Code Review / netvirt.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
The NFIP to FIP traffic is failing when there are multiple route
[netvirt.git] / natservice / impl / src / main / java / org / opendaylight / netvirt / natservice / internal / ConntrackBasedSnatService.java
1 /*
2  * Copyright (c) 2017 Red Hat, Inc. and others. All rights reserved.
3  *
4  * This program and the accompanying materials are made available under the
5  * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6  * and is available at http://www.eclipse.org/legal/epl-v10.html
7  */
8 package org.opendaylight.netvirt.natservice.internal;
9
10 import com.google.common.base.Optional;
11 import java.math.BigInteger;
12 import java.util.ArrayList;
13 import java.util.List;
14
15 import org.apache.commons.lang3.tuple.ImmutablePair;
16 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
17 import org.opendaylight.genius.interfacemanager.interfaces.IInterfaceManager;
18 import org.opendaylight.genius.mdsalutil.ActionInfo;
19 import org.opendaylight.genius.mdsalutil.InstructionInfo;
20 import org.opendaylight.genius.mdsalutil.MatchInfo;
21 import org.opendaylight.genius.mdsalutil.MatchInfoBase;
22 import org.opendaylight.genius.mdsalutil.MetaDataUtil;
23 import org.opendaylight.genius.mdsalutil.NwConstants;
24 import org.opendaylight.genius.mdsalutil.actions.ActionNxConntrack;
25 import org.opendaylight.genius.mdsalutil.actions.ActionNxConntrack.NxCtAction;
26 import org.opendaylight.genius.mdsalutil.actions.ActionNxLoadInPort;
27 import org.opendaylight.genius.mdsalutil.actions.ActionNxLoadMetadata;
28 import org.opendaylight.genius.mdsalutil.actions.ActionNxResubmit;
29 import org.opendaylight.genius.mdsalutil.actions.ActionSetFieldEthernetSource;
30 import org.opendaylight.genius.mdsalutil.instructions.InstructionApplyActions;
31 import org.opendaylight.genius.mdsalutil.interfaces.IMdsalApiManager;
32 import org.opendaylight.genius.mdsalutil.matches.MatchEthernetType;
33 import org.opendaylight.genius.mdsalutil.matches.MatchIpv4Destination;
34 import org.opendaylight.genius.mdsalutil.matches.MatchMetadata;
35 import org.opendaylight.genius.mdsalutil.matches.MatchTunnelId;
36 import org.opendaylight.genius.mdsalutil.nxmatches.NxMatchCtState;
37 import org.opendaylight.netvirt.fibmanager.api.IFibManager;
38 import org.opendaylight.netvirt.vpnmanager.api.IVpnFootprintService;
39 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.MacAddress;
40 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.Uuid;
41 import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.idmanager.rev160406.IdManagerService;
42 import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.rpcs.rev160406.OdlInterfaceRpcService;
43 import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.itm.rpcs.rev160406.ItmRpcService;
44 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.l3vpn.rev130911.vpn.instance.op.data.vpn.instance.op.data.entry.vpn.to.dpn.list.IpAddresses;
45 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.natservice.rev160111.ext.routers.Routers;
46 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.natservice.rev160111.ext.routers.routers.ExternalIps;
47 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.natservice.rev160111.external.subnets.Subnets;
48 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.types.rev160517.IpPrefixOrAddress;
49 import org.opendaylight.yang.gen.v1.urn.opendaylight.openflowjava.nx.action.rev140421.NxActionNatFlags;
50 import org.opendaylight.yang.gen.v1.urn.opendaylight.openflowjava.nx.action.rev140421.NxActionNatRangePresent;
51 import org.slf4j.Logger;
52 import org.slf4j.LoggerFactory;
53
54 public abstract class ConntrackBasedSnatService extends AbstractSnatService {
55     private static final Logger LOG = LoggerFactory.getLogger(ConntrackBasedSnatService.class);
56
57     protected static final int TRACKED_NEW_CT_STATE = 0x21;
58     protected static final int TRACKED_NEW_CT_MASK = 0x21;
