Open Daylight Controller with SSL and Mininet

In a previous post, I discussed how to run Open vSwtich using SSL for the control traffic using Mininet and also how to start the Open vSwitch test controller (ovs-controller) to listen with SSL. In this post I show how to use Open Daylight as the controller using SSL.

First, go to ODL directory and create a directory we’ll work in. You could use the ‘configuration’ directory. I’m going to create a directory called ssl.

cd /home/odl/controller/opendaylight/distribution/opendaylight/target/distribution.opendaylight-osgipackage/opendaylight
mkdir ssl
cd ssl

Get keys and certs from Mininet VM described in other post and put them in your ssl directory.

Get the controller keys.
/etc/openvswitch/ctl-privkey.pem
/etc/openvswitch/ctl-cert.pem
Get the switch cacert.
/var/lib/openvswitch/pki/switchca/cacert.pem  -> and rename to sw-cacert.pem

Create controller key store for ODL using the keys.

cat ctl-privkey.pem ctl-cert.pem > ctl.pem
openssl pkcs12 -export -out ctl.p12 -in ctl.pem
  # when asked for passwords, just enter 'mininet', as an example.
keytool -importkeystore -srckeystore ctl.p12 -srcstoretype pkcs12 -destkeystore ctlKeyStore -deststoretype jks
  # when asked for passwords, just enter 'mininet', as an example.

Add switch CA to controller trust store.

keytool -import -alias swca1 -file sw-cacert.pem -keystore ctlTrustStore
  # when asked for passwords, just enter 'mininet', as an example.

Edit opendaylight/configuration/config.ini to enable SSL and set properties for store location and password.

secureChannelEnabled=true
controllerKeyStore=./ssl/ctlKeyStore
controllerKeyStorePassword=mininet
controllerTrustStore=./ssl/ctlTrustStore
controllerTrustStorePassword=mininet

Now you can start the ODL controller.

./run.sh

Then, back in your Mininet VM, run the same script used in the other post to start Mininet using SSL.

Hope you find this useful.

This post ‘Open Daylight Controller with SSL and Mininet’ first appeared on https://techandtrains.com/.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: