I need help understanding proper configuration of OPC UA in ignition to enable 3rd party clients to connect. Our ignition gateway has multiple NICs, and I believe this requires configuration beyond the default.
In 7.9, we had this configuration, and clients connected with no problem.
In 8.0.3, this configuration (default) does not work.
We modified the configuration to this:
And now the clients can connect. This was a result of trial and error, and I’d like to know the valid options and resulting behavior for bind addresses and endpoint addresses.
Documentation in the user manual has not been updated for these new configuration scenarios.
The bind addresses settings tell the UA server which network interfaces to attempt to register on. 0.0.0.0 effectively means "bind to all network interfaces, which in combination with port 4096 means that technically anything that can reach your gateway (on any of its network interfaces) would see your UA server on port 4096. There’s no reason you can’t do that - it’s just that it comes with its own caveats.
localhost is a special case identifier supported by (basically) everything, that just means ‘myself’. So binding to localhost means that only something else within the scope of whatever network interface is used for localhost (in Linux, there’s a special ‘loopback’ adapter, but I think it’s somewhat more obscured in Windows) will be valid - which basically just means that only something on your own machine can connect to that port to reach the UA server.
hostname is a special wildcard that the UA server specifically supports - it just fills in whatever your machine reported as its own hostname. So in your UA client, you could probably put opc.tcp://computer name instead of opc.tcp://10.XXX.XXX.XXX, and it would connect.
All that’s specific to the bind addresses setting.
My understand of the ‘endpoint addresses’ is that it’s used to specify what your UA server will advertise/allow as acceptable addresses. So - if you’re binding to 0.0.0.0, and any network card can theoretically connect, but you only have localhost and hostname in your endpoint addresses, something trying to connect to you over a direct IP would not work, because the endpoint they’re requesting wouldn’t match.
Disclaimer: There are some deliberate simplifications here that someone really pedantic might correct me on, but I’m confident in about 80% of that. Also, I’m far from a UA expert - this is all based on some assembled knowledge over time.
3 Likes
The only thing I have to add to what Paul said is that <hostname> and <localhost> are just magic syntax to tell the server to try and find the hostname (when it’s literally “hostname”) or resolve the value to as many addresses or hostnames as possible when it’s anything else (“localhost” in this case).
Any values you stick in there influence the endpoint URLs the server will return when a client calls the GetEndpoints service. Non default values can be necessary if you have more than one NIC and the first one Java sees isn’t the one you want, or if you’re doing something like putting your server behind a public IP that forwards to an internal IP, and you need to have that public IP available as one of the endpoint URLs.
2 Likes
Is the Bind Address 10.205.39.249 the same address as your Gateway? (10.205.39.249:8088)
Thanks for trying to be helpful, but this thread is 3 years old and doesn’t need to be resurrected for the purpose of further troubleshooting with the OP.