59     protected static final int SNAT_CT_STATE = 0x40;
60     protected static final int SNAT_CT_STATE_MASK = 0x40;
61     protected static final int DNAT_CT_STATE = 0x80;
62     protected static final int DNAT_CT_STATE_MASK = 0x80;
63
64     public ConntrackBasedSnatService(DataBroker dataBroker, IMdsalApiManager mdsalManager, ItmRpcService itmManager,
65                                      IdManagerService idManager, NAPTSwitchSelector naptSwitchSelector,
66                                      OdlInterfaceRpcService odlInterfaceRpcService,
67                                      IInterfaceManager interfaceManager, IVpnFootprintService vpnFootprintService,
68                                      IFibManager fibManager) {
69         super(dataBroker, mdsalManager, itmManager, odlInterfaceRpcService, idManager, naptSwitchSelector,
70                 interfaceManager, vpnFootprintService, fibManager);
71     }
72
73     @Override
74     protected void installSnatSpecificEntriesForNaptSwitch(Routers routers, BigInteger dpnId, int addOrRemove) {
75         LOG.info("installSnatSpecificEntriesForNaptSwitch: called for router {}",
76                 routers.getRouterName());
77         String routerName = routers.getRouterName();
78         Long routerId = NatUtil.getVpnId(getDataBroker(), routerName);
79         int elanId = NatUtil.getElanInstanceByName(routers.getNetworkId().getValue(), getDataBroker())
80                 .getElanTag().intValue();
81         /* Install Outbound NAT entries */
82
83         installSnatMissEntryForPrimrySwch(dpnId, routerId, elanId, addOrRemove);
84         installTerminatingServiceTblEntry(dpnId, routerId, elanId, addOrRemove);
85
86         String extGwMacAddress = NatUtil.getExtGwMacAddFromRouterName(getDataBroker(), routerName);
87         createOutboundTblTrackEntry(dpnId, routerId, extGwMacAddress, addOrRemove);
88         List<ExternalIps> externalIps = routers.getExternalIps();
89         if (externalIps.isEmpty()) {
90             LOG.error("AbstractSnatService: installSnatCommonEntriesForNaptSwitch no externalIP present"
91                     + " for routerId {}",
92                     routerId);
93             return;
94         }
95         //The logic now handle only one external IP per router, others if present will be ignored.
96         String externalIp = externalIps.get(0).getIpAddress();
97         Uuid externalSubnetId = externalIps.get(0).getSubnetId();
98         long extSubnetId = NatConstants.INVALID_ID;
99         if (addOrRemove == NwConstants.ADD_FLOW) {
100             extSubnetId = NatUtil.getExternalSubnetVpnId(getDataBroker(),externalSubnetId);
101         }
102         createOutboundTblEntry(dpnId, routerId, externalIp, elanId, extGwMacAddress, addOrRemove);
103         installNaptPfibFlow(routers, dpnId, routerId, extSubnetId, addOrRemove);
104
105         //Install Inbound NAT entries
106         installInboundEntry(dpnId, routerId, externalIp, elanId, extSubnetId, addOrRemove);
107         installNaptPfibEntry(dpnId, routerId, addOrRemove);
108
109         String fibExternalIp = NatUtil.validateAndAddNetworkMask(externalIp);
110         Optional<Subnets> externalSubnet = NatUtil.getOptionalExternalSubnets(dataBroker, externalSubnetId);
111         if (externalSubnet.isPresent()) {
112             String externalVpn =  externalSubnetId.getValue();
113             String vpnRd = NatUtil.getVpnRd(dataBroker, externalVpn);
114             vpnFootprintService.updateVpnToDpnMapping(dpnId, externalVpn, vpnRd, null /* interfaceName*/,
115                 new ImmutablePair<>(IpAddresses.IpAddressSource.ExternalFixedIP, fibExternalIp),
116                 addOrRemove == NwConstants.ADD_FLOW);
117         }
118     }
119
120     @Override
121     protected void installSnatSpecificEntriesForNonNaptSwitch(Routers routers, BigInteger dpnId, int addOrRemove) {
122         // Nothing to to do here.
