIoc is already running) because I can’t access this private

 

I have the situation where I have a solaris-8 server (192.171.95.112) with two network cards.  One goes to our observatory network and the other goes to a private network running a windows based softIoc (192.168.134.51).  Now I need access to the PVs of the widows softIoc from other IPs on the observatory network. 

 

I can successfully get the gateway to publish the windows softIoc PVs without any problems.  However, I have a solaris softIoc running on the same server as the gateway and this is where I’m having problems. I’ve tried using different EPICS_CA_SERVER_PORTS for both IOCs but no matter what I try I can’t get the gateway to see the solaris IOC on the same IP.  If I manually set my EPICS_CA_SERVER_PORT at the command line then issue a caget, it successfully returns the PV value but it reports that there’s multiple instances of the PV.

 

My question is: can a gateway co-exist with a softIoc in the same ip address?

If so, what do I need to do to make it happen?  Using different EPICS_CA_SERVER_PORTs doesn’t seem to be it.  Is this related to the fact that I can’t run multiple softIocs on the same server unless I change port numbers?  In which case I’d want a gateway to interface to them as well.

 

Here’s my startup command run on the solaris server (128.171.95.112):

/usr/local/epics/r3.14.9/extensions/bin/solaris-sparc-gnu/gateway -debug 1 -pvlist k1lmct.pvlist -access GATEWAY.access -home $HOME -log k1lmct.log -sip "128.171.95.112" -sport 5064 -cip "192.171.95.112:8164 192.168.134.51:8064" -prefix k1:lmct:gateway&

 

Here’s the start of the debug output log:

PV Gateway Version 2.0.3.0 [Feb 20 2008 16:27:23]

EPICS 3.14.9 PID=13539

EPICS_CA_ADDR_LIST=192.171.95.112:8164 192.168.134.51:8064

EPICS_CA_AUTO_ADDR_LIST=NO

EPICS_CA_SERVER_PORT=Not specified

EPICS_CA_MAX_ARRAY_BYTES=Not specified

EPICS_CAS_INTF_ADDR_LIST=128.171.95.112

EPICS_CAS_SERVER_PORT=5064

EPICS_CAS_IGNORE_ADDR_LIST=Not specified

 

Thank you in advance!

 

Kevin Tsubota

W.M. Keck Observatory



Replies:
RE: problem with gateway and softIoc running on same server Kevin Tsubota
References:
problem with gateway and softIoc running on same server Kevin Tsubota
Navigate by Date:
Prev: Re: problem with gateway and softIoc running on same server Dirk Zimoch
Next: Re: caGateway crashes / use of *MustSucceed functions Dirk Zimoch
Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  <20112012  2013  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024 
Navigate by Thread:
Prev: RE: Problem installing EPICS Base 3.14.12.1 on Cygwin/Win XP (32bit) Zhan Zhang
Next: RE: problem with gateway and softIoc running on same server Kevin Tsubota
Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  <20112012  2013  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024 
ANJ, 18 Nov 2013 Valid HTML 4.01! · Home · News · About · Base · Modules · Extensions · Distributions · Download ·
· Search · EPICS V4 · IRMIS · Talk · Bugs · Documents · Links · Licensing ·