Some errors you could face when configuring SSL encryption between your Floodlight controller and Openvswitch

Hi there!
Floodlight controller’s documentation provides an awesome article explaining how to use SSL to encrypt OpenFlow connections between your Floodlight controller and your Openvswich virtual switches. Please, read it, it helped me to continue with my current Floodlight testing.

If you follow the steps provided, you shouldn’t find any problem… however sometimes we read too fast or we forget something important and things don’t work as expected :-D. Just in case, I’ve compiled some problems and solutions when configuring SSL to secure OpenFlow communication.

Problem #1: Unknown wire version: 22

In your Floodlight controller’s log (e.g /var/log/floodlight/floodlight.log) you may find the following message:

ERROR [New I/O worker #12] n.f.c.i.OFChannelHandler [OFChannelHandler.java:731] Illegal argument exception with switch [? from …]. java.lang.IllegalArgumentException: Unknown wire version: 22

Solution: Well.. Have you added/edited the following line in your floodlightdefault.properties file?

net.floodlightcontroller.core.internal.OFSwitchManager.useSsl=YES

Try adding that and restart your controller…

Problem #2:  Exception initializing SSL OpenFlow socket: /path/to/your/keystore-file.jks (No such file or directory)

Solution: That’s an easy one!, have you specified where’s your keystore file?

Please be sure to set the keystore location and password in your floodlightdefault.properties configuration file changing these lines:

net.floodlightcontroller.core.internal.OFSwitchManager.keyStorePath=/path/to/your/keystore-file.jks
net.floodlightcontroller.core.internal.OFSwitchManager.keyStorePassword=your-keystore-password

Problem #3:  Exception initializing SSL OpenFlow socket: /path/to/your/keystore-file.jks (No such file or directory)

Have you added (imported) to the keystore the private key associated with the public certificate used by your Floodlight Controller?

Problem #4: Disconnecting switch due to message parse failure

If you find a message like “Disconnecting switch [? from X.X.X:X:Y] due to message parse failure org.projectfloodlight.openflow.exceptions.OFParseError: Wrong length: Expected=8(8), got=16” maybe Openvswitch and Floodlight are not speaking the same OpenFlow protocol.

You can try to force the OpenFlow protocol version used by an Openvswitch bridge with the following ovs-vsctl command applied to your bridge (e.g I’ve a bridge named ovs-mgmt0):

ovs-vsctl set Bridge ovs-mgmt0 protocols=OpenFlow13

I’m sure you won’t need any of these if following Floodlight’s instructions but if Google sent you here I hope these notes has helped you somehow. Use the comments if you need more help.

Cheers!

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s