123
124     }
125
126     protected void installSnatMissEntryForPrimrySwch(BigInteger dpnId, Long routerId, int elanId, int addOrRemove) {
127         LOG.info("installSnatSpecificEntriesForNaptSwitch : called for the primary NAPT switch dpnId {}", dpnId);
128         List<MatchInfo> matches = new ArrayList<>();
129         matches.add(MatchEthernetType.IPV4);
130         matches.add(new MatchMetadata(MetaDataUtil.getVpnIdMetadata(routerId), MetaDataUtil.METADATA_MASK_VRFID));
131         List<InstructionInfo> instructions = new ArrayList<>();
132         List<ActionInfo> actionsInfos = new ArrayList<>();
133         List<NxCtAction> ctActionsList = new ArrayList<>();
134         NxCtAction nxCtAction = new ActionNxConntrack.NxNat(0, 0, 0,null, null,0, 0);
135         ctActionsList.add(nxCtAction);
136         ActionNxConntrack actionNxConntrack = new ActionNxConntrack(0, 0, elanId,
137                 NwConstants.OUTBOUND_NAPT_TABLE,ctActionsList);
138
139         actionsInfos.add(actionNxConntrack);
140         instructions.add(new InstructionApplyActions(actionsInfos));
141
142         String flowRef = getFlowRef(dpnId, NwConstants.PSNAT_TABLE, routerId);
143         syncFlow(dpnId, NwConstants.PSNAT_TABLE, flowRef, NatConstants.DEFAULT_PSNAT_FLOW_PRIORITY, flowRef,
144                 NwConstants.COOKIE_SNAT_TABLE, matches, instructions, addOrRemove);
145     }
146
147     protected void installTerminatingServiceTblEntry(BigInteger dpnId, Long  routerId, int elanId, int addOrRemove) {
148         LOG.info("installTerminatingServiceTblEntry : creating entry for Terminating Service Table "
149                 + "for switch {}, routerId {}", dpnId, routerId);
150         List<MatchInfo> matches = new ArrayList<>();
151         matches.add(MatchEthernetType.IPV4);
152         matches.add(new MatchTunnelId(BigInteger.valueOf(routerId)));
153
154
155         List<ActionInfo> actionsInfos = new ArrayList<>();
156         List<NxCtAction> ctActionsList = new ArrayList<>();
157         NxCtAction nxCtAction = new ActionNxConntrack.NxNat(0, 0, 0,null, null,0, 0);
158         ctActionsList.add(nxCtAction);
159         ActionNxConntrack actionNxConntrack = new ActionNxConntrack(0, 0, elanId, NwConstants
160                 .OUTBOUND_NAPT_TABLE,ctActionsList);
161         ActionNxLoadMetadata actionLoadMeta = new ActionNxLoadMetadata(MetaDataUtil
162                 .getVpnIdMetadata(routerId.longValue()), LOAD_START, LOAD_END);
163         actionsInfos.add(actionLoadMeta);
164         actionsInfos.add(actionNxConntrack);
165         List<InstructionInfo> instructions = new ArrayList<>();
166         instructions.add(new InstructionApplyActions(actionsInfos));
167         String flowRef = getFlowRef(dpnId, NwConstants.INTERNAL_TUNNEL_TABLE, routerId.longValue());
168         syncFlow(dpnId,  NwConstants.INTERNAL_TUNNEL_TABLE, flowRef, NatConstants.DEFAULT_TS_FLOW_PRIORITY, flowRef,
169                  NwConstants.COOKIE_SNAT_TABLE, matches, instructions, addOrRemove);
170
171     }
172
173     protected void createOutboundTblTrackEntry(BigInteger dpnId, Long routerId, String extGwMacAddress,
174             int addOrRemove) {
175         LOG.info("createOutboundTblTrackEntry : called for switch {}, routerId {}", dpnId, routerId);
176         List<MatchInfoBase> matches = new ArrayList<>();
177         matches.add(MatchEthernetType.IPV4);
178         matches.add(new NxMatchCtState(SNAT_CT_STATE, SNAT_CT_STATE_MASK));
179         matches.add(new MatchMetadata(MetaDataUtil.getVpnIdMetadata(routerId), MetaDataUtil.METADATA_MASK_VRFID));
180         ArrayList<ActionInfo> listActionInfo = new ArrayList<>();
181         if (addOrRemove == NwConstants.ADD_FLOW) {
182             listActionInfo.add(new ActionSetFieldEthernetSource(new MacAddress(extGwMacAddress)));
183         }
