search

noxrepo / pox

The POX network software platform
https://noxrepo.github.io/pox-doc/html/
Apache License 2.0
624 stars 471 forks source link

Mininet with ssl and pox controller #237

Closed joekutos closed 10 months ago

joekutos commented 4 years ago

I have been trying to set up mininet to work with ssl for multiple switches unfortunately read through the documentation of openvswitch but only provides for working with a single switch. This link provides for setting up and generating self signed certificates. ` net = Mininet(controller=RemoteController)

# Add hosts and switches

#net.addController( 'c0' )

net.addController( 'c0', controller=RemoteController, ip='127.0.0.1', port=6633)

leftHost = net.addHost('h1')

rightHost = net.addHost('h2')

leftSwitch = net.addSwitch('s1')

rightSwitch = net.addSwitch('s2')

s3 = net.addSwitch('s3')

# Add links

net.addLink(leftSwitch, s3)

net.addLink(leftHost, s3)

net.addLink(leftSwitch, rightSwitch)

net.addLink(rightSwitch, rightHost)

net.start()

#s1.cmd('ovs-vsctl set-controller s1 ssl:127.0.0.1:6633')

leftSwitch.cmd('ovs-vsctl set-controller s1 ssl:127.0.0.1:6633')

rightSwitch.cmd('ovs-vsctl set-controller s1 ssl:127.0.0.1:6633')

s3.cmd('ovs-vsctl set-controller s1 ssl:127.0.0.1:6633')

Starting pox ./pox.py --verbose log.level --DEBUG forwarding.l2_learning openflow.of_01 --private-key=/etc/openvswitch/ctl-privkey.pem --certificate=/etc/openvswitch/ctl-cert.pem
`

falling into a number of errors not sure where i am going wrong but

this is my terminal

` WARNING:openflow.of_01:SSL negotiation failed: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:727)

WARNING:openflow.of_01:SSL negotiation failed: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:727)

WARNING:openflow.of_01:SSL negotiation failed: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:727)

WARNING:openflow.of_01:SSL negotiation failed: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:727)

INFO:openflow.of_01:[c2-31-88-4f-a2-4b 1] connected

DEBUG:forwarding.l2_learning:Connection [c2-31-88-4f-a2-4b 1]

^CINFO:core:Going down...

INFO:openflow.of_01:[c2-31-88-4f-a2-4b 1] disconnected `

Maybe i am missing something

MurphyMc commented 4 years ago

I wonder if you have other instances of OVS running by accident. Ones that are still trying to do plain TCP connections. OpenSSL might be seeing those as having the "wrong version number" (when in fact they're just not SSL at all).

So I'd try two things: 1) Use a different port number for SSL. Have POX listen on... 6644 or something. And configure OVS to connect to that. 2) Use Wireshark to examine the what's actually happening here. Are there non-SSL connections? Or are they actually SSL but using some version of SSL/TLS that Python doesn't know (seems unlikely)? Or...?

This might also be some Mininet issue that I don't understand, since I don't use Mininet.