natservice/impl/src/main/java/org/opendaylight/netvirt/natservice/internal/ConntrackBasedSnatService.java

   1 /*
   2  * Copyright (c) 2017 Red Hat, Inc. and others. All rights reserved.
   3  *
   4  * This program and the accompanying materials are made available under the
   5  * terms of the Eclipse Public License v1.0 which accompanies this distribution,
   6  * and is available at http://www.eclipse.org/legal/epl-v10.html
   7  */
   8 package org.opendaylight.netvirt.natservice.internal;
   9
  10 import java.math.BigInteger;
  11 import java.util.ArrayList;
  12 import java.util.List;
  13 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
  14 import org.opendaylight.genius.mdsalutil.ActionInfo;
  15 import org.opendaylight.genius.mdsalutil.InstructionInfo;
  16 import org.opendaylight.genius.mdsalutil.MatchInfo;
  17 import org.opendaylight.genius.mdsalutil.MatchInfoBase;
  18 import org.opendaylight.genius.mdsalutil.MetaDataUtil;
  19 import org.opendaylight.genius.mdsalutil.NwConstants;
  20 import org.opendaylight.genius.mdsalutil.actions.ActionNxConntrack;
  21 import org.opendaylight.genius.mdsalutil.actions.ActionNxConntrack.NxCtAction;
  22 import org.opendaylight.genius.mdsalutil.actions.ActionNxLoadInPort;
  23 import org.opendaylight.genius.mdsalutil.actions.ActionNxLoadMetadata;
  24 import org.opendaylight.genius.mdsalutil.actions.ActionNxResubmit;
  25 import org.opendaylight.genius.mdsalutil.actions.ActionSetFieldEthernetSource;
  26 import org.opendaylight.genius.mdsalutil.instructions.InstructionApplyActions;
  27 import org.opendaylight.genius.mdsalutil.interfaces.IMdsalApiManager;
  28 import org.opendaylight.genius.mdsalutil.matches.MatchEthernetType;
  29 import org.opendaylight.genius.mdsalutil.matches.MatchIpv4Destination;
  30 import org.opendaylight.genius.mdsalutil.matches.MatchMetadata;
  31 import org.opendaylight.genius.mdsalutil.matches.MatchTunnelId;
  32 import org.opendaylight.genius.mdsalutil.nxmatches.NxMatchCtState;
  33 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.MacAddress;
  34 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.Uuid;
  35 import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.idmanager.rev160406.IdManagerService;
  36 import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.rpcs.rev160406.OdlInterfaceRpcService;
  37 import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.itm.rpcs.rev160406.ItmRpcService;
  38 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.natservice.rev160111.ext.routers.Routers;
  39 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.natservice.rev160111.ext.routers.routers.ExternalIps;
  40 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.types.rev160517.IpPrefixOrAddress;
  41 import org.opendaylight.yang.gen.v1.urn.opendaylight.openflowjava.nx.action.rev140421.NxActionNatFlags;
  42 import org.opendaylight.yang.gen.v1.urn.opendaylight.openflowjava.nx.action.rev140421.NxActionNatRangePresent;
  43 import org.slf4j.Logger;
  44 import org.slf4j.LoggerFactory;
  45
  46 public abstract class ConntrackBasedSnatService extends AbstractSnatService {
  47     private static final Logger LOG = LoggerFactory.getLogger(ConntrackBasedSnatService.class);
  48
  49     protected static final int TRACKED_NEW_CT_STATE = 0x21;
  50     protected static final int TRACKED_NEW_CT_MASK = 0x21;
  51     protected static final int SNAT_CT_STATE = 0x40;
  52     protected static final int SNAT_CT_STATE_MASK = 0x40;
  53     protected static final int DNAT_CT_STATE = 0x80;
  54     protected static final int DNAT_CT_STATE_MASK = 0x80;
  55
  56     public ConntrackBasedSnatService(DataBroker dataBroker, IMdsalApiManager mdsalManager, ItmRpcService itmManager,
  57             OdlInterfaceRpcService interfaceManager, IdManagerService idManager,
  58             NAPTSwitchSelector naptSwitchSelector) {
  59         super(dataBroker, mdsalManager, itmManager, interfaceManager, idManager, naptSwitchSelector);
  60     }
  61
  62     @Override
  63     protected void installSnatSpecificEntriesForNaptSwitch(Routers routers, BigInteger dpnId, int addOrRemove) {
  64         LOG.info("installSnatSpecificEntriesForNaptSwitch: called for router {}",
  65                 routers.getRouterName());
  66         String routerName = routers.getRouterName();
  67         Long routerId = NatUtil.getVpnId(getDataBroker(), routerName);
  68         int elanId = NatUtil.getElanInstanceByName(routers.getNetworkId().getValue(), getDataBroker())
  69                 .getElanTag().intValue();
  70         /* Install Outbound NAT entries */
  71
  72         installSnatMissEntryForPrimrySwch(dpnId, routerId, elanId, addOrRemove);
  73         installTerminatingServiceTblEntry(dpnId, routerId, elanId, addOrRemove);
  74
  75         String extGwMacAddress = NatUtil.getExtGwMacAddFromRouterName(getDataBroker(), routerName);
  76         createOutboundTblTrackEntry(dpnId, routerId, extGwMacAddress, addOrRemove);
  77         List<ExternalIps> externalIps = routers.getExternalIps();
  78         if (externalIps.isEmpty()) {
  79             LOG.error("AbstractSnatService: installSnatCommonEntriesForNaptSwitch no externalIP present"
  80                     + " for routerId {}",
  81                     routerId);
  82             return;
  83         }
  84         //The logic now handle only one external IP per router, others if present will be ignored.
