Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dirk Zimoch, Pikett Training 8.5.2008 Channel Access Gateway.

Published byCarmel French Modified over 9 years ago

Similar presentations

Presentation on theme: "Dirk Zimoch, Pikett Training 8.5.2008 Channel Access Gateway."— Presentation transcript:

1 Dirk Zimoch, Pikett Training 8.5.2008 Channel Access Gateway

2 Dirk Zimoch, Pikett Training 8.5.2008 Channel Access Gateway What is a Channel Access Gateway? ■ It forwards channel access to a different network. ■ Allows access control and filtering. ■ Can reduce network traffic. CA gateway medm IOC medm IOC medm

3 Dirk Zimoch, Pikett Training 8.5.2008 Channel Access Gateway Reduction of network traffic ■ Monitors from many clients to the same IOC are bundled. ► Saves bandwidth, memory and CPU time on IOC. ► IOC has to serve only one client: the gateway. ■ Already connected channels are not searched again. ► Saves broadcast traffic with many clients of the same channel. ■ Channels stay connected for at least two hours. ► Saves broadcast traffic with short-lived clients (caget). gateway

4 Dirk Zimoch, Pikett Training 8.5.2008 Channel Access Gateway PSI network Old SLS Network Layout (2007) SLS Accelerator Gat e way Beamlines

5 Dirk Zimoch, Pikett Training 8.5.2008 Channel Access Gateway PSI network New SLS Network Layout (now) SLS Accelerator Beamline 1 Beamline 2 Gat e way Gate way Firewall Switch

6 Dirk Zimoch, Pikett Training 8.5.2008 Channel Access Gateway backbone network (control room, central IOCs) PSI-XFEL Network layout... EPICS non EPICS gunlinac 1linac nundulators beamline 1 beamline n vacuum system PLCs machine interlock system PLCs web cameras VLAN router... CAGW

7 Dirk Zimoch, Pikett Training 8.5.2008 Channel Access Gateway Installed SLS gateways ■ office  machine ► Read-only access to machine. ■ 16 beamlines  machine ► Most channels are read-only ► Special beamline related channels are writable ■ Each gateway computer runs 2 gateway processes ► X*-IMPGW imports other channels into beamline network ► X*-EXPGW exports beamline channels to other networks

8 Dirk Zimoch, Pikett Training 8.5.2008 Channel Access Gateway Filtering and access control ■ Filtering is done by channel name patterns. ► Only configured patterns are forwared, others are blocked. ► Saves broadcast traffic if channel is blocked. ► Requires simple rules to know network from channel name. ► Wrong filter settings make channels unavailable. ■ Access can be read-only or read-write. ► Filter rules can be combined with rules for users and hosts. ► Beamlines can write only to selected channels on machine. ► Beamlines cannot write to other beamlines. ► Wrong filter settings give wrong access rights.

9 Dirk Zimoch, Pikett Training 8.5.2008 Channel Access Gateway Example configuration ■ Filename: GATEWAY.pvlist ■ Install directory on gateway: /usr/local/caGateway ■ Copy on fileserver: /exchange/home/zimoch/caGateway ■ CVS repository: G/EPICS/extensions/src/gateway/config or short: gateway/config ■ Filtering based on Perl regular expressions EVALUATION ORDER ALLOW, DENY # get machine and other beamline channels X(?!12SA).* ALLOW ILUUL.* ALLOW A.* ALLOW # allow statistic channels X12SA-IMPGW:.* ALLOW X12SA-EXPGW:.* ALLOW # Orbit Feedback.*-LBB:.* ALLOW # PLCs: MIS, VCS, LAC.*-MIS.* ALLOW.*-VCS.* ALLOW.*-FE-.* ALLOW.*-LAC:.* ALLOW # Special X12SA-VME-ID.* ALLOW X12SA-ID.* ALLOW WRITE ACOAU-ACCU:OP-X12SA(\.VAL)? ALLOW WRITE ACOAU-ACCU:ALARM-X12SA(\.VAL)? ALLOW WRITE X12SA-FE-.*:CLOSE4BL(\.VAL)? ALLOW WRITE X12SA-FE-.*:OPEN-BLMODE(\.VAL)? ALLOW WRITE X12SA-FE-FI1:WT_SET(\.VAL)? ALLOW WRITE # block everything but my own status channels # to my beamline IP to prevent loops !X12SA-IMPGW.* DENY FROM 129.129.122.14

10 Dirk Zimoch, Pikett Training 8.5.2008 Channel Access Gateway How can I see that a gateway has a problem? ■ Records on other networks... ► … are unavailable. (Most probable error) ● Is the record new? It might not match the filter pattern. ► … disconnect unexpectedly. ► … take long to connect. ► … update irregularly or delayed.

