Hi Andrew,
I thought we were doing directed UDP broadcasts to Cisco switches at the APS.
Here is what we do. By default I set my EPICS_CA_ADDR_LIST to the broadcast address of only my local subnet, 164.54.160.255
corvette:ADAndor3/andor3App/src>echo $EPICS_CA_ADDR_LIST
164.54.160.255
When I do that I cannot reach PVs on another sector's subnet (164.54.162.*)
corvette:ADAndor3/andor3App/src>caget 15IDA:m1
Channel connect timed out: '15IDA:m1' not found.
However, if I add the broadcast address of the 164.54.162.* subnet:
corvette:ADAndor3/andor3App/src>setenv EPICS_CA_ADDR_LIST "164.64.160.255 164.54.162.255"
corvette:ADAndor3/andor3App/src>echo $EPICS_CA_ADDR_LIST
164.64.160.255 164.54.162.255
Then I can see PVs on their subnet.
corvette:ADAndor3/andor3App/src>caget 15IDA:m1
15IDA:m1 0
Isn't that doing a directed UDP broadcast to the switch for the 164.54.162.* subnet?
Thanks,
Mark
-----Original Message-----
From: [email protected] <[email protected]> On Behalf Of Andrew Johnson
Sent: Monday, July 16, 2018 12:08 PM
To: [email protected]
Subject: Re: caget randomly returns Channel connect timed out
Hi Dirk,
On 07/16/2018 02:42 AM, Dirk Zimoch via Tech-talk wrote:
> We at PSI hat problems with new Cisco switches (I don't know the
> model) dropping CA directed broadcasts (i.e. broadcasts into another
> subnet, such as 172.17.2.255 172.17.3.255) and even blocking them for
> a while when the rate went over a certain limit (e.g. when a huge UI starts up).
> I think that was supposed to be a counter measure against denial of
> service attacks. It took over a year of discussion with Cisco to get a fix.
You managed to get Cisco to support the conversion of a UDP packet sent to a subnet's broadcast address into a real broadcast packet on that subnet? I'm impressed! Our older HP switches used to allow this but IT replaced them several years ago (we weren't relying on this behaviour, which does have some fairly obvious DoS attack possibilities).
For the record, can you find out if that Cisco solution is specific to a particular model or family of switches, or if they made it generic?
- Andrew
--
Arguing for surveillance because you have nothing to hide is no different than making the claim, "I don't care about freedom of speech because I have nothing to say." -- Edward Snowdon
- Replies:
- Re: caget randomly returns Channel connect timed out Andrew Johnson
- References:
- caget randomly returns Channel connect timed out Matt Rippa
- Re: caget randomly returns Channel connect timed out Andrew Johnson
- Re: caget randomly returns Channel connect timed out Michael Davidsaver
- Re: caget randomly returns Channel connect timed out Matt Rippa
- Re: caget randomly returns Channel connect timed out Dirk Zimoch via Tech-talk
- Re: caget randomly returns Channel connect timed out Andrew Johnson
- Navigate by Date:
- Prev:
Re: caget randomly returns Channel connect timed out Andrew Johnson
- Next:
Re: caget randomly returns Channel connect timed out Andrew Johnson
- Index:
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
<2018>
2019
2020
2021
2022
2023
2024
- Navigate by Thread:
- Prev:
Re: caget randomly returns Channel connect timed out Andrew Johnson
- Next:
Re: caget randomly returns Channel connect timed out Andrew Johnson
- Index:
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
<2018>
2019
2020
2021
2022
2023
2024
|