Creating SSL Connection to a RYU Controller

Owned by Tracy Yang
Nov 13, 2023
3 min read

This section describes the procedure to create an SSL connection with the RYU controller.

PicOS Switch

The following steps need to be completed on the PicOS switch:

root@PicOS-OVS#apt-get install openssl 
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Suggested packages:
  ca-certificates
The following NEW packages will be installed:
  openssl
0 upgraded, 1 newly installed, 0 to remove and 17 not upgraded.
Need to get 696 kB of archives.
After this operation, 1070 kB of additional disk space will be used.
WARNING: The following packages cannot be authenticated!
  openssl
Authentication warning overridden.
Get:1 http://ftp.debian.org/debian/ stable/main openssl powerpc 1.0.1e-2 [696 kB]
Fetched 696 kB in 5s (131 kB/s)   
Selecting previously unselected package openssl.
(Reading database ... 17049 files and directories currently installed.)
Unpacking openssl (from .../openssl_1.0.1e-2_powerpc.deb) ...
Processing triggers for man-db ...
Setting up openssl (1.0.1e-2) ...
 
root@PicOS-OVS#ovs-pki init
/ovs/bin/ovs-pki: /ovs/var/lib/openvswitch/pki already exists and --force not specified
 
root@PicOS-OVS#ovs-pki init --force
Creating controllerca...
Creating switchca...
 
root@PicOS-OVS#cd /ovs/var/lib/openvswitch/pki/controllerca
 
root@PicOS-OVS#ovs-pki req+sign ctl controller
ctl-req.pem     Mon Jan 13 03:26:05 UTC 2014
        fingerprint 1cbf63b21301f33d9b4aa30540bff492f15bced3
 
root@PicOS-OVS#ls
ca.cnf      careq.pem  crl        ctl-cert.pem     ctl-req.pem  index.txt.attr      index.txt.old  private  serial.old
cacert.pem  certs      crlnumber  ctl-privkey.pem  index.txt    index.txt.attr.old  newcerts       serial
 
root@PicOS-OVS#ls ctl-privkey.pem ctl-cert.pem
ctl-cert.pem  ctl-privkey.pem
 
root@PicOS-OVS#cd /ovs/var/lib/openvswitch/pki/switchca
 
root@PicOS-OVS#ovs-pki req+sign sc switch
sc-req.pem      Mon Jan 13 03:26:54 UTC 2014
        fingerprint 65ed449bee94b8e7b8ba7da6f6584afd2f9cc2fb
 
root@PicOS-OVS#ls sc-privkey.pem sc-cert.pem
sc-cert.pem  sc-privkey.pem
 
root@PicOS-OVS#
root@PicOS-OVS#scp /ovs/var/lib/openvswitch/pki/controllerca/ctl-cert.pem 10.10.50.41:/home/build                  
The authenticity of host '10.10.50.41 (10.10.50.41)' can't be established.
ECDSA key fingerprint is e6:04:3b:c8:24:36:c7:dd:c1:06:6a:69:e2:3b:82:2f.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.10.50.41' (ECDSA) to the list of known hosts.
root@10.10.50.41's password: 
ctl-cert.pem    
                                                                                                           100% 4063     4.0KB/s   00:00    
root@PicOS-OVS#scp /ovs/var/lib/openvswitch/pki/controllerca/ctl-privkey.pem 10.10.50.41:/home/build
root@10.10.50.41's password: 
ctl-privkey.pem 
                                                                                                           100% 1675     1.6KB/s   00:00    
root@PicOS-OVS#scp /ovs/var/lib/openvswitch/pki/switchca/cacert.pem 10.10.50.41:/home/build
root@10.10.50.41's password: 
cacert.pem     
                                                                                                            100% 4028     3.9KB/s   00:00    
root@PicOS-OVS#ovs-vsctl set-ssl /ovs/var/lib/openvswitch/pki/switchca/sc-privkey.pem /ovs/var/lib/openvswitch/pki/switchca/sc-cert.pem /ovs/var/lib/openvswitch/pki/controllerca/cacert.pem
 
root@PicOS-OVS#ovs-vsctl  del-br br0
ovs-vsctl: no bridge named br0
root@PicOS-OVS#ovs-vsctl  add-br br0 -- set bridge br0 datapath_type=pica8
root@PicOS-OVS#ovs-vsctl  set-controller br0 ssl:10.10.50.41:6633
root@PicOS-OVS#

Controller

The following steps need to be completed on the controller:

root@dev-41:/home/build# ryu-manager --ctl-privkey ./ctl-privkey.pem --ctl-cert ./ctl-cert.pem --verbose 
loading app ryu.controller.ofp_handler
instantiating app ryu.controller.ofp_handler of OFPHandler
BRICK ofp_event
 CONSUMES EventOFPPortDescStatsReply
 CONSUMES EventOFPSwitchFeatures
 CONSUMES EventOFPErrorMsg
 CONSUMES EventOFPEchoRequest
 CONSUMES EventOFPHello
connected socket:<eventlet.green.ssl.GreenSSLSocket object at 0x9f1ebfc> address:('10.10.50.155', 48508)
hello ev <ryu.controller.ofp_event.EventOFPHello object at 0x9ecf1ec>
move onto config mode
switch features ev version: 0x4 msg_type 0x6 xid 0xa2f1cf23 OFPSwitchFeatures(auxiliary_id=0,capabilities=7,datapath_id=7461368339596857098L,n_buffers=256,n_tables=254)
move onto main mode 

Filter by label

There are no items with the selected labels at this time.

Copyright © 2024 Pica8 Inc. All Rights Reserved.