Securing the connection between an OpenFlow instance and the controller

Syntax


controller-id <controller-ID> secure
no controller-id <controller-ID> secure
secure

Initiates a TLS connection with the controller (TLS version 1.0 or greater.)

controller-ID

OpenFlow controller ID to be associated with the instance.

This command:

  • Secures the instance controller main connection. This option is available for OpenFlow version 1.0 as well as OpenFlow version 1.3.

  • Supports CA signed certificates. For CA signed certificates, same ROOT certificate is used to sign both controller and switch certificate.

  • Supports mutual authentication.

Example

switch(openflow)# show openflow instance test
Configured OF Version         : 1.3 only
Negotiated OF Version         : 1.3
Instance Name                 : test
Data-path Description         : test
Administrator Status          : Enabled
Member List                   : VLAN 3
Pipeline Model                : Standard Match
Listen Port                   : 6633
Operational Status            : Up
Operational Status Reason     : NA
Datapath ID                   : 000340a8f09e8600
Mode                          : Active
Flow Location                 : Hardware and Software
No. of Hardware Flows         : 6
No. of Software Flows         : 4
Hardware Rate Limit           : 0 kbps
Software Rate Limit           : 100 pps
Conn. Interrupt Mode          : Fail-Secure
Maximum Backoff Interval      : 60 seconds
Probe Interval                : 10 seconds
Hardware Table Miss Count     : NA
No. of Software Flow Tables   : 1
Egress Only Ports             : None
Table Model                   : Policy Engine and Software
Source MAC Group Table        : Disabled
Destination MAC Group Table   : Disabled

Controller Id Connection Status Connection State Secure Role
------------- ----------------- ---------------- ------ ------
1             Connected         Active           No     Equal