Ask is moving to Stack Overflow and Serverfault.com! Please use the "opendaylight" tag on either of these sites. This site is now in Read-Only mode

0

TLS Support Issue: br0<->ssl:172.31.1.2:6633: connection dropped (conneciton refused) error in ovs-vswitchd.log file

asked 2015-07-23 12:13:05 -0800

sankettandulwadkar gravatar image

updated 2015-07-23 12:16:08 -0800

Trying to add TLS support to ODL. Followed the steps on link: https://wiki.opendaylight.org/view/OpenDaylightOpenFlowPlugin:TLSSupport

I get no errors when I run any of the steps but when I complete it after the "set-controller" step, and ovs-vsctl show, I get

sanket@sanket-ubuntu-ovs:/var/log/openvswitch$ sudo ovs-vsctl show cdf33b4e-420b-434d-87ba-d0e2183c9d47 Bridge "br0" Controller "ssl:172.31.1.2:6633" Port "eth1" Interface "eth1" Port "br0" Interface "br0" type: internal ovs_version: "2.3.1"

There is no is_connected parameter.

edit retag flag offensive close merge delete

2 answers

Sort by ยป oldest newest most voted
0

answered 2015-08-27 09:49:54 -0800

icarocamelo gravatar image

updated 2015-08-27 09:51:39 -0800

Hi Sanket,

Add a bridge and set it to use SSL connection:

sudo ovs-vsctl add-br br0
sudo ovs-vsctl set-controller br0 ssl:10.0.1.6:6633 

Use this script to create your topology and set up your switch to use SSL connection:
#!/usr/bin/python
from mininet.net import Mininet
from mininet.node import Controller, RemoteController
from mininet.cli import CLI
from mininet.log import setLogLevel, info

def emptyNet():
    net = Mininet(controller=None)
    net.addController( 'c0', controller=RemoteController, ip='YOUR_CONTROLLER_IP', port=6633)
    h1 = net.addHost( 'h1' )
    h2 = net.addHost( 'h2' )
    s1 = net.addSwitch( 's1' )
    net.addLink( h1, s1 )
    net.addLink( h2, s1 )

    net.start()
    s1.cmd('ovs-vsctl set-controller s1 ssl:YOUR_CONTROLLER_IP:6633')

    CLI( net )
    net.stop()

if __name__ == '__main__':
    setLogLevel( 'info' )
    emptyNet()

To use TLS/SSL connections, modify the "42-openflowplugin.xml" or "42-openflowplugin-new.xml" file (depending on your version) from: ../openflowplugin/openflowplugin-controller-config/src/main/resources/initial

 
# add the <tls> blocks as shown to each of the existing OF-switch-connection-provider modules

        
        <module>
          <type xmlns:prefix="urn:opendaylight:params:xml:ns:yang:openflow:switch:connection:provider:impl">prefix:openflow-switch-connection-provider-impl</type>
          <name>openflow-switch-connection-provider-default-impl</name>
          <port>6633</port>
          <switch-idle-timeout>15000</switch-idle-timeout>
          <transport-protocol>TLS</transport-protocol>
          <tls>
            <keystore>configuration/ssl/ctl.jks</keystore>
            <keystore-type>JKS</keystore-type>
            <keystore-path-type>PATH</keystore-path-type>
            <keystore-password>opendaylight</keystore-password>
            <truststore>configuration/ssl/truststore.jks</truststore>
            <truststore-type>JKS</truststore-type>
            <truststore-path-type>PATH</truststore-path-type>
            <truststore-password>opendaylight</truststore-password>
            <certificate-password>opendaylight</certificate-password>
          </tls>

        </module>
        
        <module>
          <type xmlns:prefix="urn:opendaylight:params:xml:ns:yang:openflow:switch:connection:provider:impl">prefix:openflow-switch-connection-provider-impl</type>
          <name>openflow-switch-connection-provider-legacy-impl</name>
          <port>6653</port>
          <switch-idle-timeout>15000</switch-idle-timeout>
          <transport-protocol>TLS</transport-protocol>
          <tls>
            <keystore>configuration/ssl/ctl.jks</keystore>
            <keystore-type>JKS</keystore-type>
            <keystore-path-type>PATH</keystore-path-type>
            <keystore-password>opendaylight</keystore-password>
            <truststore>configuration/ssl/truststore.jks</truststore>
            <truststore-type>JKS</truststore-type>
            <truststore-path-type>PATH</truststore-path-type>
            <truststore-password>opendaylight</truststore-password>
            <certificate-password>opendaylight</certificate-password>
          </tls>

        </module></tls>
edit flag offensive delete publish link more

Comments

The issue was not building ODL again after changing the config file. After doing so, the above steps work.

sankettandulwadkar ( 2015-09-04 07:26:29 -0800 )edit
0

answered 2015-07-23 23:25:46 -0800

Ashwini_Mhatre gravatar image

Hi , Use following command to set controller: ovs-vsctl set-manager "ptcp:6640"

Regards, Ashwini

edit flag offensive delete publish link more

Comments

I did. It just added a Manager field. sanket@sanket-ubuntu-ovs:~$ sudo ovs-vsctl show cdf33b4e-420b-434d-87ba-d0e2183c9d47 Manager "ptcp:6640" Bridge "br0" Controller "ssl:172.31.1.2:6633" Port "eth1" Interface "eth1" Port "br0" Interface "br0" type: internal ovs_version: "2.3.1" I still dont know why I dont have a is_connected parameter. Any idea if I am doing anything wrong? I used 1)ovs-vsctl set-manager "ptcp:6640" 2)sudo ovs-vsctl -v set-controller br0 ssl:172.31.1.2:6633 3)sudo ovs-vsctl show

sankettandulwadkar ( 2015-07-24 06:40:18 -0800 )edit
Login/Signup to Answer

Stats

Asked: 2015-07-23 12:13:05 -0800

Seen: 1,287 times

Last updated: Aug 27 '15