  85         String externalIp = externalIps.get(0).getIpAddress();
  86         Uuid externalSubnetId = externalIps.get(0).getSubnetId();
  87         long extSubnetId = NatConstants.INVALID_ID;
  88         if (addOrRemove == NwConstants.ADD_FLOW) {
  89             extSubnetId = NatUtil.getExternalSubnetVpnId(getDataBroker(),externalSubnetId);
  90         }
  91         createOutboundTblEntry(dpnId, routerId, externalIp, elanId, extGwMacAddress, addOrRemove);
  92         installNaptPfibFlow(routers, dpnId, routerId, routerName, extSubnetId, addOrRemove);
  93
  94         //Install Inbound NAT entries
  95         Long extNetId = NatUtil.getVpnId(getDataBroker(), routers.getNetworkId().getValue());
  96         installInboundEntry(dpnId, routerId, routerName, extNetId, externalIp, elanId, extSubnetId, addOrRemove);
  97         installNaptPfibEntry(dpnId, routerId, addOrRemove);
  98
  99     }
 100
 101     @Override
 102     protected void installSnatSpecificEntriesForNonNaptSwitch(Routers routers, BigInteger dpnId, int addOrRemove) {
 103         // Nothing to to do here.
 104
 105     }
 106
 107     protected void installSnatMissEntryForPrimrySwch(BigInteger dpnId, Long routerId, int elanId, int addOrRemove) {
 108         LOG.info("installSnatSpecificEntriesForNaptSwitch : called for the primary NAPT switch dpnId {}", dpnId);
 109         List<MatchInfo> matches = new ArrayList<>();
 110         matches.add(MatchEthernetType.IPV4);
 111         matches.add(new MatchMetadata(MetaDataUtil.getVpnIdMetadata(routerId), MetaDataUtil.METADATA_MASK_VRFID));
 112         List<InstructionInfo> instructions = new ArrayList<>();
 113         List<ActionInfo> actionsInfos = new ArrayList<>();
 114         List<NxCtAction> ctActionsList = new ArrayList<>();
 115         NxCtAction nxCtAction = new ActionNxConntrack.NxNat(0, 0, 0,null, null,0, 0);
 116         ctActionsList.add(nxCtAction);
 117         ActionNxConntrack actionNxConntrack = new ActionNxConntrack(0, 0, elanId,
 118                 NwConstants.OUTBOUND_NAPT_TABLE,ctActionsList);
 119
 120         actionsInfos.add(actionNxConntrack);
 121         instructions.add(new InstructionApplyActions(actionsInfos));
 122
 123         String flowRef = getFlowRef(dpnId, NwConstants.PSNAT_TABLE, routerId);
 124         syncFlow(dpnId, NwConstants.PSNAT_TABLE, flowRef, NatConstants.DEFAULT_PSNAT_FLOW_PRIORITY, flowRef,
 125                 NwConstants.COOKIE_SNAT_TABLE, matches, instructions, addOrRemove);
 126     }
 127
 128     protected void installTerminatingServiceTblEntry(BigInteger dpnId, Long  routerId, int elanId, int addOrRemove) {
 129         LOG.info("installTerminatingServiceTblEntry : creating entry for Terminating Service Table "
 130                 + "for switch {}, routerId {}", dpnId, routerId);
 131         List<MatchInfo> matches = new ArrayList<>();
 132         matches.add(MatchEthernetType.IPV4);
 133         matches.add(new MatchTunnelId(BigInteger.valueOf(routerId)));
 134
 135
 136         List<ActionInfo> actionsInfos = new ArrayList<>();
 137         List<NxCtAction> ctActionsList = new ArrayList<>();
 138         NxCtAction nxCtAction = new ActionNxConntrack.NxNat(0, 0, 0,null, null,0, 0);
 139         ctActionsList.add(nxCtAction);
