Ruchika Verma | 30 Jan 06:38 2015
Picon

OpenVSwitch Supports SSL

hello,

I am new to SDN and OVSwitch.

I have a basic query - does OpenVSwitch supports SSL?

If yes(which as per my current understanding is true), how do i make OVS SSL capable? Also, in which property will the switch communicate the SSL properties to controller?

I am able to create the keys and certificates using below command. 

sudo ovs-pki req+sign ctl controller sudo ovs-pki req+sign sc switch sudo ovs-vsctl set-ssl \ /etc/openvswitch/sc-privkey.pem \ /etc/openvswitch/sc-cert.pem \ /var/lib/openvswitch/pki/controllerca/cacert.pem

But i am not able to make the switch communicate the same to controller it seems, because when i check it through -

sudo ovs-vsctl showit shows tcpip connection instead of SSL.

Can you please guide.


Thanks
Ruchika
<div><div dir="ltr">
<div class="gmail_default">hello,</div>
<div class="gmail_default"><br></div>
<div class="gmail_default">I am new to SDN and OVSwitch.</div>
<div class="gmail_default"><br></div>
<div class="gmail_default">I have a basic query - does OpenVSwitch supports SSL?</div>
<div class="gmail_default"><br></div>
<div class="gmail_default">If yes(which as per my current understanding is true), how do i make OVS SSL capable? Also, in which property will the switch communicate the SSL properties to controller?</div>
<div class="gmail_default"><br></div>
<div class="gmail_default">I am able to create the keys and certificates using below command.&nbsp;</div>
<div class="gmail_default"><br></div>
<div class="gmail_default">sudo ovs-pki req+sign ctl controller
sudo ovs-pki req+sign sc switch
sudo ovs-vsctl set-ssl \
    /etc/openvswitch/≤span class="">sc-privkey.pem</span> \
    /etc/openvswitch/≤span class="">sc-cert.pem</span> \
    /var/lib/openvswitch/pki/controllerca/≤span class="">cacert.pem</span>
</div>
<div class="gmail_default"><br></div>
<div class="gmail_default">But i am not able to make the switch communicate the same to controller it seems, because when i check it through -</div>
<div class="gmail_default"><br></div>
<div class="gmail_default">sudo ovs-vsctl show<span>it shows tcpip connection instead of SSL.</span><br>
</div>
<div class="gmail_default"><br></div>
<div class="gmail_default">Can you please guide.</div>
<div class="gmail_default"><br></div>
<div class="gmail_default"><br></div>
<div class="gmail_default">Thanks</div>
<div class="gmail_default">Ruchika</div>
</div></div>
Sheena Goyal | 22 Jan 09:44 2015

Regarding permission for usage of OpenVSwitch reference.

Hi Team,

I am writing a whitepaper and wanted your permission to use the reference of  Openflow Switch Specification Version 1.4.0 in our whitepaper.
Is this the right place to seek permission or please direct me where to send the mail for the same ?


Thanks & Regards
Sheena Goyal

=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain
confidential or privileged information. If you are
not the intended recipient, any dissemination, use,
review, distribution, printing or copying of the
information contained in this e-mail message
and/or attachments to it are strictly prohibited. If
you have received this communication in error,
please notify us by reply e-mail or telephone and
immediately and permanently delete the message
and any attachments. Thank you

<div>Hi Team,
<br><br>I am writing a whitepaper and wanted
your permission to use the reference of &nbsp;Openflow
Switch Specification Version 1.4.0
in our whitepaper.<br>
Is this the right place to seek permission or please direct me where to
send the mail for the same ?
<br><br><br>
Thanks &amp; Regards<br>
Sheena Goyal<p>=====-----=====-----=====<br>
Notice: The information contained in this e-mail<br>
message and/or attachments to it may contain <br>
confidential or privileged information. If you are <br>
not the intended recipient, any dissemination, use, <br>
review, distribution, printing or copying of the <br>
information contained in this e-mail message <br>
and/or attachments to it are strictly prohibited. If <br>
you have received this communication in error, <br>
please notify us by reply e-mail or telephone and <br>
immediately and permanently delete the message <br>
and any attachments. Thank you</p>

