[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[NOAAPORT #BGK-918302]: NOAAPort ingest not working

This archive contains answers to questions sent to Unidata support through mid-2025. Note that the archive is no longer being updated. We provide the archive for reference; many of the answers presented here remain technically correct, even if somewhat outdated. For the most up-to-date information on the use of NSF Unidata software and data services, please consult the Software Documentation first.

Subject: [NOAAPORT #BGK-918302]: NOAAPort ingest not working
Date: Wed, 26 Jun 2019 13:03:33 -0600

Hi,

re:
> Thanks Tom!!

No worries.

re: what did you do for "I added the routes"

> For the routes, I added them one by one as the following.
> ip route add 224.0.1.1/255.255.255.255 dev em4
> ip route add 224.0.1.2/255.255.255.255 dev em4
> ip route add 224.0.1.3/255.255.255.255 dev em4
> ip route add 224.0.1.4/255.255.255.255 dev em4

OK, the hard way ;-)

re: "I added the necessary ports"

> Both the firewall and iptables were running in the new servers. If I left the 
> firewall
> on I have to create the zone and add multicast rules as in the link you sent 
> on your
> previous email. I didn’t want to get into that complexity because I didn’t 
> see the use
> of the local firewall as we are not receiving other traffic on the em4 
> interface. 

OK.

re:
> The
> other interfaces are protected the global firewall.  Now that it is working I 
> could
> also sometime try to turn on the firewall and add the multicast rules to it 
> and see
> if it works.

This would be a good thing to test when you get time.

re:
> For the iptables, first I dumped the current iptables information using 
> iptables-save > iptables06222019
> 
> Then edited iptables06222019 file and added the following lines to match the 
> legacy
> server confiscations. The only changes I noticed due to OS change is in the 
> older OS
> it was done using -A RH-Firewall-1-INPUT not it is just -A IN_public_allow
> 
> -A IN_public_allow -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT
> -A IN_public_allow -d 224.0.1.0/255.255.255.0 -i em4 -p udp -m state --state 
> NEW -m udp --dport 1201:1205 -j ACCEPT
> -A IN_public_allow -p igmp -m conntrack --ctstate NEW -j ACCEPT
> 
> Then I run the following command to restore the iptables
> 
> Iptables-restore < iptables06222019

Again, the hard way from my perspective.

re:
> And after noaaport started working, For the GOES-R, I added the 5, 8,9,& 10  
> as follows.
> 
> ip route add 224.0.1.5/255.255.255.255 dev em4
> ip route add 224.0.1.8/255.255.255.255 dev em4
> ip route add 224.0.1.9/255.255.255.255 dev em4
> ip route add 224.0.1.10/255.255.255.255 dev em4

Needing to do this is one of the reasons that I say that this is the hard way.

re:
> I edited the iptables file again include GOES-R rule. The reason I didn’t 
> combine it
> with the previouse line is because there is a jump on the port (1201-1205 
> then no
> 1206,1207 and we have 1208:1210)

OK.  My question remains: if the _only_ traffic on 'em4' is from the Novra 
S300N,
why go to so much bother to lock down access?

re:
> -A IN_public_allow -d 224.0.1.0/255.255.255.0 -p udp -m udp --dport 1208:1210 
> -m conntrack --ctstate NEW -i em4 -j ACCEPT
> 
> I also stopped the firewall (using systemctl stop firewalld) because there 
> wasn't one
> in the legacy.
> 
> The other thing I also did was set ip_forward to 1 using the following.
> echo 1 > /proc/sys/net/ipv4/ip_forward

Interesting.  Was this needed?  The reason I ask is we have IP forwarding
turned off in our /etc/sysctl.conf file.

re: Are you working with a university that is connected to the IDD to get feeds?

> As far as I know we are not working with a university. 

Then you will need to get the GOES-16/17 data from your NOAAPort reception
system and then stitch the tiles together to make full scenes.  We can not
feed a non-university site ** unless ** they have contracted with us to
provide the feed(s) that they want, and this is not cheap (since it costs
so much to setup via the contracting process).  If you are interested
in receiving not-for-free feeds from us, I can put you in touch with the
appropriate person to further discuss the matter.

re:
> If I have to get all GOES-R data
> via noaaport, what configuration changes do I need on LDM?

Nothing on the ingest side needs changing (assuming you have configured
your Novra S300N to process the needed PIDs in NOAAPort).  Typically,
sites feed the output from a NOAAPort ingest machine to one or more
downstream LDMs where data processing is done.  We do not recommend
trying to double duty an ingest machine with processing the data since
the output from the Novra S300N is a UDP stream, and UDP streams have
no retransmit capability like TCP does - if you miss processing packets,
you miss products.

re:
> Besides the noaaport ingest lines I added in ldmd.conf.

Again, we recommend that all processing be done on a machine which is
being fed from a NOAAPort ingest machine.

On the downstream machine, you would need to setup an LDM pattern-action
file action that stitches together the ABI L2 tiles being sent in
NOAAPort into full scenes.  If you are also interested in the other
L2 products in NOAAPort, you will need to process them appropiately
also (e.g., strip off NOAAPort broadcast headers and footers to leave
the underlying netCDF4 files).  One of the developers here created a
Python 3 script that handles the stitching together of tiles into
full scenes.  That code can be found in the ldm-alchemy package in
the Unidata section of GitHub:

https://github.com/Unidata/ldm-alchemy

re: NB: One GEMPAK user reported a problem with using the new images in GEMPAK

> I think I should invest some time to install and configure AWIPS in the 
> future.

OK, this is a big job.

re:
> However,
> my goal right now is to get the GOES-R data through noaaport using gempak 
> (because
> gempak is what we have right now).

Hopefully, there will be soon a new release of GEMPAK that fixes the problem 
that
one user has reported.  There is no estimate for when this may be at the moment.

Cheers,

Tom
--
****************************************************************************
Unidata User Support                                    UCAR Unidata Program
(303) 497-8642                                                 P.O. Box 3000
address@hidden                                   Boulder, CO 80307
----------------------------------------------------------------------------
Unidata HomePage                       http://www.unidata.ucar.edu
****************************************************************************


Ticket Details
===================
Ticket ID: BGK-918302
Department: Support NOAAPORT
Priority: Normal
Status: Closed
===================
NOTE: All email exchanges with Unidata User Support are recorded in the Unidata 
inquiry tracking system and then made publicly available through the web.  If 
you do not want to have your interactions made available in this way, you must 
let us know in each email you send to us.

Prev by Date: [NOAAPORT #BGK-918302]: NOAAPort ingest not working
Next by Date: [NOAAPORT #BGK-918302]: NOAAPort ingest not working
Previous by thread: [NOAAPORT #BGK-918302]: NOAAPort ingest not working
Next by thread: [NOAAPORT #BGK-918302]: NOAAPort ingest not working
Index(es):
- Date
- Thread