Programmable Internetworking & Communication Operating System Docs ... Click Spaces -> Space Directory to see docs for all releases ...
Page tree
Skip to end of metadata
Go to start of metadata

This section describes the procedure to create an SSL connection with the RYU controller.

PicOS Switch

The following steps need to be completed on the PicOS switch:

root@PicOS-OVS#apt-get install openssl 
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Suggested packages:
  ca-certificates
The following NEW packages will be installed:
  openssl
0 upgraded, 1 newly installed, 0 to remove and 17 not upgraded.
Need to get 696 kB of archives.
After this operation, 1070 kB of additional disk space will be used.
WARNING: The following packages cannot be authenticated!
  openssl
Authentication warning overridden.
Get:1 http://ftp.debian.org/debian/ stable/main openssl powerpc 1.0.1e-2 [696 kB]
Fetched 696 kB in 5s (131 kB/s)   
Selecting previously unselected package openssl.
(Reading database ... 17049 files and directories currently installed.)
Unpacking openssl (from .../openssl_1.0.1e-2_powerpc.deb) ...
Processing triggers for man-db ...
Setting up openssl (1.0.1e-2) ...
 
root@PicOS-OVS#ovs-pki init
/ovs/bin/ovs-pki: /ovs/var/lib/openvswitch/pki already exists and --force not specified
 
root@PicOS-OVS#ovs-pki init --force
Creating controllerca...
Creating switchca...
 
root@PicOS-OVS#cd /ovs/var/lib/openvswitch/pki/controllerca
 
root@PicOS-OVS#ovs-pki req+sign ctl controller
ctl-req.pem     Mon Jan 13 03:26:05 UTC 2014
        fingerprint 1cbf63b21301f33d9b4aa30540bff492f15bced3
 
root@PicOS-OVS#ls
ca.cnf      careq.pem  crl        ctl-cert.pem     ctl-req.pem  index.txt.attr      index.txt.old  private  serial.old
cacert.pem  certs      crlnumber  ctl-privkey.pem  index.txt    index.txt.attr.old  newcerts       serial
 
root@PicOS-OVS#ls ctl-privkey.pem ctl-cert.pem
ctl-cert.pem  ctl-privkey.pem
 
root@PicOS-OVS#cd /ovs/var/lib/openvswitch/pki/switchca
 
root@PicOS-OVS#ovs-pki req+sign sc switch
sc-req.pem      Mon Jan 13 03:26:54 UTC 2014
        fingerprint 65ed449bee94b8e7b8ba7da6f6584afd2f9cc2fb
 
root@PicOS-OVS#ls sc-privkey.pem sc-cert.pem
sc-cert.pem  sc-privkey.pem
 
root@PicOS-OVS#
root@PicOS-OVS#scp /ovs/var/lib/openvswitch/pki/controllerca/ctl-cert.pem 10.10.50.41:/home/build                  
The authenticity of host '10.10.50.41 (10.10.50.41)' can't be established.
ECDSA key fingerprint is e6:04:3b:c8:24:36:c7:dd:c1:06:6a:69:e2:3b:82:2f.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.10.50.41' (ECDSA) to the list of known hosts.
root@10.10.50.41's password: 
ctl-cert.pem    
                                                                                                           100% 4063     4.0KB/s   00:00    
root@PicOS-OVS#scp /ovs/var/lib/openvswitch/pki/controllerca/ctl-privkey.pem 10.10.50.41:/home/build
root@10.10.50.41's password: 
ctl-privkey.pem 
                                                                                                           100% 1675     1.6KB/s   00:00    
root@PicOS-OVS#scp /ovs/var/lib/openvswitch/pki/switchca/cacert.pem 10.10.50.41:/home/build
root@10.10.50.41's password: 
cacert.pem     
                                                                                                            100% 4028     3.9KB/s   00:00    
root@PicOS-OVS#ovs-vsctl set-ssl /ovs/var/lib/openvswitch/pki/switchca/sc-privkey.pem /ovs/var/lib/openvswitch/pki/switchca/sc-cert.pem /ovs/var/lib/openvswitch/pki/controllerca/cacert.pem
 
root@PicOS-OVS#ovs-vsctl  del-br br0
ovs-vsctl: no bridge named br0
root@PicOS-OVS#ovs-vsctl  add-br br0 -- set bridge br0 datapath_type=pica8
root@PicOS-OVS#ovs-vsctl  set-controller br0 ssl:10.10.50.41:6633
root@PicOS-OVS#

Controller

The following steps need to be completed on the controller:

root@dev-41:/home/build# ryu-manager --ctl-privkey ./ctl-privkey.pem --ctl-cert ./ctl-cert.pem --verbose 
loading app ryu.controller.ofp_handler
instantiating app ryu.controller.ofp_handler of OFPHandler
BRICK ofp_event
 CONSUMES EventOFPPortDescStatsReply
 CONSUMES EventOFPSwitchFeatures
 CONSUMES EventOFPErrorMsg
 CONSUMES EventOFPEchoRequest
 CONSUMES EventOFPHello
connected socket:<eventlet.green.ssl.GreenSSLSocket object at 0x9f1ebfc> address:('10.10.50.155', 48508)
hello ev <ryu.controller.ofp_event.EventOFPHello object at 0x9ecf1ec>
move onto config mode
switch features ev version: 0x4 msg_type 0x6 xid 0xa2f1cf23 OFPSwitchFeatures(auxiliary_id=0,capabilities=7,datapath_id=7461368339596857098L,n_buffers=256,n_tables=254)
move onto main mode 

Error rendering macro 'contentbylabel'

parameters should not be empty

  • No labels