184         ArrayList<InstructionInfo> instructionInfo = new ArrayList<>();
185         listActionInfo.add(new ActionNxResubmit(NwConstants.NAPT_PFIB_TABLE));
186         instructionInfo.add(new InstructionApplyActions(listActionInfo));
187
188         String flowRef = getFlowRef(dpnId, NwConstants.OUTBOUND_NAPT_TABLE, routerId);
189         flowRef += "trkest";
190         syncFlow(dpnId, NwConstants.OUTBOUND_NAPT_TABLE, flowRef, NatConstants.SNAT_TRK_FLOW_PRIORITY, flowRef,
191                 NwConstants.COOKIE_SNAT_TABLE, matches, instructionInfo, addOrRemove);
192
193     }
194
195     protected void createOutboundTblEntry(BigInteger dpnId, long routerId, String externalIp,
196             int elanId, String extGwMacAddress,  int addOrRemove) {
197         LOG.info("createOutboundTblEntry : dpId {} and routerId {}", dpnId, routerId);
198         List<MatchInfoBase> matches = new ArrayList<>();
199         matches.add(MatchEthernetType.IPV4);
200         matches.add(new NxMatchCtState(TRACKED_NEW_CT_STATE, TRACKED_NEW_CT_MASK));
201         matches.add(new MatchMetadata(MetaDataUtil.getVpnIdMetadata(routerId), MetaDataUtil.METADATA_MASK_VRFID));
202         List<ActionInfo> actionsInfos = new ArrayList<>();
203         if (addOrRemove == NwConstants.ADD_FLOW) {
204             actionsInfos.add(new ActionSetFieldEthernetSource(new MacAddress(extGwMacAddress)));
205         }
206         List<NxCtAction> ctActionsListCommit = new ArrayList<>();
207         int rangePresent = NxActionNatRangePresent.NXNATRANGEIPV4MIN.getIntValue();
208         int flags = NxActionNatFlags.NXNATFSRC.getIntValue();
209         NxCtAction nxCtActionCommit = new ActionNxConntrack.NxNat(0, flags, rangePresent,
210                 new IpPrefixOrAddress(externalIp.toCharArray()).getIpAddress(),
211                 null,0, 0);
212         ctActionsListCommit.add(nxCtActionCommit);
213         int ctCommitFlag = 1;
214         ActionNxConntrack actionNxConntrackSubmit = new ActionNxConntrack(ctCommitFlag, 0, elanId,
215                 NwConstants.NAPT_PFIB_TABLE, ctActionsListCommit);
216         actionsInfos.add(actionNxConntrackSubmit);
217         List<InstructionInfo> instructions = new ArrayList<>();
218         instructions.add(new InstructionApplyActions(actionsInfos));
219         String flowRef = getFlowRef(dpnId, NwConstants.OUTBOUND_NAPT_TABLE, routerId);
220         syncFlow(dpnId, NwConstants.OUTBOUND_NAPT_TABLE, flowRef,  NatConstants.SNAT_NEW_FLOW_PRIORITY,
221                 flowRef, NwConstants.COOKIE_SNAT_TABLE, matches, instructions, addOrRemove);
222     }
223
224     protected void installNaptPfibFlow(Routers routers, BigInteger dpnId, long routerId,
225             long extSubnetId, int addOrRemove) {
226         Long extNetId = NatUtil.getVpnId(getDataBroker(), routers.getNetworkId().getValue());
227         LOG.info("installNaptPfibFlow : dpId {}, extNetId {}", dpnId, extNetId);
228         List<MatchInfoBase> matches = new ArrayList<>();
229         matches.add(MatchEthernetType.IPV4);
230         matches.add(new NxMatchCtState(SNAT_CT_STATE, SNAT_CT_STATE_MASK));
231         matches.add(new MatchMetadata(MetaDataUtil.getVpnIdMetadata(routerId), MetaDataUtil.METADATA_MASK_VRFID));
232         List<ActionInfo> listActionInfo = new ArrayList<>();
233         if (addOrRemove == NwConstants.ADD_FLOW) {
234             if (extSubnetId == NatConstants.INVALID_ID) {
235                 LOG.error("installNaptPfibFlow : external subnet id is invalid.");
236                 return;
237             }
238             ActionNxLoadMetadata actionLoadMeta = new ActionNxLoadMetadata(MetaDataUtil
239                     .getVpnIdMetadata(extSubnetId), LOAD_START, LOAD_END);
240             listActionInfo.add(actionLoadMeta);
241         }
242         ArrayList<InstructionInfo> instructions = new ArrayList<>();
