Creating SSL Connection to a RYU Controller
This section describes the procedure to create an SSL connection with the RYU controller.
PicOS Switch
The following steps need to be completed on the PicOS switch:
root@PicOS-OVS#apt-get install openssl Reading package lists... Done Building dependency tree Reading state information... Done Suggested packages: ca-certificates The following NEW packages will be installed: openssl 0 upgraded, 1 newly installed, 0 to remove and 17 not upgraded. Need to get 696 kB of archives. After this operation, 1070 kB of additional disk space will be used. WARNING: The following packages cannot be authenticated! openssl Authentication warning overridden. Get:1 http://ftp.debian.org/debian/ stable/main openssl powerpc 1.0.1e-2 [696 kB] Fetched 696 kB in 5s (131 kB/s) Selecting previously unselected package openssl. (Reading database ... 17049 files and directories currently installed.) Unpacking openssl (from .../openssl_1.0.1e-2_powerpc.deb) ... Processing triggers for man-db ... Setting up openssl (1.0.1e-2) ... root@PicOS-OVS#ovs-pki init /ovs/bin/ovs-pki: /ovs/var/lib/openvswitch/pki already exists and --force not specified root@PicOS-OVS#ovs-pki init --force Creating controllerca... Creating switchca... root@PicOS-OVS#cd /ovs/var/lib/openvswitch/pki/controllerca root@PicOS-OVS#ovs-pki req+sign ctl controller ctl-req.pem Mon Jan 13 03:26:05 UTC 2014 fingerprint 1cbf63b21301f33d9b4aa30540bff492f15bced3 root@PicOS-OVS#ls ca.cnf careq.pem crl ctl-cert.pem ctl-req.pem index.txt.attr index.txt.old private serial.old cacert.pem certs crlnumber ctl-privkey.pem index.txt index.txt.attr.old newcerts serial root@PicOS-OVS#ls ctl-privkey.pem ctl-cert.pem ctl-cert.pem ctl-privkey.pem root@PicOS-OVS#cd /ovs/var/lib/openvswitch/pki/switchca root@PicOS-OVS#ovs-pki req+sign sc switch sc-req.pem Mon Jan 13 03:26:54 UTC 2014 fingerprint 65ed449bee94b8e7b8ba7da6f6584afd2f9cc2fb root@PicOS-OVS#ls sc-privkey.pem sc-cert.pem sc-cert.pem sc-privkey.pem root@PicOS-OVS# root@PicOS-OVS#scp /ovs/var/lib/openvswitch/pki/controllerca/ctl-cert.pem 10.10.50.41:/home/build The authenticity of host '10.10.50.41 (10.10.50.41)' can't be established. ECDSA key fingerprint is e6:04:3b:c8:24:36:c7:dd:c1:06:6a:69:e2:3b:82:2f. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '10.10.50.41' (ECDSA) to the list of known hosts. root@10.10.50.41's password: ctl-cert.pem 100% 4063 4.0KB/s 00:00 root@PicOS-OVS#scp /ovs/var/lib/openvswitch/pki/controllerca/ctl-privkey.pem 10.10.50.41:/home/build root@10.10.50.41's password: ctl-privkey.pem 100% 1675 1.6KB/s 00:00 root@PicOS-OVS#scp /ovs/var/lib/openvswitch/pki/switchca/cacert.pem 10.10.50.41:/home/build root@10.10.50.41's password: cacert.pem 100% 4028 3.9KB/s 00:00 root@PicOS-OVS#ovs-vsctl set-ssl /ovs/var/lib/openvswitch/pki/switchca/sc-privkey.pem /ovs/var/lib/openvswitch/pki/switchca/sc-cert.pem /ovs/var/lib/openvswitch/pki/controllerca/cacert.pem root@PicOS-OVS#ovs-vsctl del-br br0 ovs-vsctl: no bridge named br0 root@PicOS-OVS#ovs-vsctl add-br br0 -- set bridge br0 datapath_type=pica8 root@PicOS-OVS#ovs-vsctl set-controller br0 ssl:10.10.50.41:6633 root@PicOS-OVS#
Controller
The following steps need to be completed on the controller:
root@dev-41:/home/build# ryu-manager --ctl-privkey ./ctl-privkey.pem --ctl-cert ./ctl-cert.pem --verbose loading app ryu.controller.ofp_handler instantiating app ryu.controller.ofp_handler of OFPHandler BRICK ofp_event CONSUMES EventOFPPortDescStatsReply CONSUMES EventOFPSwitchFeatures CONSUMES EventOFPErrorMsg CONSUMES EventOFPEchoRequest CONSUMES EventOFPHello connected socket:<eventlet.green.ssl.GreenSSLSocket object at 0x9f1ebfc> address:('10.10.50.155', 48508) hello ev <ryu.controller.ofp_event.EventOFPHello object at 0x9ecf1ec> move onto config mode switch features ev version: 0x4 msg_type 0x6 xid 0xa2f1cf23 OFPSwitchFeatures(auxiliary_id=0,capabilities=7,datapath_id=7461368339596857098L,n_buffers=256,n_tables=254) move onto main mode
Related articles
Filter by label
There are no items with the selected labels at this time.
Copyright © 2024 Pica8 Inc. All Rights Reserved.