While a normal, succesful setup of a southbound Netconf over TLS connection works fine, there seems to be robustness issues in ODL at unsuccessful connection attempts.

ODL is observed to go into an infinite loop of connection re-attempts when certain error conditions are met in the setup sequence. In these cases, it doesn't matter what the <max-connection-attempts> parameter is set to. It doesn't even help to delete the Netconf device from the topology data store. The device has to be deleted from the data store and then ODL restarted in order for ODL to stop attempting to connect.

A specific case when this happens is for example when keys and/or certificates haven't been properly configured in ODL. If ODL can't find a private key, it will throw an exception and immediatly try to find a key again. During these attempts, ODL will also send the initial TCP packets towards the device.

The same behavior has been observed at some other error conditions.

Some improvements to the robustness of ODL in cases like these should probably be considered.