243         listActionInfo.add(new ActionNxLoadInPort(BigInteger.ZERO));
244         listActionInfo.add(new ActionNxResubmit(NwConstants.L3_FIB_TABLE));
245         instructions.add(new InstructionApplyActions(listActionInfo));
246         String flowRef = getFlowRef(dpnId, NwConstants.NAPT_PFIB_TABLE, routerId);
247         flowRef = flowRef + "OUTBOUND";
248         syncFlow(dpnId, NwConstants.NAPT_PFIB_TABLE, flowRef, NatConstants.SNAT_TRK_FLOW_PRIORITY,
249                 flowRef, NwConstants.COOKIE_SNAT_TABLE, matches, instructions, addOrRemove);
250     }
251
252     protected void installInboundEntry(BigInteger dpnId, long routerId, String externalIp, int elanId, long extSubnetId,
253             int addOrRemove) {
254         LOG.info("installInboundEntry : dpId {} and routerId {}", dpnId, routerId);
255         List<MatchInfoBase> matches = new ArrayList<>();
256         matches.add(MatchEthernetType.IPV4);
257         matches.add(new MatchIpv4Destination(externalIp,"32"));
258         if (addOrRemove == NwConstants.ADD_FLOW) {
259             if (extSubnetId == NatConstants.INVALID_ID) {
260                 LOG.error("installInboundEntry : external subnet id is invalid.");
261                 return;
262             }
263             matches.add(new MatchMetadata(MetaDataUtil.getVpnIdMetadata(extSubnetId),
264                     MetaDataUtil.METADATA_MASK_VRFID));
265         }
266         List<ActionInfo> actionsInfos = new ArrayList<>();
267         List<NxCtAction> ctActionsList = new ArrayList<>();
268         NxCtAction nxCtAction = new ActionNxConntrack.NxNat(0, 0, 0,null, null,0, 0);
269         ActionNxLoadMetadata actionLoadMeta = new ActionNxLoadMetadata(MetaDataUtil
270                 .getVpnIdMetadata(routerId), LOAD_START, LOAD_END);
271         actionsInfos.add(actionLoadMeta);
272         ctActionsList.add(nxCtAction);
273         ActionNxConntrack actionNxConntrack = new ActionNxConntrack(0, 0, elanId, NwConstants
274                 .NAPT_PFIB_TABLE,ctActionsList);
275
276         actionsInfos.add(actionNxConntrack);
277         List<InstructionInfo> instructions = new ArrayList<>();
278         instructions.add(new InstructionApplyActions(actionsInfos));
279         String flowRef = getFlowRef(dpnId, NwConstants.INBOUND_NAPT_TABLE, routerId);
280         flowRef = flowRef + "OUTBOUND";
281         syncFlow(dpnId, NwConstants.INBOUND_NAPT_TABLE, flowRef, NatConstants.DEFAULT_TS_FLOW_PRIORITY, flowRef,
282                 NwConstants.COOKIE_SNAT_TABLE, matches, instructions, addOrRemove);
283     }
284
285     protected void installNaptPfibEntry(BigInteger dpnId, long routerId, int addOrRemove) {
286         LOG.info("installNaptPfibEntry : called for dpnId {} and routerId {} ", dpnId, routerId);
287         List<MatchInfoBase> matches = new ArrayList<>();
288         matches.add(MatchEthernetType.IPV4);
289         matches.add(new NxMatchCtState(DNAT_CT_STATE, DNAT_CT_STATE_MASK));
290         matches.add(new MatchMetadata(MetaDataUtil.getVpnIdMetadata(routerId), MetaDataUtil.METADATA_MASK_VRFID));
291
292         ArrayList<ActionInfo> listActionInfo = new ArrayList<>();
293         ArrayList<InstructionInfo> instructionInfo = new ArrayList<>();
294         listActionInfo.add(new ActionNxLoadInPort(BigInteger.ZERO));
295         listActionInfo.add(new ActionNxResubmit(NwConstants.L3_FIB_TABLE));
296         instructionInfo.add(new InstructionApplyActions(listActionInfo));
297
298
299         String flowRef = getFlowRef(dpnId, NwConstants.NAPT_PFIB_TABLE, routerId);
300         flowRef = flowRef + "INBOUND";
301         syncFlow(dpnId, NwConstants.NAPT_PFIB_TABLE, flowRef, NatConstants.DEFAULT_PSNAT_FLOW_PRIORITY, flowRef,
302                 NwConstants.COOKIE_SNAT_TABLE, matches, instructionInfo, addOrRemove);
303     }
304 }
NetVirt - Archived