<p></p>
</div>
Azouni Abdelhadi | 21 Jan 18:32 2015

Controller reaction to ARP requests

Hello all,

From an OpenFlow view, how should a controller reply to a message-in containing an ARP request (that the of-switch didn't know how to handle) ? in both cases: 
1. the controller has the info about the requested IP
2. the controller has not the info 

Thank you 
<div><div dir="ltr">
<span>Hello all,</span><div><br></div>
<div>From an OpenFlow view, how should a controller reply to a message-in containing an ARP request (that the of-switch didn't know how to handle) ? in both cases:&nbsp;</div>
<div>1. the controller has the info about the requested IP</div>
<div>2. the controller has not the info&nbsp;</div>
<div><br></div>
<div>Thank you&nbsp;</div>
</div></div>
tech_kals Kals | 20 Jan 17:58 2015
Picon

Connecting openflow switch to the controller

Hi Experts,

I am very new to openflow protocol. have started to go through the openflow specification. I have few doubts. I see, there are some reserved ports supported by the switch.
Those reserved ports have been given below. 

1) Are they a logical port or physical port?

2) Reserved port types are ALL/ CONTROLLER/ TABLE/ IN_PORT/ ANY/ LOCAL/ NORMAL/ FLOOD. 
     will we mention these types anywhere in the port configuration? I am really getting confused. where this ALL port type would be mentioned? can someone clarify ?

3) If you have config in your hand, could you please share ? I just want to take a look at it.

4) CONTROLLER: The physical port which is connected to the controller would be configured as "controller port"? what will happen, if i dont configure a port as controller port even though it has been connected to the controller?



---------------
Required: ALL: Represents all ports the switch can use for forwarding a specic packet. Can
be used only as an output port. In that case a copy of the packet is sent to all standard ports,
excluding the packet ingress port and ports that are congured OFPPC_NO_FWD.

ˆ Required: CONTROLLER: Represents the control channel with the OpenFlow controller. Can
be used as an ingress port or as an output port. When used as an output port, encapsulate the
packet in a packet-in message and send it using the OpenFlow protocol (see A.4.1). When used
as an ingress port, this identies a packet originating from the controller.

ˆ Required: TABLE: Represents the start of the OpenFlow pipeline. This port is only valid in an
output action in the action list of a packet-out message, and submits the packet to the flowow table 
so that the packet can be processed through the regular OpenFlow pipeline.

ˆ Required: IN PORT: Represents the packet ingress port. Can be used only as an output port,
send the packet out through its ingress port.

ˆ Required: ANY: Special value used in some OpenFlow commands when no port is specied (i.e.
port is wildcarded). Can neither be used as an ingress port nor as an output port.

ˆ Optional: LOCAL: Represents the switch's local networking stack and its management stack.
Can be used as an ingress port or as an output port. The local port enables remote entities to
interact with the switch and its network services via the OpenFlow network, rather than via a
separate control network. With a suitable set of default 
ow entries it can be used to implement
an in-band controller connection.

ˆ Optional: NORMAL: Represents the traditional non-OpenFlow pipeline of the switch (see 5.1).
Can be used only as an output port and processes the packet using the normal pipeline. If the
switch cannot forward packets from the OpenFlow pipeline to the normal pipeline, it must indicate
that it does not support this action.

ˆ Optional: FLOOD: Represents 
ooding using the normal pipeline of the switch (see 5.1). Can
be used only as an output port, in general will send the packet out all standard ports, but not to
the ingress port, nor ports that are in OFPPS_BLOCKED state. The switch may also use the packet
VLAN ID to select which ports to food.

