Configuring an OVSDB VTEP
Overview
A Pica8 Network device implements Open vSwitch Database (OVSDB) management protocol, has connections with network virtualization controller, and can use Open vSwitch Database management protocol to deploy and manage VXLANs on VTEPs. For more OVSDB management protocol details, please read RFC7047.
NOTE:
VXLAN can be configured remotely via OVSDB. And MAC addresses learned can be synced to the OVSDB and vice versa.
Configuring an OVSDB Connection with a Controller
The device supports the following types OVSDB connections:
- SSL —The device initiates an SSL connection to an network virtualization controller.
- PSSL —The device accepts the SSL connection from an network virtualization controller.
- TCP —The device initiates a TCP connection to an network virtualization controller.
- PTCP —The device accepts the TCP connection from an network virtualization controller.
Creating and Installing an SSL Key and Certificate on a Pica8 Device
To secure a connection between a Pica8 device that supports the Open vSwitch Database (OVSDB) management protocol and one or more network virtualization controllers, the following Secure Sockets Layer (SSL) files must be present in the /ovs/var/lib/openvswitch/pki directory on the device:
- pica8-cert.pem
- pica8-privkey.pem
- pica8-req.pem
You must create the pica8-privkey.pem and pica8-cert.pem files for the device, and then install the two files in the /ovs/var/lib/openvswitch/pki directory on the device.
To create and install an SSL key and certificate on a Pica device:
- Update the system time, or certificate will show expired.
- Install openssl on Pica8 device or linux computer
- Initialize a PKI on Pica8 device or linux computer
# ovs-pki init --force - On Pica8 device or the same Linux computer on which the PKI exists, create a new key and certificate for the Pica8 device.
# ovs-pki req+sign pica8 - Copy only the pica8
-privkey.pem
and pica8-cert.pem
files from the Linux computer to the /ovs/var/lib/openvswitch/pki directory on the Pica8 device.
Configure a OVSDB VTEP Step
OVSDB VTEP supported on PicOS L2/L3 switch, the commands configure step as below.
Enabling the OVSDB server
set vxlans ovsdb-managed true
Configuring a source address for VXLAN tunnels
set vxlans source-interface loopback address 10.10.10.1
Disabling VXLAN tunnels address learning
set vxlans tunnel-mac-leaning disable true
Configuring the VTEP management interface IP address
set protocols ovsdb management-ip 10.10.51.157
Configuring an SSL connection to a network virtualization controller
set protocols ovsdb SSL private-key "/ovs/var/lib/openvswitch/pki/pica8-privkey.pem" set protocols ovsdb SSL certificate "/ovs/var/lib/openvswitch/pki/pica8-cert.pem" set protocols ovsdb SSL ca-cert "/ovs/var/lib/openvswitch/pki/controller.cacert" set protocols ovsdb SSL bootstrap true set protocols ovsdb controller c1 address 10.10.50.220 set protocols ovsdb controller c1 protocol ssl
Configuring PSSL connection requests from a network virtualization controller
set protocols ovsdb SSL private-key "/ovs/var/lib/openvswitch/pki/pica8-privkey.pem" set protocols ovsdb SSL certificate "/ovs/var/lib/openvswitch/pki/pica8-cert.pem" set protocols ovsdb SSL ca-cert "/ovs/var/lib/openvswitch/pki/controller.cacert" set protocols ovsdb SSL bootstrap true set protocols ovsdb controller c1 protocol ssl
Configuring TCP connection to a network virtualization controller
set protocols ovsdb controller c1 address 10.10.50.220 set protocols ovsdb controller c1 protocol tcp
Configuring PTCP connection requests from a network virtualization controller
set protocols ovsdb controller c1 protocol ptcp
Copyright © 2024 Pica8 Inc. All Rights Reserved.