11 Dirk Zimoch, Pikett Training 8.5.2008 Channel Access Gateway Diagnostic medm sceens ■ medm -x gateways.adl ■ Should work on all SLS networks. ■ From office net, type cam first. ■ Launcher: Not existing channels Existing channels

Download ppt "Dirk Zimoch, Pikett Training 8.5.2008 Channel Access Gateway."

Similar presentations

Chapter 3: Planning a Network Upgrade

Chapter 3: Planning a Network Upgrade
Channel Access Protocol Andrew Johnson Computer Scientist, AES Controls Group.

Channel Access Protocol Andrew Johnson Computer Scientist, AES Controls Group.
Dirk Zimoch, EPICS Collaboration Meeting, Vancouver 2009 PSI-XFEL Challenges and Developments.

Dirk Zimoch, EPICS Collaboration Meeting, Vancouver 2009 PSI-XFEL Challenges and Developments.
Controls Group New Channel Access Nameserver Joan Sage 12/4/01.

Controls Group New Channel Access Nameserver Joan Sage 12/4/01.
LAN DESIGN. Functionality - the network must work with reasonable speed and reliability.

LAN DESIGN. Functionality - the network must work with reasonable speed and reliability.
11 CONFIGURING AND MANAGING SHARED FOLDER SECURITY Chapter 8.

11 CONFIGURING AND MANAGING SHARED FOLDER SECURITY Chapter 8.
Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.

Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Communication Links Communication Link = Physical connection or Physical Medium Types: Wire Pair or Twisted Pair Coaxial Cable Fiber Optics Bandwidth,

Communication Links Communication Link = Physical connection or Physical Medium Types: Wire Pair or Twisted Pair Coaxial Cable Fiber Optics Bandwidth,
Terri Lahey LCLS FAC: Update on Security Issues 12 Nov 2008 SLAC National Accelerator Laboratory 1 Update on Security Issues LCLS.

Terri Lahey LCLS FAC: Update on Security Issues 12 Nov 2008 SLAC National Accelerator Laboratory 1 Update on Security Issues LCLS.
Implementing ISA Server Caching. Caching Overview ISA Server supports caching as a way to improve the speed of retrieving information from the Internet.

Implementing ISA Server Caching. Caching Overview ISA Server supports caching as a way to improve the speed of retrieving information from the Internet.
Core 3: Communication Systems. On any network there are two types of computers present – servers and clients. By definition Client-Server architecture.

Core 3: Communication Systems. On any network there are two types of computers present – servers and clients. By definition Client-Server architecture.
(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,

(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,
CISCO NETWORKING ACADEMY Chabot College ELEC 99.08 Router Introduction.

CISCO NETWORKING ACADEMY Chabot College ELEC Router Introduction.
A U.S. Department of Energy Office of Science Laboratory Operated by The University of Chicago Argonne National Laboratory Office of Science U.S. Department.

A U.S. Department of Energy Office of Science Laboratory Operated by The University of Chicago Argonne National Laboratory Office of Science U.S. Department.
Connecting LANs, Backbone Networks, and Virtual LANs

Connecting LANs, Backbone Networks, and Virtual LANs
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Terri Lahey EPICS Collaboration Meeting June 2006 15 June 2006 LCLS Network & Support Planning Terri Lahey.

Terri Lahey EPICS Collaboration Meeting June June 2006 LCLS Network & Support Planning Terri Lahey.
Network Security (Firewall) Instructor: Professor Morteza Anvari Student: Xiuxian Chen ID: 93036 Term: Spring 2001.

Network Security (Firewall) Instructor: Professor Morteza Anvari Student: Xiuxian Chen ID: Term: Spring 2001.
Dirk Zimoch, KSTAR Meeting 2009 Auto Save and Restore.

Dirk Zimoch, KSTAR Meeting 2009 Auto Save and Restore.

Similar presentations

Ads by Google