Software Defined Networking
cancel
Showing results for 
Search instead for 
Did you mean: 

VAN Controller set ip address

 
Highlighted
Occasional Contributor

VAN Controller set ip address

Hello,

I need to bind the controller to a specific ip address instead of 0.0.0.0. At least the service behind port 6633 has to listen on an ip address.

In /opt/sdn/virgo/repository/usr/com.hp.sdn.ctl.of.impl.ControllerManager.properties I can change, e.g., port 6633 and there is also an option for addresses. However, I can not manage to set another ip address.

I've tried: addresses=10.0.0.2 or addresses="10.0.0.2". Both do not work.

So my question is, how can I set the ip address the service behind port 6633 is running?

Thanks and best regards!

3 REPLIES 3
Highlighted

Re: VAN Controller set ip address

I tried this on my setup and was able to configure the controller to listen on a previously-existing IP address. When I changed this configuration, I saw the following message in /var/log/sdn/virgo/logs/log.log:

[2016-05-16 09:55:41.818] INFO t Resolve Thread (Bundle 81) hp.sdn.core DE0005I ControllerManager modified {ControllerConfig:i/f=10.0.0.2],port=6633,tls=0,udp=6635,secCtx=****,hybridMode,flowClassEnforcement=weak,rcvBufSize=1048576,udpRcvBufSize=1024,workerCount=16,idleCheckMs=500,maxIdleMs=5000,maxEchoMs=5000,maxEchoAttempts=5,suppressFlowFailures=false}

Do you see a similar message in your setup? Also, the following additional information would be useful in identifying the root cause of why this isn't working in your setup:

  1. ifconfig
  2. sudo lsof -i -n -P | grep 6633
  3. VAN controller version

As you can see in the attached screenshot, I used the IP address without quotes and it was accepted. You should see the IP address you've set in a log message like the one I included above.

I should also clarify that the VAN controller will not configure the IP address on the system via this method, it will only configure the process so that it listens on that specific IP address (and not others). For that reason, you'll need to configure the IP address (10.0.0.2) so that it shows up in "ifconfig" before configuring VAN to listen on that IP.

I am an HPE Employee
Highlighted
Occasional Contributor

Re: VAN Controller set ip address

Yes, I see

DE0005I ControllerManager activated CtrlMgr: {ControllerConfig: i/f=[127.0.0.1],port=6633,tls=0,udp=6635,secCtx=****,hybridMode,flowClassEnforcement=weak,rcvBufSize=1048576,udpRcvBufSize=1024,workerCount=16,idleCheckMs=500,maxIdleMs=5000,maxEchoMs=5000,maxEchoAttempts=5,suppressFlowFailures=false}

But I see also

TCP non-secure bound to port: 6633
[2016-05-29 15:45:01.082] INFO SequencerThread hp.of.ctl Started Listening: [0.0.0.0/0.0.0.0:6633]

and netstat -tnpl also tells me that the controller is listen on 0.0.0.0

 

lsof -i -n -P | grep 6633 -> java 5986 sdn 307u IPv6 42556 0t0 TCP *:6633 (LISTEN)
VAN controller version -> 2.7.10

Highlighted
Advisor

Re: VAN Controller set ip address

You can use iptables to block OpenFlow from communicating on the other IP addresses.  Right now we bind on all addresses and implement the protection elsewhere in software.

Could you please share some more details on why you need to bind OpenFlow to only specific IP addresses? Anything beyond keeping OpenFlow locked down to as few network addresses as possible for security?

Thanks,

-Scott

Scott Koster | Technical Marketing Engineer
HPE Aruba