Is it possible to add VEN IP Addresses during VEN oadrQueryRegistration message sending?

[peter279k]

As title, I try to use the registration approach to send oadrQueryRegistration message payload to VTN.

I need to let VTN know VEN device IP addresses via above oadrQueryRegistration message payload because these VEN devices are located behind the energy management server.

I need to know energy management server IP and VEN device IP so that I can verify this VEN device on VTN.

Is it possible to do that during VEN oadrQueryRegistration registration message payload sending?

[stan-janssen]

Thanks for the question.

Just so I understand correctly: you want the VTN to check the VEN's IP address that it is making the request from?

OpenADR has no concept of using IP addresses for any verification, so that is not possible using OpenADR. The OpenADR way to authenticate VENs and VTNs is to use X509 certificates, which OpenLEADR already supports. Please see the documentation here: https://openleadr.org/docs/message_signing.html. The registration_info dict will contain a fingerprint element that you can use to verify the certificate and thereby the VEN.

If you really want to use IP address checking, you can try if the following solution would work for you.

You could add the VEN's IP address to the registration_info dict that the VTN receives in its on_create_party_registration handler. This would be done in the openleadr.service.vtn_service.VTNService.handler method; I already added the VEN's secure fingerprint in there if it is connecting over HTTPS.

You could use these lines:

                if message_type == 'oadrCreatePartyRegistration':
                    message_payload['ip_address'] = request.remote

If you insert these between line 71 and 72 of the openleadr/service/vtn_service.py of the current main branch of openleadr-python, you should then have the VEN's IP address in the registration_info dict in your on_create_party_registration handler.

I hope this helps. If anything is unclear, please let me know.

[peter279k]

Hi @stan-janssen, thanks for your reply.

In addition to verify VEN device with IP addresses during oadrQueryRegistration sending, I also need to identify VEN IP addresses because different VEN devices have the different events.

Is there any other ways to identify VEN devices without IP addresses?

I figure out another way is: creating the VEN id and VEN name whitelists and store them to the database.

Once the oadrQueryRegistration sending happens, it will check whether above VEN id or VEN name is valid during the oadrCreatePartyRegistration message sending. It's similar with this registration approach.

Do you have another OpenADR way to verify/identify VEN devices?

[stan-janssen]

There are a few options for identifying the VENs in OpenADR during registration:

• By their venName: you can set this up in the OpenLEADR using client = OpenADRClient(ven_name='ven001'). On the VTN side, the venName will be included in the registration_info dict (which is called payload in the documentation example you refer to). You should then look up that venName in your database, assign a venID and registrationID and return than. From then on, the Ven will always identify itself using its venID. So when you want to add an Event, you add an event for a specific ven_id in OpenLEADR (see here).
• Using a fixed venID. Instead of letting the VTN assign a venID to you the VEN, you can configure the venID in the OpenADRClient as well. The VTN can then check the venID field in the registration_info dict.
• Using a certificate fingerprint. If you use HTTPS with certificates and message signing, the VEN will create a SSL connection to the VEN with a client-side certificate. The VTN will calculate the fingerprint for that certificate and supply it to the registration_info['fingerprint'] field. You should pre-configure the fingerprints in your VTN database to check. If you start your OpenADRClient with SSL certificates, it will print its fingerprint on startup. Alternatively, you can get the fingerprint by using the fingerprint command line utility that you get when you install openleadr: see this documentation. This is the recommended setup, but it requires you to run both your VEN and VTN using SSL, for which you need some certificates. You can use the dummy certificates that I supply in this repository to get started.

My recommendation is that you create a mapping between ven_name and ven_id in your VTN database. For each of your vens, you assign a unique ven_name. IN your on_create_party_registration handler, you look up the ven_name and return the ven_id and a registration_id. This will set the ven_id on the VEN as well. After that, you assign events by their ven_id.

When you get that working, you can experiment with certificates for additional security.

I hope this helps!

[peter279k]

Hi @stan-janssen. Thanks for reply and help!

Closed because I think these recommendations are proper way to do that :)!