1 Template: openflow-switch/netdevs
4 _Description: OpenFlow switch network devices:
5 Choose the network devices that should become part of the OpenFlow
6 switch. At least two devices must be selected for this machine to be
7 a useful switch. Unselecting all network devices will disable the
8 OpenFlow switch entirely.
10 The network devices that you select should not be configured with IP
11 or IPv6 addresses, even if the switch contacts the controller over
12 one of the selected network devices. This is because a running
13 OpenFlow switch takes over network devices at a low level: they
14 become part of the switch and cannot be used for other purposes.
16 Template: openflow-switch/no-netdevs
18 _Description: No network devices were selected.
19 No network devices were selected for inclusion in the OpenFlow switch.
20 The switch will be disabled.
22 Template: openflow-switch/configured-netdevs
24 _Description: Some Network Devices Have IP or IPv6 Addresses
25 The following network devices selected to be part of the OpenFlow switch
26 have IP or IPv6 addresses configured:
30 This is usually a mistake, even if the switch contacts the controller over
31 one of the selected network devices. This is because a running
32 OpenFlow switch takes over network devices at a low level: they
33 become part of the switch and cannot be used for other purposes.
35 If this is an unintentional mistake, move back and fix the selection,
36 or de-configure the IP or IPv6 from these network devices.
38 Template: openflow-switch/band
40 _Choices: in-band, out-of-band
42 _Description: Switch-to-controller access method:
43 The OpenFlow switch must be able to contact the OpenFlow controller over
44 the network. It can do so in one of two ways:
46 in-band: A single network is used for OpenFlow traffic and other data
47 traffic; that is, the switch contacts the controller over one of the
48 network devices selected as OpenFlow switch netdevs in the previous
49 question. This is the most common case.
51 out-of-band: OpenFlow traffic uses a network separate from the data traffic
52 that it controls. If this is the case, the control network must already
53 be configured on a network device other than one of those selected as
54 an OpenFlow switch netdev in the previous question.
56 Template: openflow-switch/switch-ip
59 _Description: Switch IP address:
60 For in-band communication with the controller, the OpenFlow switch must
61 be able to determine its own IP address. Its IP address may be configured
62 statically or dynamically.
64 For static configuration, specify the switch's IP address as a string.
66 For dynamic configuration with DHCP (the most common case), specify "dhcp".
67 Configuration with DHCP will only work reliably if the network topology
68 allows the switch to contact the DHCP server before it connects to the
71 Template: openflow-switch/switch-ip-error
73 _Description: The switch IP address is invalid.
74 The switch IP address must specified as "dhcp" or a valid IP address in
75 dotted-octet form (e.g. "1.2.3.4").
77 Template: openflow-switch/controller-vconn
79 _Description: Controller location:
80 Specify how the OpenFlow switch should connect to the OpenFlow controller.
81 The value should be in form "ssl:HOST[:PORT]" to connect to the controller
82 over SSL (recommended for security) or "tcp:HOST[:PORT]" to connect over
85 Template: openflow-switch/controller-vconn-error
87 _Description: The controller location is invalid.
88 The controller location must be specifed as "ssl:HOST[:PORT]" to
89 connect to the controller over SSL (recommended for security) or
90 "tcp:HOST[:PORT]" to connect over cleartext TCP.
92 Template: openflow-switch/pki-host
94 _Description: OpenFlow PKI server host name:
95 Specify the host name or IP address of the server that hosts the OpenFlow
96 public key infrastructure (PKI). This is usually the same host as the
99 The setup process will connect to the OpenFlow PKI server over
100 HTTP, using the system's configured default HTTP proxy (if any).
102 Template: openflow-switch/fetch-cacert-failed
104 _Description: The switch CA certificate could not be retrieved.
105 Retrieval of ${url} failed, with the following status: "${error}".
107 Ensure that the OpenFlow PKI server is correctly configured and
108 available on ${pki-host}. If the system is configured to use an HTTP
109 proxy, also make sure that the HTTP proxy is available and that the
110 PKI server can be reached through it.
112 Template: openflow-switch/verify-controller-ca
116 _Description: Is ${fingerprint} the controller CA's fingerprint?
117 If a man-in-the-middle attack is possible in your network
118 environment, check that the controller CA's fingerprint is really
119 ${fingerprint}. Answer "yes" if it matches, "no" if
120 there is a discrepancy.
122 If a man-in-the-middle attack is not a concern, there is no need to
123 verify the fingerprint. Simply answer "yes".
125 Template: openflow-switch/send-cert-req
129 _Description: Send certificate request to switch CA?
130 Before it can connect to the controller over SSL, the OpenFlow
131 switch's key must be signed by the switch certificate authority (CA)
132 located on the OpenFlow PKI server, which is usually collocated with
133 the OpenFlow controller. A signing request can be sent to the PKI
136 Answer "yes" to send a signing request to the switch CA now. This is
137 ordinarily the correct choice. There is no harm in sending a given
138 signing request more than once.
140 Answer "no" to skip sending a signing request to the switch CA.
141 Unless the request has already been sent to the switch CA, manual
142 sending of the request and signing will be necessary.
144 Template: openflow-switch/send-cert-req-failed
146 _Description: The certificate request could not be sent.
147 Posting to ${url} failed, with the following status: "${error}".
149 Ensure that the OpenFlow PKI server is correctly configured and
150 available on ${pki-host}.
152 Template: openflow-switch/fetch-switch-cert
155 _Description: Fetch signed switch certificate from PKI server?
156 Before it can connect to the controller over SSL, the OpenFlow
157 switch's key must be signed by the switch certificate authority (CA)
158 located on the OpenFlow PKI server, which is usually collocated with
159 the OpenFlow controller.
161 At this point, a signing request has been sent to the switch CA (or
162 sending a request has been manually skipped), but the signed
163 certificate has not yet been retrieved. Manual action may need to be
164 taken at the PKI server to approve the signing request.
166 Answer "yes" to attempt to retrieve the signed switch certificate
167 from the switch CA. If the switch certificate request has been
168 signed at the PKI server, this is the correct choice.
170 Answer "no" to postpone switch configuration. The configuration
171 process must be restarted later, when the switch certificate request
174 Template: openflow-switch/fetch-switch-cert-failed
176 _Description: Signed switch certificate could not be retrieved.
177 The signed switch certificate could not be retrieved from the switch
178 CA: retrieval of ${url} failed, with the following status: "${error}".
180 This probably indicates that the switch's certificate request has not
181 yet been signed. If this is the problem, it may be fixed by signing
182 the certificate request at ${pki-host}, then trying to fetch the
183 signed switch certificate again.
185 Template: openflow-switch/complete
187 _Description: OpenFlow Switch Setup Finished
188 Setup of this OpenFlow switch is finished. Complete the setup procedure
189 to enable the switch.