[ovs-discuss] OVS with ssl connection

Fri Nov 15 06:44:02 UTC 2013

Hi Justin

Thanks for replying.
Besides this I'm facing one more issue.I'm not able to consistently
maintain ssl connection between OVS and Ryu Controller after configuring
cert and priv keys associated with them.
I mean the configuration that was working yesterday is not working today.Is
there any time limit restricted for this?
I'll send you pcap file whenever the connection is etablished.

Thanks

On Thu, Nov 14, 2013 at 10:43 PM, Justin Pettit <jpettit at nicira.com> wrote:

> Also, please post your response to the mailing list.
>
> --Justin
>
>
> On Nov 14, 2013, at 9:11 AM, Justin Pettit <jpettit at nicira.com> wrote:
>
> > Can you please send the pcap itself, not the wireshark printout.  I
> still think it's likely that the data is encrypted.  Wireshark is saying
> that it's TCP because it doesn't know it's SSL unless it comes over a port
> that indicates it's SSL encrypted, such as 443 for HTTPS.
> >
> > --Justin
> >
> >
> > On Nov 14, 2013, at 4:51 AM, abhishek jain <ashujain9727 at gmail.com>
> wrote:
> >
> >> Hi Justin,
> >>
> >> The switch connection configuration is as follows...
> >>
> >> ovs-vsctl show
> >> f450197c-4930-4041-b333-aa52a98b79df
> >>    Bridge "br0"
> >>        Controller "ssl:192.168.6.165:6633"
> >>            is_connected: true
> >>        Port "br0"
> >>            Interface "br0"
> >>                type: internal
> >>    ovs_version: "1.11.0"
> >>
> >> Also please find the attached wireshark sniffers regarding this.
> >> The ip of the OVS switch is 192.168.6.179 whereas the ip of the
> controller is 192.168.6.165.
> >>
> >>
> >> Please help
> >>
> >>
> >>
> >> Thanks//
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >> On Thu, Nov 14, 2013 at 1:22 PM, Justin Pettit <jpettit at nicira.com>
> wrote:
> >> Can you send a pcap of your packets?  I would be surprised if OVS would
> allow the packets to go out without SSL.
> >>
> >> --Justin
> >>
> >>
> >> On Nov 13, 2013, at 11:47 PM, abhishek jain <ashujain9727 at gmail.com>
> wrote:
> >>
> >>> Hi Justin,
> >>>
> >>> Thanks for the concern.
> >>>
> >>> I'm following the below link for my configuration and have succeded in
> doing it without any issues...
> >>>
> >>> http://ryu.readthedocs.org/en/latest/tls.html
> >>>
> >>> However when I capture packets on wireshark,there are neither ssl
> packets nor encrypted data between OVS and Ryu controller.
> >>> Please help regarding ssl connection between OVS and Ryu controller.
> >>>
> >>>
> >>> Thanks
> >>>
> >>>
> >>>
> >>> On Wed, Nov 13, 2013 at 11:02 PM, Justin Pettit <jpettit at nicira.com>
> wrote:
> >>> The configuration (from what you've provided) looks fine.  What do you
> mean that packets from the controller are showing up as TCP?  All the
> OpenFlow connections (supported by OVS) run over TCP.  The ones configured
> with "ssl" just means that the packets will be encrypted, but they still
> are running on TCP port 6633.
> >>>
> >>> --Justin
> >>>
> >>>
> >>> On Nov 13, 2013, at 3:30 AM, abhishek jain <ashujain9727 at gmail.com>
> wrote:
> >>>
> >>>> Hi all,
> >>>>
> >>>>
> >>>> I have configured the private keys and certificates and have
> established ssl connection using ryu controller with OVS and the switch is
> showing connected true.
> >>>> However I'm not able to capture packets on wireshark with ssl field.
> >>>> The packets from controller are still showing tcp field on wireshark
> >>>>
> >>>> ovs-vsctl show
> >>>> 76d19433-7892-4c6a-af4d-b4e2936f4485
> >>>>    Bridge "br0"
> >>>>        Controller "ssl:192.168.6.165:6633"
> >>>>            is_connected: true
> >>>>        Port "br0"
> >>>>            Interface "br0"
> >>>>                type: internal
> >>>>    ovs_version: "1.4.0+build0"
> >>>>
> >>>> Whether the above ssl connection is valid?
> >>>>
> >>>>
> >>>> Please help regarding this.
> >>>>
> >>>>
> >>>>
> >>>> Thanks
> >>>> Abhishek Jain
> >>>> _______________________________________________
> >>>> discuss mailing list
> >>>> discuss at openvswitch.org
> >>>> http://openvswitch.org/mailman/listinfo/discuss
> >>>
> >>>
> >>
> >>
> >> <Screenshot from 2013-11-14 18:20:12.png>
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://openvswitch.org/pipermail/ovs-discuss/attachments/20131115/ffcd5a81/attachment.html>