--------------
<div><div dir="ltr">Hi Experts,<div><br></div>
<div>I am very new to openflow protocol. have started to go through the openflow specification. I have few doubts. I see, there are some reserved ports supported by the switch.</div>
<div>Those reserved ports have been given below.&nbsp;</div>
<div><br></div>
<div>1) Are they a logical port or physical port?</div>
<div><br></div>
<div>2) Reserved port types are ALL/ CONTROLLER/ TABLE/ IN_PORT/ ANY/ LOCAL/ NORMAL/ FLOOD.&nbsp;</div>
<div>&nbsp; &nbsp; &nbsp;will we mention these types anywhere in the port configuration? I am really getting confused. where this ALL port type would be mentioned? can someone clarify ?</div>
<div><br></div>
<div>3) If you have config in your hand, could you please share ? I just want to take a look at it.</div>
<div><br></div>
<div>4) CONTROLLER: The physical port which is connected to the controller would be configured as "controller port"? what will happen, if i dont configure a port as controller port even though it has been connected to the controller?</div>
<div><br></div>
<div>
<br><div><br></div>
<div>---------------</div>
<div>
<div>Required: ALL: Represents all ports the switch can use for forwarding a specic packet. Can</div>
<div>be used only as an output port. In that case a copy of the packet is sent to all standard ports,</div>
<div>excluding the packet ingress port and ports that are congured OFPPC_NO_FWD.</div>
<div><br></div>
<div>&#136; Required: CONTROLLER: Represents the control channel with the OpenFlow controller. Can</div>
<div>be used as an ingress port or as an output port. When used as an output port, encapsulate the</div>
<div>packet in a packet-in message and send it using the OpenFlow protocol (see A.4.1). When used</div>
<div>as an ingress port, this identies a packet originating from the controller.</div>
<div><br></div>
<div>&#136; Required: TABLE: Represents the start of the OpenFlow pipeline. This port is only valid in an</div>
<div>output action in the action list of a packet-out message, and submits the packet to the flowow table&nbsp;</div>
<div>so that the packet can be processed through the regular OpenFlow pipeline.</div>
<div><br></div>
<div>&#136; Required: IN PORT: Represents the packet ingress port. Can be used only as an output port,</div>
<div>send the packet out through its ingress port.</div>
<div><br></div>
<div>&#136; Required: ANY: Special value used in some OpenFlow commands when no port is specied (i.e.</div>
<div>port is wildcarded). Can neither be used as an ingress port nor as an output port.</div>
<div><br></div>
<div>&#136; Optional: LOCAL: Represents the switch's local networking stack and its management stack.</div>
<div>Can be used as an ingress port or as an output port. The local port enables remote entities to</div>
<div>interact with the switch and its network services via the OpenFlow network, rather than via a</div>
<div>separate control network. With a suitable set of default&nbsp;</div>
<div>ow entries it can be used to implement</div>
<div>an in-band controller connection.</div>
<div><br></div>
<div>&#136; Optional: NORMAL: Represents the traditional non-OpenFlow pipeline of the switch (see 5.1).</div>
<div>Can be used only as an output port and processes the packet using the normal pipeline. If the</div>
<div>switch cannot forward packets from the OpenFlow pipeline to the normal pipeline, it must indicate</div>
<div>that it does not support this action.</div>
<div><br></div>
<div>&#136; Optional: FLOOD: Represents&nbsp;</div>
<div>ooding using the normal pipeline of the switch (see 5.1). Can</div>
<div>be used only as an output port, in general will send the packet out all standard ports, but not to</div>
<div>the ingress port, nor ports that are in OFPPS_BLOCKED state. The switch may also use the packet</div>
<div>VLAN ID to select which ports to food.</div>
</div>
</div>
<div><br></div>
<div>--------------</div>
</div></div>
Steve Uhlig | 17 Jan 17:56 2015
Picon

2 open postdoc positions on SDN for IXPs within EU ENDEAVOUR project

The School of Electronic Engineering and Computer Science at Queen Mary, 
University of London is seeking to appoint two Research Assistants as part of
the project “Towards a flexible software-defined network ecosystem” (ENDEAVOUR), 
funded by the EU within the Horizon 2020 program.

The successful candidates will be responsible for investigating software-defined networking 
(SDN) aspects relevant for the next generation of Internet Exchange Points (IXP). This will 
involve: 
(1) analyzing large-scale network data, 
(2) the development and application of SDN software in the context of IXPs, and 
(3) the design of new distributed systems techniques for network management.

The closing date for applications is 15 February 2015 and interviews are expected to be held 
shortly afterwards.

