Authentication between vSmart Controller & vEdge Router

Authentication between vSmart Controller & vEdge Router

Posted on Jan 27, 2020 (0)

Authentication between vSmart Controller & vEdge Router

It the last step, in automatic authentication process, between vSmart controller and vEdge Router.

To perform this authentication process, one of the two devices initiates an encrypted DTLS connection or session to each other and this encrypted session is done by RSA public and Private Key generated by each device.

Now let’s see how vSmart controller authenticates a vEdge Router.

  1. vSmart send the 256 bit challenge to vEdge router and this challenge is a random value.
  2. The vEdge router sends following response for the challenge that include following:
  • vEdge Serial number
  • vEdge Chassis number
  • vEdge Board ID certificate
  • 256 bit random value signed by vEdge router Private key
  1. vSmart after receiving this information , compares the serial and chassis number from its vEdge authorized device list file , if there is no match vSmart will tear down the connection
  2. if the match is found vSmart check if the signing of 256 bit random value is proper or not by using vEdge router public key which it extracts from Router Board ID certificate , if the signing value is not matched vSmart will down the DTLS connection
  3. if the value is proper , vSmart uses root CA chain from vEdge router board ID certificate to validate that board id certificate is itself valid or not , the certificate is not valid the vSmart will tear down the connection
  4. The vSmart Controller also compares the response with original challenge, if the response matches the challenge that vBond has issued, authentication between two device happens successfully, else vSmart will tear down the connection.

Now after this authentication, vSmart controller knows that vEdge router is valid and its authentication of the router is completed.

Now let’s see how vEdge Router authenticates the vSmart Controller

  1. vSmart will send the trusted root CA signed certificate to vEdge Router
  2. vEdge router uses it chain of trust to extract the vSmart controller serial number from the certificate , if the number match one of the number in the vSmart authorized serial number file , if the match is not successful , vEdge router will tear down its DTLS connection.
  3. vEdge Router uses it chain of trust to extract the organization name from certificate and match it with its own, if they don’t match it will tear down the DTLS connection.
  4. If the name matches , vEdge router uses its root CA chain to verify that vSmart certificate is signed by root CA , if it is not so then vEdge router will tear down the connection
  5. And if the Root certificate is validated vEdge router now knows that vBond is valid and after this process authentication of vBond orchestrator is complete

Once these checks are performed successfully, vEdge will authenticate the vSmart and the temporary connection is transitioned to Permanent connection and these two device establish an OMP session over it to exchange the control plane traffic.


    You are will be the first.


Please login here to comment.