Limiting DMX Universe access at network level.

To give a clear picture of the situation, we have a Net3 network running through Paradigm.  Touring house with ten (10) Universes.  House consoles are networked and pose no issues however, Touring consoles need to stay OUT of certain Universes lest we have the lobby chandelier patch overlapping with the tour's movers which isn't all that terrible until the ballyhoo starts and everyone in the lobby suddenly thinks they've stepped into the club next door. (No not the voice of experience at all).

In short, Is there an effective method of masking/blocking specific DMX Universe information coming into a network port.  I mean, its simple enough to hand the tour an saCN line but insisting that they stay OUT of specific Universes gets tricky and doesn't always compute when it is mentioned.  Ideally, blocking any saCN information for a specific Universe would allow for all "allowable" universes to be patched while making it impossible to even accidentally send anything to a universe that is already populated with dimmers, fixtures, etc that we don't want accessed by touring lighting control.

For the record, the fall-back method is to hand tours a multi-channel DMX umbilical connected to a multi-output node/nodes. It works, but its messy and creates a lot of clutter with all that extra gear I keep hoping for a way to "address" a network port to only "see" a defined group of Universes.  Is it a thing and I'm just not tech savvy enough to have done it or should I put more in the pipe and keep dreaming?

  • There are a number of ways to handle this, ranging from fairly simple to rather complex.  You've already landed on the most secure way of doing this, which is handing the tour a DMX umbilical where *you* control what is plugged into on the output side.  I generally prefer this method for reasonably small interfaces, though 10 universes is maybe pushing the definition of reasonable for this approach.  You could glam this up a bit by picking up a few sneak snakes or CPC snakes to reduce cable clutter, or by racking up your nodes in a portable rack so you just have short DMX jumpers locally, and power / ethernet to the the rack.  Put the rack on the tour's rack and patch.

    I mention security above as there are always some risks involved in giving unknown entities a network connection to your lighting network.  Anything from accidental data interference as you're currently experiencing, to an over-eager new person getting into house configurations and breaking something.

    If you really want to give them a network cable and accept sACN, there are some other options.

    These may or may not work well for you depending on the specifics of your installation, and are slightly simplified in explanation.

    1.  (Easy day-to-day, requires outside support to implement)  Have a service technician update your paradigm system to allow you to "arbitrate" control inputs.  This would allow you to press a button or buttons to give Paradigm exclusive control of specific universes or channels.

    2. (Moderately easy day-to-day, requires advanced skills and equipment, possibly outside support) Create a VLAN for the visiting tours to connect to, and routing rules to forward specific universes only

    3.  (Moderately easy day-to-day, requires additional equipment, may require outside support)  Finally, you could purchase a third party product to do sACN routing / patching for you.  I'm not aware of any ETC product that has theses features, but will list a couple third party options below.

        a. Pathway ELink.  Protocol converter / Router.  Moderately challenging to set up, but one of the most secure ways to handle this I know, and only have to set it up once.  A few silly quirks.  Difficult to change config while in active use.

      b.  Luminex Luminode / LumiCore.  Highly configurable protocol converters and nodes.  Can be fairly complex to configure for your application, and a bit pricey.

  • Depending on the make/model of switch installed you may be able to create an Access Control List (ACL) to filter ingress sACN packets. The sACN multicast is 239.255/16...the last two octets represent the sACN universe.

Related