Enable Ethernet and Wi-Fi ports to OpenDaylight controller

Hello everyone, this is my first post, I am working with a raspberry pi 3 b+ and OpenWrt, I configured the lan port to receive a static IP from the main router 192.168.0.20 to access the internet, I have also configured an eth1 port with the IP static 192.168.1.1 and a wifi zone 192.168.2.1, both work well, I can access the internet via eth1 or wifi, but when assigning the eth1 and wifi port to the controller stop working, eth1 is not recognized and I get an unidentified network and I can no longer access the wifi network, the lan port is on the same network as the controller, the switch is displayed on the controller openflow but when connecting a PC to eth1 it is recognized but it does not give me the expected IP 192.168.1.20 which is the configured one, I was wondering if I should enable the traffic in the controller or is it an error in the assignment from my ports to the ODL controller, if someone can help me I would appreciate it since it is part of my degree work.

image1980×822 95.8 KB

Here is the assignment of ports to the controller:

root@OpenWrt:~# ovs-vsctl show
7e06ae03-04ed-42a9-afae-319927ef0453
    Bridge br0
        Controller "tcp:192.168.0.234:6633"
               is_connected: true
        fail_mode: secure
        Port br0
            Interface br0
                type: internal
        Port eth1
            Interface eth1
        Port phy0-ap0
            Interface phy0-ap0
root@OpenWrt:~#

I'm not sure what you mean here... can you elaborate how you are 'assigning' these interfaces? And also what the ultimate goal is of your assignments.

Thanks for responding, I was referring to the fact that I can no longer connect to the Wi-Fi network and when connecting a device to eth1 I get "network not identified".

This is my bash file to map the ports.

MYIP=192.168.0.20
CTLIP=192.168.0.234
DPID=0000000000000002
SW=br0
DPPORTS="phy0-ap0 eth1"
VSCTL="ovs-vsctl --db=tcp:$MYIP:9999"
OVSDB=/tmp/ovs-vswitchd.conf.db

rm /tmp/.ovs-vswitchd.conf.db.~lock~
rm -f $OVSDB

ovsdb-tool create $OVSDB /usr/share/openvswitch/vswitch.ovsschema
ovsdb-server $OVSDB --remote=ptcp:9999:$MYIP --remote=punix:/var/run/openvswitch/db.sock --pidfile --detach

sleep 5
ovs-vswitchd tcp:$MYIP:9999 --pidfile --detach &

$VSCTL add-br $SW
$VSCTL set bridge $SW protocols=OpenFlow13,OpenFlow10

for i in $DPPORTS ; do
    PORT=$i
        ifconfig $PORT up
    $VSCTL add-port $SW $PORT
done

$VSCTL set bridge $SW other-config:datapath-id=$DPID
$VSCTL set-controller $SW tcp:$CTLIP:6633
$VSCTL set-fail-mode br0 secure

My goal is to control firewall rules in the controller like enable to disable ICMP between devices.

Let's look at the configs.

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:

Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall

Also is there a specific reason you want the wifi and ethernet to be on different subnets?

It is not necessary that they be on different networks. I did it to test before if they were on the same network 192.168.1.1.
This is the content of the files.
Sorry if my English is not the best.

root@OpenWrt:~# ubus call system board
{
        "kernel": "5.15.162",
        "hostname": "OpenWrt",
        "system": "ARMv8 Processor rev 4",
        "model": "Raspberry Pi 3 Model B Plus Rev 1.3",
        "board_name": "raspberrypi,3-model-b-plus",
        "rootfs_type": "ext4",
        "release": {
                "distribution": "OpenWrt",
                "version": "23.05.4",
                "revision": "r24012-d8dd03c46f",
                "target": "bcm27xx/bcm2710",
                "description": "OpenWrt 23.05.4 r24012-d8dd03c46f"
        }
}

root@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd2d:4d79:997b::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.0.20'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option gateway '192.168.0.1'
        list dns '8.8.8.8'
        list dns '8.8.4.4'

config interface 'eth1'
        option proto 'static'
        option device 'eth1'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        list dns '8.8.8.8'
        list dns '8.8.4.4'

config interface 'wifi'
        option proto 'static'
        option ipaddr '192.168.2.1'
        option netmask '255.255.255.0'
        list dns '8.8.8.8'
        list dns '8.8.4.4'

root@OpenWrt:~# cat /etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option path 'platform/soc/3f300000.mmcnr/mmc_host/mmc1/mmc1:0001/mmc1:0001:1'
        option channel '11'
        option band '2g'
        option txpower '20'
        option cell_density '0'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option network 'wifi'
        option mode 'ap'
        option ssid 'OpenWrt'
        option encryption 'none'

root@OpenWrt:~# cat /etc/config/dhcp

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option cachesize '1000'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option nonwildcard '1'
        option localservice '1'
        option ednspacket_max '1232'
        option filter_aaaa '0'
        option filter_a '0'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option dhcpv6 'server'
        option ra 'server'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'
        option ignore '1'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

config dhcp 'eth1'
        option interface 'eth1'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option ignore '1'

config dhcp 'wifi'
        option interface 'wifi'
        option start '100'
        option limit '150'
        option leasetime '12h'

root@OpenWrt:~# cat /etc/config/firewall

config defaults
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option synflood_protect '1'

config zone
        option name 'lan'
        list network 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        list network 'lan'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config zone
        option name 'eth1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'
        list network 'eth1'

config forwarding
        option src 'eth1'
        option dest 'wan'

config zone
        option name 'wifi'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'
        list network 'wifi'

config forwarding
        option src 'wifi'
        option dest 'wan'

Your eth1 network has the DHCP server disabled...

Remove the ignore line and it will start working.
These two networks will not have access to any upstream network or each other:

You don't have a wan interface, so forwarding to the wan zone does nothing.
You probably want to foward to the lan zone, but this still won't work unless you either enable masquerading on the lan firewall zone or configure static routes on the upstream router (if it's supported).

Yes, DHCP is disabled because the PC connected to eth1 has a static IP assigned, with DHCP enabled the same thing happens, apart from using the raspberry I also did tests with the mikrotik rb951g-2hnd router where I do have a wan interface and how I say it works well, although I am new with OpenWrt I managed to configure br-lan, wan and the wifi zone to have access to the internet and correct operation like a conventional switch. My problem is when creating the br0 bridge with openvswitch and assigning the different interfaces to it. I don't know if maybe I'm making mistakes when assigning the ports to the openflow br0 bridge.

Also I try it using commands like this:

mkdir /var/run/openvswitch/
ovsdb-tool create /etc/openvswitch/conf.db /usr/share/openvswitch/vswitch.ovsschema
ovsdb-server --remote=punix:/var/run/openvswitch/db.sock --remote=db:Open_vSwitch,Open_vSwitch,manager_options --pidfile --detach
ovs-vswitchd --pidfile --detach

ovs-vsctl add-br br0
ovs-vsctl add-port br0 eth1
ovs-vsctl set bridge br0 protocols=OpenFlow13,OpenFlow10
ovs-vsctl set-controller br0 tcp:192.168.0.234:6633

The configuration of the firewall zones is what I don't understand very well, for it to work I configure it this way:

image1885×483 57.1 KB

In the "Covered networks" option of the wan zone I have the lan option set.

Thank you for your help, I appreciate it very much.

Where is your wan interface? It is not in trhe network config you posted.

Why are you using this? What is the goal?

The same port can't be in two bridges. I'm not sure what you're intending to do but it likely can be done entirely with UCI. If you're using a separate configuration system you would need to set ports aside to be managed by that system and not reference them at all in UCI.