1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 <2017> 2018 2019 2020 2021 2022 2023 2024 | Index | 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 <2017> 2018 2019 2020 2021 2022 2023 2024 |
<== Date ==> | <== Thread ==> |
---|
Subject: | Re: Questions regarding CA protocol specification and phylosophy |
From: | Diego Sanz <[email protected]> |
To: | Mark Rivers <[email protected]> |
Cc: | EPICS Tech Talk <[email protected]> |
Date: | Fri, 15 Sep 2017 15:23:37 +0200 |
> Then I try with 127.255.255.255 and !IT WORKS!
> regarding EPICS_CA_AUTO_ADDR_LIST set to NO, I have try without configuring it, and it works, I put both YES or NO, and it works.
This is not the correct way to configure it. You should set
EPICS_CA_AUTO_ADDR_LIST=NO
EPICS_CA_ADDR_LIST=10.0.2.255
As others have said, I strongly suspect that the reason this is not working is that you have a firewall running. The configuration I show is what most other sites are using with no problems.
The problem with using 127.255.255.255 is that will prevent you from accessing PVs from other IOCs on your network (at least if EPICS_CA_AUTO_ADDR_LIST=NO), and that is not what you want.
Mark
________________________________
From: [email protected] [[email protected]] on behalf of Diego Sanz [[email protected]]
Sent: Friday, September 15, 2017 6:07 AM
To: Ralph Lange
Cc: EPICS Tech Talk
Subject: Re: Questions regarding CA protocol specification and phylosophy
Dear Ralph, Michael, Mark, Kay, Dirk, et al.
FIrst of all thank you again for all recommendations. I am going to try to explain which configuration does work and which doesn't.
I have check the following in two different virtual Machines, One Fedora 26, and the other one CentOS7. In both everything works exactly the same.
config 1. CentOS7 (both EPICS 3.14.12.6 and 3.15.5)
I run 2 IOCs without any specific epicsEnv configuration (as some of you recommended), and I open a new console and I run caget, for reach 2 different PVs from the different IOCs. caget does not find any PV. Then I configure the EPICS_CA_ADDRS_LIST=127.0.0.1 or 10.0.2.15, and it only works for the last one executed. Right. Now I check with wirshark and netstat, and I can see that both IOCs are sending beacon messages from 10.0.2.15, so I suppose that if I configure EPICS_CA_ADDR_LIST=10.0.2.255 (this is the broadcast address of that private subnet of my computer) it should work, but it doesn't. the messages are:
[dsanz@localhost ~]$ export EPICS_CA_ADDR_LIST="10.0.2.255" Warning: Duplicate EPICS CA Address list entry "10.0.2.255:5064<http://10.0.
[dsanz@localhost ~]$ caget dsanzHost:ai1
2.255:5064 >" discarded
Channel connect timed out: 'dsanzHost:ai1' not found.
[dsanz@localhost ~]$ caget pcounter
Warning: Duplicate EPICS CA Address list entry "10.0.2.255:5064<http://10.0.2.255:5064 >" discarded
Channel connect timed out: 'pcounter' not found.
Then I try with 127.255.255.255 and !IT WORKS!
[dsanz@localhost ~]$ export EPICS_CA_ADDR_LIST="127.255.255.255" 2017-09-14 21:00 GMT+02:00 Ralph Lange <[email protected]<mailto:ral
[dsanz@localhost ~]$ caget pcounter
pcounter 0
[dsanz@localhost ~]$ caget dsanzHost:ai1
dsanzHost:ai1 6
Mark,
regarding EPICS_CA_AUTO_ADDR_LIST set to NO, I have try without configuring it, and it works, I put both YES or NO, and it works. I do not know if this should be work in this way or not... but it is absolutely the same, even if you put EPICS_CA_AUTO_ADDR_LIST="come to ICALPECS2017" :)
Well, if 127.255.255.255 works, but 10.0.2.255 doesn't, I thought to configure the 2 IOCs with EPICS_CAS_INTF_ADDR=10.0.5.15... and then I configure the client with EPICS_CA_ADDR_LIST=10.0.2.255 (broadcast IP address) but in this way it neither works.
Then it looks, that is crucial the loopback interface for this configuration?
Thank you very much to everybody, I hope this questions help other people too.
Regards
Diego
[email protected] >>:
On Thu, Sep 14, 2017 at 8:55 PM, Ralph Lange <[email protected]<mailto:ral[email protected] >> wrote:
[...]
Outside of CA, there are a zillion different ways to use firewalls and packet filtering/rewriting software to make the client only see the PVs on one interface.
Key point: the name resolution request package (UDP from client to port 5065) must reach the IOC on only one interface. Everything else won't matter much.
UDP from client to port 5064, of course.
Sorry!!
~Ralph