4 Replies Latest reply on Feb 20, 2018 12:53 PM by Bayu Wibowo

    SSL NSX Controller

    sreeve3939 Lurker

      Trying to have an ovsdb server actively connect to an NSX Controller.

      The only logs I have are from the ovsdb server, which seem to indicate that NSX doesn't want to talk SSL.

       

      Is there any way to have the NSX Controller accept SSL connections instead of TLS?

       

      The ovsdb server happens to be a HPE 5930 acting as a HW VTEP.

       

      Error from 5930 in red below.

       

      NSX version is 6.3.3.

      Comware code is the latest.

       

       

      <HP-5930-32QSFP+-R45>*Feb 12 09:27:20:264 2018 HP-5930-32QSFP+-R45 OVSDB-SE/7/NULL: ovs|00032|poll_loop|DBG|wakeup due to 3775-ms timeout at :620 (0% CPU usage)

      %Feb 12 09:27:20:265 2018 HP-5930-32QSFP+-R45 OVSDB-SE/5/NULL: ovs|00033|reconnect|INFO|ssl:10.100.28.35:6640: connecting...

      *Feb 12 09:27:20:265 2018 HP-5930-32QSFP+-R45 OVSDB-SE/7/NULL: ovs|00034|reconnect|DBG|ssl:10.100.28.35:6640: entering CONNECTING

      *Feb 12 09:27:20:266 2018 HP-5930-32QSFP+-R45 OVSDB-SE/7/NULL: ovs|00035|poll_loop|DBG|wakeup due to [POLLOUT] on fd 21 (10.100.36.168:20014<->10.100.28.35:6640) at :716 (0% CPU usage)

      *Feb 12 09:27:20:266 2018 HP-5930-32QSFP+-R45 OVSDB-SE/7/NULL: ovs|00036|stream_ssl|DBG|client5-->ssl:10.100.28.35:6640 type 256 (5 bytes)

      *Feb 12 09:27:20:267 2018 HP-5930-32QSFP+-R45 OVSDB-SE/7/NULL: ovs|00037|stream_ssl|DBG|client5-->ssl:10.100.28.35:6640 handshake: client_hello (194 bytes)

      *Feb 12 09:27:20:269 2018 HP-5930-32QSFP+-R45 OVSDB-SE/7/NULL: ovs|00038|poll_loop|DBG|wakeup due to [POLLIN] on fd 21 (10.100.36.168:20014<->10.100.28.35:6640) at :723 (0% CPU usage)

      *Feb 12 09:27:20:269 2018 HP-5930-32QSFP+-R45 OVSDB-SE/7/NULL: ovs|00039|stream_ssl|DBG|client5<--ssl:10.100.28.35:6640 type 256 (5 bytes)

      %Feb 12 09:27:20:269 2018 HP-5930-32QSFP+-R45 OVSDB-SE/4/NULL: ovs|00040|stream_ssl|WARN|SSL_connect: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number

      %Feb 12 09:27:20:270 2018 HP-5930-32QSFP+-R45 OVSDB-SE/4/NULL: ovs|00041|reconnect|WARN|ssl:10.100.28.35:6640: connection attempt failed (Protocol error)

      %Feb 12 09:27:20:270 2018 HP-5930-32QSFP+-R45 OVSDB-SE/5/NULL: ovs|00042|reconnect|INFO|ssl:10.100.28.35:6640: waiting 8 seconds before reconnect

      *Feb 12 09:27:20:270 2018 HP-5930-32QSFP+-R45 OVSDB-SE/7/NULL: ovs|00043|reconnect|DBG|ssl:10.100.28.35:6640: entering BACKOFF