1 / 11

Channel Access Gateway

Channel Access Gateway. medm. medm. medm. CA gateway. IOC. medm. IOC. medm. What is a Channel Access Gateway?. It forwards channel access to a different network. Allows access control and filtering. Can reduce network traffic. gateway. Reduction of network traffic.

larue
Download Presentation

Channel Access Gateway

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Channel Access Gateway Dirk Zimoch, Pikett Training 8.5.2008

  2. medm medm medm CA gateway IOC medm IOC medm What is a Channel Access Gateway? • It forwards channel access to a different network. • Allows access control and filtering. • Can reduce network traffic. Dirk Zimoch, Pikett Training 8.5.2008

  3. gateway Reduction of network traffic • Monitors from many clients to the same IOC are bundled. • Saves bandwidth, memory and CPU time on IOC. • IOC has to serve only one client: the gateway. • Already connected channels are not searched again. • Saves broadcast traffic with many clients of the same channel. • Channels stay connected for at least two hours. • Saves broadcast traffic with short-lived clients (caget). Dirk Zimoch, Pikett Training 8.5.2008

  4. PSI network Old SLS Network Layout (2007) SLS Accelerator Gate way Beamlines Dirk Zimoch, Pikett Training 8.5.2008

  5. PSI network New SLS Network Layout (now) Firewall Switch SLS Accelerator Gate way Gate way Beamline1 Beamline2 Dirk Zimoch, Pikett Training 8.5.2008

  6. CAGW CAGW CAGW CAGW CAGW CAGW PSI-XFEL Network layout backbone network(control room, central IOCs) VLAN router beamline 1 gun linac 1 linac n undulators ... ... beamline n vacuum system PLCs machine interlock system PLCs EPICS web cameras non EPICS ... Dirk Zimoch, Pikett Training 8.5.2008

  7. Installed SLS gateways • office  machine • Read-only access to machine. • 16 beamlines  machine • Most channels are read-only • Special beamline related channels are writable • Each gateway computer runs 2 gateway processes • X*-IMPGW imports other channels into beamline network • X*-EXPGW exports beamline channels to other networks Dirk Zimoch, Pikett Training 8.5.2008

  8. Filtering and access control • Filtering is done by channel name patterns. • Only configured patterns are forwared, others are blocked. • Saves broadcast traffic if channel is blocked. • Requires simple rules to know network from channel name. • Wrong filter settings make channels unavailable. • Access can be read-only or read-write. • Filter rules can be combined with rules for users and hosts. • Beamlines can write only to selected channels on machine. • Beamlines cannot write to other beamlines. • Wrong filter settings give wrong access rights. Dirk Zimoch, Pikett Training 8.5.2008

  9. EVALUATION ORDER ALLOW, DENY # get machine and other beamline channels X(?!12SA).* ALLOW ILUUL.* ALLOW A.* ALLOW # allow statistic channels X12SA-IMPGW:.* ALLOW X12SA-EXPGW:.* ALLOW # Orbit Feedback .*-LBB:.* ALLOW # PLCs: MIS, VCS, LAC .*-MIS.* ALLOW .*-VCS.* ALLOW .*-FE-.* ALLOW .*-LAC:.* ALLOW # Special X12SA-VME-ID.* ALLOW X12SA-ID.* ALLOW WRITE ACOAU-ACCU:OP-X12SA(\.VAL)? ALLOW WRITE ACOAU-ACCU:ALARM-X12SA(\.VAL)? ALLOW WRITE X12SA-FE-.*:CLOSE4BL(\.VAL)? ALLOW WRITE X12SA-FE-.*:OPEN-BLMODE(\.VAL)? ALLOW WRITE X12SA-FE-FI1:WT_SET(\.VAL)? ALLOW WRITE # block everything but my own status channels # to my beamline IP to prevent loops !X12SA-IMPGW.* DENY FROM 129.129.122.14 Example configuration • Filename: GATEWAY.pvlist • Install directory on gateway:/usr/local/caGateway • Copy on fileserver:/exchange/home/zimoch/caGateway • CVS repository:G/EPICS/extensions/src/gateway/configor short: gateway/config • Filtering based on Perl regular expressions Dirk Zimoch, Pikett Training 8.5.2008

  10. How can I see that a gateway has a problem? • Records on other networks ... • … are unavailable. (Most probable error) • Is the record new? It might not match the filter pattern. • … disconnect unexpectedly. • … take long to connect. • … update irregularly or delayed. Dirk Zimoch, Pikett Training 8.5.2008

  11. medm -x gateways.adl Should work on all SLS networks. From office net, type cam first. Launcher: Diagnostic medm sceens Existing channels Not existing channels Dirk Zimoch, Pikett Training 8.5.2008

More Related