[openstack-dev] [Neutron] Configuration of Openflow controller reachability information in OVS from Openstack

Somanchi Trinath-B39208 B39208 at freescale.com
Wed Aug 7 09:58:50 UTC 2013

Hi Ravi-

With respect to NICIRA NVP Plugin in Quantum, All the processing is done with respect to Nicira NVP.

Also, the Controller cluster arguments are provided from ini file.

Can you point me to where the OVS certificates are handled in Nicira code base for quantum.

Trinath Somanchi - B39208
trinath.somanchi at freescale.com | extn: 4048

From: Ravi Chunduru [mailto:ravivsn at gmail.com]
Sent: Wednesday, August 07, 2013 11:32 AM
To: OpenStack Development Mailing List
Subject: Re: [openstack-dev] [Neutron] Configuration of Openflow controller reachability information in OVS from Openstack

look into nicira neutrón plugin.
I like the idea of ovs controller config driven through neutrón api. Nicira approach today  is to add ovs certificates onto ovs controller manually.

On Aug 6, 2013 9:09 PM, "Addepalli Srini-B22160" <B22160 at freescale.com<mailto:B22160 at freescale.com>> wrote:
> Hi,
> Using OVS Quantum Plugin and agent,  it is possible to configure OVS with
> Openflow logical switches.
> Tables
> Ports to the logical switches (VLAN, VXLAN, GRE etc..)
> OVS Agent in each compute node uses local ovs-vsctl command to configure above.
> But, there is no simple way for Openstack quantum to configure OVS in compute nodes with  OF controller IP address,  TCP Port,  SSL Certificates etc..
> Also, there is no mechanism today to get hold of DPID of the OVS logical switches by Openstack controller.
> Do  you think that it is good to enhance  Openstack OVS Quantum Plugin and agent to pass above information?
> At very high level, we are thinking to introduce following:
> Configuration of OF Controller reachability information
> Quantum extension API though  which is used to set following:
> Set of Openflow controllers  - For each OF controller
> IP address,   Port
> SSL  Enabled Yes/No.
> If SSL enabled
> CA certificate chain to validate OF controller identification by the OVS.
> Zone/Cell for which this OF controller is applicable for.
> Changes to QuantumClient to configure above.
> OVS Quantum Plugin to store above information in the database.
> OVS Quantum Agent to Plugin communication to get hold of OF controller information.
> OVS Quantum Agent to add the information in OVS using ovs-vsctl.
> Generation of logical switch certificates
>   OVS Quantum agent requests the plugin to generate local certificate and private key for each one of the logical switches
> Agent to send DPID
> Plugin to generate certificate & private key pair and sending them as response.
> Plugin configuration file to have CA certificate to use to sign the logical switch certificates.
> Does that make sense?  Is this work going on somewhere else?
> Thanks
> Srini
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org<mailto:OpenStack-dev at lists.openstack.org>
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130807/f8e785c7/attachment.html>

More information about the OpenStack-dev mailing list