Securing the connection between an OpenFlow instance and the controller
Syntax
controller-id <controller-ID> secure
no controller-id <controller-ID> secure
secure
Initiates a TLS connection with the controller (TLS version 1.0 or greater.)
controller-ID
OpenFlow controller ID to be associated with the instance.
This command:
Secures the instance controller main connection. This option is available for OpenFlow version 1.0 as well as OpenFlow version 1.3.
Supports CA signed certificates. For CA signed certificates, same ROOT certificate is used to sign both controller and switch certificate.
Supports mutual authentication.
Example
switch(openflow)# show openflow instance test Configured OF Version : 1.3 only Negotiated OF Version : 1.3 Instance Name : test Data-path Description : test Administrator Status : Enabled Member List : VLAN 3 Pipeline Model : Standard Match Listen Port : 6633 Operational Status : Up Operational Status Reason : NA Datapath ID : 000340a8f09e8600 Mode : Active Flow Location : Hardware and Software No. of Hardware Flows : 6 No. of Software Flows : 4 Hardware Rate Limit : 0 kbps Software Rate Limit : 100 pps Conn. Interrupt Mode : Fail-Secure Maximum Backoff Interval : 60 seconds Probe Interval : 10 seconds Hardware Table Miss Count : NA No. of Software Flow Tables : 1 Egress Only Ports : None Table Model : Policy Engine and Software Source MAC Group Table : Disabled Destination MAC Group Table : Disabled Controller Id Connection Status Connection State Secure Role ------------- ----------------- ---------------- ------ ------ 1 Connected Active No Equal