- play_arrow Overview
- play_arrow OVSDB and VXLAN Overview
- Understanding VXLANs
- VXLAN Constraints on EX Series, QFX Series, PTX Series, and ACX Series Devices
- OVSDB Support on Juniper Networks Devices
- Features Supported on OVSDB-Managed Interfaces
- Understanding the OVSDB Protocol Running on Juniper Networks Devices
- Understanding How to Set Up OVSDB Connections on a Juniper Networks Device
- Understanding How Layer 2 BUM and Layer 3 Routed Multicast Traffic Are Handled with OVSDB
- Understanding Dynamically Configured VXLANs in an OVSDB Environment
- OVSDB Schema for Physical Devices
-
- play_arrow Monitoring VXLAN
- Monitoring a Remote VTEP Interface
- Understanding Overlay ping and traceroute Packet Support
- Example: Troubleshoot a VXLAN Overlay Network with Overlay Ping and Overlay Traceroute on QFX Series Switches
- Verifying VXLAN Reachability
- Verifying That a Local VXLAN VTEP Is Configured Correctly
- Verifying MAC Learning from a Remote VTEP
- play_arrow Configuration Statements and Operational Commands
Creating and Installing an SSL Key and Certificate on a Juniper Networks Device for Connection with SDN Controllers
To secure a connection between a Juniper Networks device that supports the Open vSwitch Database (OVSDB) management protocol and one or more software-defined networking (SDN) controllers, the following Secure Sockets Layer (SSL) files must be present in the /var/db/certs directory on the device:
vtep-privkey.pem
vtep-cert.pem
ca-cert.pem
You must create the vtep-privkey.pem and vtep-cert.pem files for the device and then install the two files in the /var/db/certs directory on the device.
Upon initial connection between a Juniper Networks device with OVSDB implemented and an SDN controller, the ca-cert.pem file is automatically generated and then installed in the /var/db/certs directory on the device.
The situation at your particular site determines the possible methods that you can use to create the vtep-privkey.pem and vtep-cert.pem files and install them in the Juniper Networks device. Instead of providing procedures for all possible situations, this topic provides a procedure for one common scenario.
The procedure provided in this topic uses the OpenFlow public key infrastructure (PKI) management utility ovs-pki on a Linux computer to initialize a PKI and create the vtep-privkey.pem and vtep-cert.pem files. (If you have an existing PKI on your Linux computer, you can skip the step to initialize a new one.) By default, the utility initializes the PKI and places these files in the /usr/local/share/openvswitch/pki directory of the Linux computer.
To create and install an SSL key and certificate on a Juniper Networks device: