[openstack-dev] [Neutron] Configuration of Openflow controller reachability information in OVS from Openstack

Addepalli Srini-B22160 B22160 at freescale.com
Wed Aug 7 04:08:21 UTC 2013


Using OVS Quantum Plugin and agent,  it is possible to configure OVS with

-       Openflow logical switches.
-       Tables
-       Ports to the logical switches (VLAN, VXLAN, GRE etc..)

OVS Agent in each compute node uses local ovs-vsctl command to configure above.

But, there is no simple way for Openstack quantum to configure OVS in compute nodes with  OF controller IP address,  TCP Port,  SSL Certificates etc..
Also, there is no mechanism today to get hold of DPID of the OVS logical switches by Openstack controller.

Do  you think that it is good to enhance  Openstack OVS Quantum Plugin and agent to pass above information?

At very high level, we are thinking to introduce following:

-       Configuration of OF Controller reachability information
o       Quantum extension API though  which is used to set following:
*       Set of Openflow controllers  - For each OF controller
*       IP address,   Port
*       SSL  Enabled Yes/No.
*       If SSL enabled
o       CA certificate chain to validate OF controller identification by the OVS.
*       Zone/Cell for which this OF controller is applicable for.
o       Changes to QuantumClient to configure above.
o       OVS Quantum Plugin to store above information in the database.
o       OVS Quantum Agent to Plugin communication to get hold of OF controller information.
o       OVS Quantum Agent to add the information in OVS using ovs-vsctl.
-       Generation of logical switch certificates
o         OVS Quantum agent requests the plugin to generate local certificate and private key for each one of the logical switches
*       Agent to send DPID
o       Plugin to generate certificate & private key pair and sending them as response.
o       Plugin configuration file to have CA certificate to use to sign the logical switch certificates.

Does that make sense?  Is this work going on somewhere else?


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130807/29c91d96/attachment.html>

More information about the OpenStack-dev mailing list