Changes between Version 4 and Version 5 of Internal/OpenFlow/Notes
- Timestamp:
- Jul 13, 2009, 10:38:35 PM (15 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Internal/OpenFlow/Notes
v4 v5 39 39 * can a virtual switch be loaded with a default flow table that would allow it to function, at least until its table times out? 40 40 41 === SSL setup (7/13) ===42 using this site as reference: http://www.debian-administration.org/article/Creating_and_Using_a_self_signed__SSL_Certificates_in_debian 41 === SSL setup, things top know for the next day. (7/13) === 42 using this site as reference: http://www.debian-administration.org/article/Creating_and_Using_a_self_signed__SSL_Certificates_in_debian 43 43 44 except renaming the switch key and cert to what it would understand: 45 *ca_cert.pem 46 *sw_cert.pem 47 *sw_key.pem 44 except renaming the output .pem files to what it would understand: 45 *ca_cert.pem - from cacert.pem 46 *sw_cert.pem - from cert.pem 47 *sw_key.pem - from key.pem 48 49 for the Common Name, I just used the IP address of the CA, 192.168.203.75. 48 50 49 51 because in the example on the site ca_cert.pem is named cacert.pem, I had to change "cacert" to "ca_cert" in openssl.cnf for the very last part (signing the certificate): … … 53 55 database = $dir/index.txt 54 56 new_certs_dir = $dir/newcerts 55 certificate = $dir/ca cert.pem57 certificate = $dir/ca_cert.pem #change over here 56 58 private_key = $dir/private/cakey.pem 57 59 default_days = 365 … … 63 65 policy = policy_match 64 66 }}} 65 I am not sure if changing the name of the key from ofpswitch.key.pem to sw_key.pem after making/signing the certification will affect anything. will find out. 67 I am not sure if changing the name of the key from ofpswitch.key.pem to sw_key.pem after making/signing the certification will affect anything. 68 69 Some lessons for the day: [[BR]] 70 * the SD card will show up as /media/disk on the PC 71 * 72 73 things to do: 74 * control VLAN on switch 75 * config control VLAN and statically assign PC to controller IP 76 * VLAN not used for any legacy networking purposes for controller 77 * packet sniff SSL handshake 78 79 ==== VLAN 888 ==== 80 arbitrary VLAN for OFP controller, since nothing probably uses that high a VLAN number. Currently only gi 0/42 (formerly one of the trunk ports) 81 {{{ 82 sw-sb09(config)# vlan 888 83 !sw-sb09(config-vlan)# name "OpenFlow control VLAN" 84 !sw-sb09(config-vlan)# interface gi 0/42 85 !sw-sb09(config-if)# sh 86 interface gigabitethernet 0/42 87 switchport mode trunk 88 switchport trunk allowed vlan 1,3,27-28 89 switchport trunk native vlan 1 90 ! 91 !sw-sb09(config-if)# no sw mo tru 92 !sw-sb09(config-if)# no switchport trunk allowed vlan 1,3,27-28 93 !sw-sb09(config-if)# no switchport trunk nat vlan 1 94 !sw-sb09(config-if)# sh 95 interface gigabitethernet 0/42 96 switchport mode access 97 ! 98 !sw-sb09(config-if)# sw acc vlan 888 99 !sw-sb09(config-if)# interface vlan 888 100 !sw-sb09(config-if)# ip address 172.16.4.1 255.255.255.0 101 !sw-sb09(config-if)# save 102 sw-sb09(config-if)# 103 }}} 104 this will probably not need a route specified for it since the controller is directly attached to the switch. 66 105 106 [[BR]] 107 [[BR]] 108 [[BR]] 109 [[BR]] 110 [wiki:Documentation/OpenFlow/ return to OpenFlow index]