For more details about the application process, please see:

Informal enquiries should be addressed to Prof Steve Uhlig at steve.uhlig <at> qmul.ac.uk.
<div>
<div class="">The School of Electronic Engineering and Computer Science at Queen Mary,&nbsp;</div>
<div class="">University of London is seeking to appoint two Research Assistants as part of</div>
<div class="">the project &ldquo;Towards a flexible software-defined network ecosystem&rdquo; (ENDEAVOUR),&nbsp;</div>
<div class="">funded by the EU within the Horizon 2020 program.<br class=""><br class="">
The successful candidates will be responsible for investigating software-defined networking&nbsp;</div>
<div class="">(SDN) aspects relevant for the next generation of Internet Exchange Points (IXP). This will&nbsp;</div>
<div class="">involve:&nbsp;</div>
<div class="">(1) analyzing large-scale network data,&nbsp;</div>
<div class="">(2) the development and application of SDN software in the context of IXPs, and&nbsp;</div>
<div class="">(3) the design of new distributed systems techniques for network management.</div>
<div class=""><br class=""></div>
<div class="">The closing date for applications is 15 February 2015 and interviews are expected to be held&nbsp;</div>
<div class="">shortly afterwards.</div>
<div class=""><br class=""></div>
<div class="">For more details about the application process, please see:</div>
<div class=""><a href="http://www.jobs.qmul.ac.uk/search/?s=QMUL5200" class="">http://www.jobs.qmul.ac.uk/search/?s=QMUL5200</a></div>
<div class=""><br class=""></div>
<div class="">Informal enquiries should be addressed to Prof Steve Uhlig at <a href="mailto:steve.uhlig <at> qmul.ac.uk" class="">
steve.uhlig <at> qmul.ac.uk</a>.</div>
</div>
shankar.pachari | 14 Jan 13:08 2015

sharing QoS for multiple hosts

Hi,

 

                I am trying to implement a QoS example using Floodlight (OF 1.0) and Mininet and came across this doubt.

 

Since queues are created by the admins in each switch manually and shared, what is the best practice  to follow when the same QoS needs to be enforced among multiple hosts?

 

If we route all traffic that belongs to a particular ToS to the same queue, will it not degrade the QoS for each individual hosts?

 

Thanks,

Shankar.

<div>
<div class="WordSection1">
<p class="MsoNormal">Hi,<p></p></p>
<p class="MsoNormal"><p>&nbsp;</p></p>
<p class="MsoNormal">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; I am trying to implement a QoS example using Floodlight (OF 1.0) and Mininet and came across this doubt.
<p></p></p>
<p class="MsoNormal"><p>&nbsp;</p></p>
<p class="MsoNormal">Since queues are created by the admins in each switch manually and shared, what is the best practice &nbsp;to follow when the same QoS needs to be enforced among multiple hosts?<p></p></p>
<p class="MsoNormal"><p>&nbsp;</p></p>
<p class="MsoNormal">If we route all traffic that belongs to a particular ToS to the same queue, will it not degrade the QoS for each individual hosts?<p></p></p>
<p class="MsoNormal"><p>&nbsp;</p></p>
<p class="MsoNormal">Thanks,<p></p></p>
<p class="MsoNormal">Shankar.<p></p></p>
</div>
</div>
Picon

new member

Hi 

Rafid almahdi

<div>
<p>Hi&nbsp;</p>
<div>Rafid almahdi<br><br>
</div>
</div>
Silvia Fichera | 7 Jan 07:20 2015
Picon

Aiuto!

Spero che si ottiene questo in tempo, ho fatto un viaggio a Limassol, Cipro e avevo la mia borsa rubata e il mio passaporto e le carte di credito in esso. L'ambasciata è disposto ad aiutarmi. Nel senso mi dara il permesso di volare senza il mio passaporto, non mi resta che pagare per un biglietto e stabilirsi il fatture dell'albergo. Purtroppo per me, non posso avere accesso ai fondi senza la mia carta di credito, Ho preso contatto con la mia banca, ma hanno bisogno di più tempo per trovare una nuova. I stavo pensando di chiederti di prestarmi alcuni fondi veloce che potrei pagare al più presto . ho davvero bisogno di essere sul primo volo disponibile. Posso inoltrarti i dettagli su come è possibile ottenere i fondi per me. Mi si può raggiungere via e-mail o su Juaniva Hotel front telefono fisso, i numeri sono, +35731804806 o +35731600806
Aspetto la  tua risposta.

