[openstack-dev] [Neutron] Configuration of Openflow controller reachability information in OVS from Openstack

Ravi Chunduru ravivsn at gmail.com
Wed Aug 7 06:02:21 UTC 2013

look into nicira neutrón plugin.
I like the idea of ovs controller config driven through neutrón api. Nicira
approach today  is to add ovs certificates onto ovs controller manually.

On Aug 6, 2013 9:09 PM, "Addepalli Srini-B22160" <B22160 at freescale.com>
> Hi,
> Using OVS Quantum Plugin and agent,  it is possible to configure OVS with
> Openflow logical switches.
> Tables
> Ports to the logical switches (VLAN, VXLAN, GRE etc..)
> OVS Agent in each compute node uses local ovs-vsctl command to configure
> But, there is no simple way for Openstack quantum to configure OVS in
compute nodes with  OF controller IP address,  TCP Port,  SSL Certificates
> Also, there is no mechanism today to get hold of DPID of the OVS logical
switches by Openstack controller.
> Do  you think that it is good to enhance  Openstack OVS Quantum Plugin
and agent to pass above information?
> At very high level, we are thinking to introduce following:
> Configuration of OF Controller reachability information
> Quantum extension API though  which is used to set following:
> Set of Openflow controllers  - For each OF controller
> IP address,   Port
> SSL  Enabled Yes/No.
> If SSL enabled
> CA certificate chain to validate OF controller identification by the OVS.
> Zone/Cell for which this OF controller is applicable for.
> Changes to QuantumClient to configure above.
> OVS Quantum Plugin to store above information in the database.
> OVS Quantum Agent to Plugin communication to get hold of OF controller
> OVS Quantum Agent to add the information in OVS using ovs-vsctl.
> Generation of logical switch certificates
>   OVS Quantum agent requests the plugin to generate local certificate and
private key for each one of the logical switches
> Agent to send DPID
> Plugin to generate certificate & private key pair and sending them as
> Plugin configuration file to have CA certificate to use to sign the
logical switch certificates.
> Does that make sense?  Is this work going on somewhere else?
> Thanks
> Srini
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130806/fa3a445a/attachment.html>

More information about the OpenStack-dev mailing list