EPICS supports two network protocols that allow clients to broadcast UDP search requests for Process Variables (PVs).    Server processes respond if they support that PV and establish a TCP connection with the client allowing the client to fetch or monitor the PV.

The original protocol is called Channel Access and supports scalar and array PVs, while the newer protocol is called PVAccess (PVA), and supports structured data.

Each protocol has a gateway software package that runs both a client and a server.    Typically, the gateway is run on a host with multiple network adapters.   The server side listens for PV search requests from one network, and forwards them via it's client side to see if the PV exists on the other network.   If the PV is found, the gateway forwards the PV information through it's server side to the original client.    Gateways can also be configured to provide additional access security.

Recorded Overview of EPICS Gateways

A Recorded Zoom meeting of Bruce Hill describing various aspects of EPICS CA and PVA Gateway Software.  Click Here to view the recording.

Channel Access PV Gateway (ca-gateway)

The EPICS Channel Access PV Gateway is both a Channel Access server and Channel Access client. It provides a means for many clients to access a process variable, while making only one connection to the server that owns the process variable.

It also provides additional access security beyond that on the server. It thus protects critical servers while providing possibly restricted access to needed process variables.

The Gateway typically runs on a machine with multiple network cards, and the clients and the server may be on different subnets.

See https://github.com/epics-extensions/ca-gateway and https://epics.anl.gov/EpicsDocumentation/ExtensionsManuals/Gateway/Gateway.html for more information.

PVAccess PV Gateway (P4P)

P4P is a python wrapper around the PVAccess (aka. PVA) protocol network client and server.   Python handles the configuration and initial connection with the low level data flow handled by C++ libraries.

P4P includes API for a Client API and Server API, as well as a PVA Gateway executable (pvagw) with which can enforce an access control policy.

See https://mdavidsaver.github.io/p4p/ for more information.

LCLS Gateways

See  the Controls Sofware Operations Gateways page for more information.

The LCLS gateway run on several different hosts which have different ssh access procedures:

• lcls PROD and FACET gateway host: ssh laci@lcls-prod01 from mcclogin, scripts are in /afs/slac/g/lcls/tools/gateway/scripts

• lcls EBeamServe gateway host: ssh laci@lcls-daemon3 from lcls-srv01, scripts are in /usr/local/lcls/tools/gateway/scripts

• testfac gateway host: ssh acctf@testfac-daemon2 from ?

Configuration files are found in $TOOLS/gateway/config and startup scripts in $TOOLS/gateway/scripts.   These directories are CVS version controlled.   Note that TOOLS is an NFS directory in /usr/local for the accelerator subnets, and an AFS directory for the gateways that serve PROD PVs to the DEV subnet, so their contents usually differ.

PCDS Gateways

See EPICS Channel Access Gateway Setup for a gateway network diagram and more information on the PCDS gateway configuration and launch scripts.

Useful Links

• https://github.com/mdavidsaver/cashark/  Lua protocol dissectors for wireshark
• https://nsls-ii.github.io/caproto/index.html Pure python CA protocol library

Notes from some incident troubleshooting

• Gateway routing issue
• Troubleshooting FEE Gateway Issues
• Notes re using cashark lua based wireshark dissectors for CA and PVA