SciStream at APS

From Beam Line Controls
Revision as of 19:17, 9 April 2025 by Tguruswamy (talk | contribs) (from talks with flavio)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

SciStream Tunnel Setup Guide

This guide provides step-by-step instructions on how to tunnel a connection through SciStream using s2uc running from a container. This setup involves two endpoints, each running on separate hosts, to establish a secure tunnel for forwarding packets.

Endpoint Configuration

Inbound Request ("Server side": 192.168.150.1)

podman run --rm --net=host -v ./server1:/scistream --entrypoint=s2uc castroflaviojr/scistream:1.2.1 inbound-request --remote_ip 192.168.150.1 --s2cs 192.168.150.1:5000 --receiver_ports 5300 --num_conn 1 --server_cert=/scistream/server.crt
  • Parameters:
    • --remote_ip: The address the user application is listening on.
    • --s2cs: The IP and port for the local s2cs scistream control server.
    • --receiver_ports: The port the user application is listening on (i.e. the user application is bound to {remote_ip:receiver_port}).
    • --num_conn: Number of connections to establish.
    • --server_cert: Path to the server certificate for TLS.

Note the UID:

After running the command, note the UID and listener port provided in the output. Example: 

uid; s2cs; access_token; role
bd9f1a7e-04d7-11f0-b44c-946dae415862 192.168.150.1:5000 INVALID_TOKEN PROD
sending client request message
started client request
waiting for hello message
sending for hello message
Hello message sent successfully
Listeners: ['192.168.150.1:5100']

Outbound Request ("Client side": 192.168.150.2)

podman run --rm --net=host -v ./server2:/scistream --entrypoint=s2uc castroflaviojr/scistream:1.2.1 outbound-request --remote_ip 192.168.150.1 --s2cs 192.168.150.2:5000 --receiver_ports 5100 --num_conn 1 --server_cert=/scistream/server.crt bd9f1a7e-04d7-11f0-b44c-946dae415862 192.168.150.1:5100
  • Parameters:
    • --remote_ip: The eventual destination IP address we want data to be forwarded to.
    • --s2cs: The IP and port for the local s2cs scistream control server.
    • --receiver_ports: Local port which the client application will connect to.
    • --num_conn: Number of connections to establish.
    • --server_cert: Path to the server certificate for TLS.
    • UID: Use the UID noted from the inbound request.
    • IP:PORT: Use the IP and port noted from the inbound request.

Example output: 

uid; s2cs; access_token; role
bd9f1a7e-04d7-11f0-b44c-946dae415862 192.168.150.2:5000 INVALID_TOKEN CONS
started client request
waiting for hello message
Hello message sent successfully
Listeners: ['192.168.150.2:5100']

Verification

  • Check Listening Ports:

On both hosts, verify that the stunnel processes are listening on the expected ports using: 

ss -tlpn
  • Test the Tunnel:

Use iperf3 to test the tunnel:

  • Client Side (Host 192.168.150.2):
iperf3 -c 192.168.150.2 -p 5100
  • Server Side (Host 192.168.150.1):
iperf3 -s -p 5300

Closing the Connection

To close a connection request, use the release option with s2uc: 

s2uc release <uid>
Retrieved from "https://wiki-ext.aps.anl.gov/blc/index.php?title=SciStream_at_APS&oldid=802"