Cordiali saluti 
Silvia Fichera
<div><div dir="ltr">Spero che si ottiene questo in tempo, ho fatto un viaggio a Limassol, Cipro e avevo la mia borsa rubata e il mio passaporto e le carte di credito in esso. L'ambasciata &egrave; disposto ad aiutarmi. Nel senso mi dara il permesso di volare senza il mio passaporto, non mi resta che pagare per un biglietto e stabilirsi il fatture dell'albergo. Purtroppo per me, non posso avere accesso ai fondi senza la mia carta di credito, Ho preso contatto con la mia banca, ma hanno bisogno di pi&ugrave; tempo per trovare una nuova. I stavo pensando di chiederti di prestarmi alcuni fondi veloce che potrei pagare al pi&ugrave; presto . ho davvero bisogno di essere sul primo volo disponibile. Posso inoltrarti i dettagli su come &egrave; possibile ottenere i fondi per me. Mi si pu&ograve; raggiungere via e-mail o su Juaniva Hotel front telefono fisso, i numeri sono, +35731804806 o +35731600806 <br>Aspetto la&nbsp; tua risposta.<br><br>Cordiali saluti&nbsp; <br><div class="gmail_signature">Silvia Fichera</div>
</div></div>
tech_kals Kals | 24 Dec 15:02 2014
Picon

How controller learns about the switch

Hi Experts,

  I have a switch which is connected to a open source OpenDayLight (ODL) controller. Once ODL is connected, it learns about the switch. But, I would like to see, how the controller learns about the switch and topology. I know, it learns through LLDP. But, 

1) is it possible to get the details of how a switch and controller are handshaking  before the communication starts? How do I see, what are the messages are exchanged between them?

Thanks,
Kaliyaperumal K
<div><div dir="ltr">Hi Experts,<div><br></div>
<div>&nbsp; I have a switch which is connected to a open source OpenDayLight (ODL) controller. Once ODL is connected, it learns about the switch. But, I would like to see, how the controller learns about the switch and topology. I know, it learns through LLDP. But,&nbsp;</div>
<div><br></div>
<div>1) is it possible to get the details of how a switch and controller are handshaking &nbsp;before the communication starts? How do I see, what are the messages are exchanged between them?</div>
<div><br></div>
<div>Thanks,</div>
<div>Kaliyaperumal K</div>
</div></div>
Maha | 23 Dec 04:31 2014
Picon

Asking about the code for SFNet

Hi,
Is it possible to get the code for the SFNet , is it an open source code?

Thanks a lot
Maha
Jennifer Gossels | 23 Dec 00:28 2014
Picon

OFPST_FLOW vs. OFPST_AGGREGATE

Hi,

I'm wondering what the differences are between OFPST_FLOW and OFPST_AGGREGATE in OpenFlow 1.0? I've looked at the specification, and I see that one difference is that an OFPST_FLOW reply contains more fields than OFPST_AGGREGATE. But an OFPST_AGGREGATE reply contains a count of the number of flows, which an OFPST_FLOW reply does not. I'm not sure how this field works? According to the description of matching semantics, it seems that both OFPST_FLOW and OFPST_AGGREGATE could potentially match on multiple entries in the flow table. Ultimately, I'm wondering if the packet and byte counts returned by an OFPST_FLOW request and an OFPST_AGGREGATE request will always be the same?

Thank you,
Jennifer Gossels
<div>
<div class="">Hi,</div>
<div class=""><br class=""></div>
<div class="">I'm wondering what the differences are between OFPST_FLOW and OFPST_AGGREGATE in OpenFlow 1.0? I've looked at the&nbsp;<a href="https://www.opennetworking.org/images/stories/downloads/sdn-resources/onf-specifications/openflow/openflow-spec-v1.0.0.pdf" class="">specification</a>,
 and I see that one difference is that an OFPST_FLOW reply contains more fields than OFPST_AGGREGATE. But an OFPST_AGGREGATE reply contains a count of the number of flows, which an OFPST_FLOW reply does not. I'm not sure how this field works? According to the
 description of matching semantics, it seems that both OFPST_FLOW and OFPST_AGGREGATE could potentially match on multiple entries in the flow table. Ultimately, I'm wondering if the packet and byte counts returned by an OFPST_FLOW request and an OFPST_AGGREGATE
 request will always be the same?</div>
<div class=""><br class=""></div>
<div class="">Thank you,</div>
<div class="">Jennifer Gossels</div>
</div>

Gmane