Channel Access Gateway

Document Sample
Channel Access Gateway Powered By Docstoc
					Channel Access Gateway




                   Dirk Zimoch, Pikett Training 8.5.2008
                 Channel Access Gateway

What is a Channel Access Gateway?
                                                medm
         medm
medm                                                          IOC
                        CA gateway
medm
           IOC
                                            medm

■ It forwards channel access to a different network.
■ Allows access control and filtering.
■ Can reduce network traffic.
                                          Dirk Zimoch, Pikett Training 8.5.2008
                     Channel Access Gateway

Reduction of network traffic
■ Monitors from many clients to the same IOC are bundled.
  ►Saves bandwidth, memory and CPU time on IOC.
  ►IOC has to serve only one client: the gateway.

                          gateway


■ Already connected channels are not searched again.
  ►Saves broadcast traffic with many clients of the same channel.
■ Channels stay connected for at least two hours.
  ►Saves broadcast traffic with short-lived clients (caget).
                                                       Dirk Zimoch, Pikett Training 8.5.2008
              Channel Access Gateway

                                    PSI network
Old SLS Network Layout (2007)




                  SLS Accelerator
                        Gat
                         e
           Beamlines    way




                                       Dirk Zimoch, Pikett Training 8.5.2008
              Channel Access Gateway

                                        PSI network
New SLS Network Layout (now)
                 Firewall Switch




                  SLS Accelerator



             Beamline              Beamline
                1                     2


                                          Dirk Zimoch, Pikett Training 8.5.2008
                          Channel Access Gateway

  PSI-XFEL Network layout
                            backbone network
                       (control room, central IOCs)               CAGW
              CAGW     CAGW                            CAGW
                                        CAGW    CAGW
                                                                         beamline 1
VLAN router




              gun      linac 1    ... linac n    undulators




                                                                                  ...
                          vacuum system PLCs                            beamline n

                     machine interlock system PLCs
                                                                                EPICS
                                 web cameras
                                    ...                                      non EPICS
                                                         Dirk Zimoch, Pikett Training 8.5.2008
                       Channel Access Gateway

Installed SLS gateways
■ office  machine
  ► Read-only access to machine.
■ 16 beamlines  machine
  ► Most channels are read-only
  ► Special beamline related channels
    are writable
■ Each gateway computer runs 2
  gateway processes
  ► X*-IMPGW imports other channels
    into beamline network
  ► X*-EXPGW exports beamline
    channels to other networks

                                                Dirk Zimoch, Pikett Training 8.5.2008
                     Channel Access Gateway

Filtering and access control
■ Filtering is done by channel name patterns.
  ►Only configured patterns are forwared, others are blocked.
  ►Saves broadcast traffic if channel is blocked.
  ►Requires simple rules to know network from channel name.
  ►Wrong filter settings make channels unavailable.
■ Access can be read-only or read-write.
  ►Filter rules can be combined with rules for users and hosts.
  ►Beamlines can write only to selected channels on machine.
  ►Beamlines cannot write to other beamlines.
  ►Wrong filter settings give wrong access rights.
                                                     Dirk Zimoch, Pikett Training 8.5.2008
                             Channel Access Gateway
                                            EVALUATION ORDER ALLOW, DENY


Example configuration                       # get machine and other beamline channels
                                            X(?!12SA).*                ALLOW
                                            ILUUL.*                    ALLOW

■ Filename: GATEWAY.pvlist                  A.*

                                            # allow statistic channels
                                                                       ALLOW



■ Install directory on gateway:             X12SA-IMPGW:.*
                                            X12SA-EXPGW:.*
                                                                       ALLOW
                                                                       ALLOW

    /usr/local/caGateway                    # Orbit Feedback
                                            .*-LBB:.*                  ALLOW

■ Copy on fileserver:                       # PLCs: MIS, VCS, LAC
    /exchange/home/zimoch/caGateway         .*-MIS.*
                                            .*-VCS.*
                                                                       ALLOW
                                                                       ALLOW

■ CVS repository:                           .*-FE-.*
                                            .*-LAC:.*
                                                                       ALLOW
                                                                       ALLOW

    G/EPICS/extensions/src/gateway/config   # Special

    or short: gateway/config
                                            X12SA-VME-ID.*                           ALLOW
                                            X12SA-ID.*                               ALLOW   WRITE
                                            ACOAU-ACCU:OP-X12SA(\.VAL)?              ALLOW   WRITE

■   Filtering based on Perl
                                            ACOAU-ACCU:ALARM-X12SA(\.VAL)?
                                            X12SA-FE-.*:CLOSE4BL(\.VAL)?
                                            X12SA-FE-.*:OPEN-BLMODE(\.VAL)?
                                                                                     ALLOW
                                                                                     ALLOW
                                                                                     ALLOW
                                                                                             WRITE
                                                                                             WRITE
                                                                                             WRITE
    regular expressions                     X12SA-FE-FI1:WT_SET(\.VAL)?              ALLOW   WRITE

                                            # block everything but my own status channels
                                            # to my beamline IP to prevent loops
                                            !X12SA-IMPGW.*             DENY FROM 129.129.122.14




                                                                           Dirk Zimoch, Pikett Training 8.5.2008
                         Channel Access Gateway

How can I see that a gateway has a problem?
■ Records on other networks ...
  ►… are unavailable. (Most probable error)
   ● Is the record new? It might not match the filter pattern.
  ►… disconnect unexpectedly.
  ►… take long to connect.
  ►… update irregularly or delayed.




                                                                 Dirk Zimoch, Pikett Training 8.5.2008
                     Channel Access Gateway

Diagnostic medm sceens
■ medm -x gateways.adl
■ Should work on all SLS networks.
■ From office net, type cam first.
■ Launcher:          Existing
                   channels




                 Not existing
                  channels



                                              Dirk Zimoch, Pikett Training 8.5.2008