 140         ActionNxConntrack actionNxConntrack = new ActionNxConntrack(0, 0, elanId, NwConstants
 141                 .OUTBOUND_NAPT_TABLE,ctActionsList);
 142         ActionNxLoadMetadata actionLoadMeta = new ActionNxLoadMetadata(MetaDataUtil
 143                 .getVpnIdMetadata(routerId.longValue()), LOAD_START, LOAD_END);
 144         actionsInfos.add(actionLoadMeta);
 145         actionsInfos.add(actionNxConntrack);
 146         List<InstructionInfo> instructions = new ArrayList<>();
 147         instructions.add(new InstructionApplyActions(actionsInfos));
 148         String flowRef = getFlowRef(dpnId, NwConstants.INTERNAL_TUNNEL_TABLE, routerId.longValue());
 149         syncFlow(dpnId,  NwConstants.INTERNAL_TUNNEL_TABLE, flowRef, NatConstants.DEFAULT_TS_FLOW_PRIORITY, flowRef,
 150                  NwConstants.COOKIE_SNAT_TABLE, matches, instructions, addOrRemove);
 151
 152     }
 153
 154     protected void createOutboundTblTrackEntry(BigInteger dpnId, Long routerId, String extGwMacAddress,
 155             int addOrRemove) {
 156         LOG.info("createOutboundTblTrackEntry : called for switch {}, routerId {}", dpnId, routerId);
 157         List<MatchInfoBase> matches = new ArrayList<>();
 158         matches.add(MatchEthernetType.IPV4);
 159         matches.add(new NxMatchCtState(SNAT_CT_STATE, SNAT_CT_STATE_MASK));
 160         matches.add(new MatchMetadata(MetaDataUtil.getVpnIdMetadata(routerId), MetaDataUtil.METADATA_MASK_VRFID));
 161         ArrayList<ActionInfo> listActionInfo = new ArrayList<>();
 162         if (addOrRemove == NwConstants.ADD_FLOW) {
 163             listActionInfo.add(new ActionSetFieldEthernetSource(new MacAddress(extGwMacAddress)));
 164         }
 165         ArrayList<InstructionInfo> instructionInfo = new ArrayList<>();
 166         listActionInfo.add(new ActionNxResubmit(NwConstants.NAPT_PFIB_TABLE));
 167         instructionInfo.add(new InstructionApplyActions(listActionInfo));
 168
 169         String flowRef = getFlowRef(dpnId, NwConstants.OUTBOUND_NAPT_TABLE, routerId);
 170         flowRef += "trkest";
 171         syncFlow(dpnId, NwConstants.OUTBOUND_NAPT_TABLE, flowRef, NatConstants.SNAT_TRK_FLOW_PRIORITY, flowRef,
 172                 NwConstants.COOKIE_SNAT_TABLE, matches, instructionInfo, addOrRemove);
 173
 174     }
 175
 176     protected void createOutboundTblEntry(BigInteger dpnId, long routerId, String externalIp,
 177             int elanId, String extGwMacAddress,  int addOrRemove) {
 178         LOG.info("createOutboundTblEntry : dpId {} and routerId {}", dpnId, routerId);
 179         List<MatchInfoBase> matches = new ArrayList<>();
 180         matches.add(MatchEthernetType.IPV4);
 181         matches.add(new NxMatchCtState(TRACKED_NEW_CT_STATE, TRACKED_NEW_CT_MASK));
 182         matches.add(new MatchMetadata(MetaDataUtil.getVpnIdMetadata(routerId), MetaDataUtil.METADATA_MASK_VRFID));
 183         List<ActionInfo> actionsInfos = new ArrayList<>();
 184         if (addOrRemove == NwConstants.ADD_FLOW) {
 185             actionsInfos.add(new ActionSetFieldEthernetSource(new MacAddress(extGwMacAddress)));
 186         }
 187         List<NxCtAction> ctActionsListCommit = new ArrayList<>();
 188         int rangePresent = NxActionNatRangePresent.NXNATRANGEIPV4MIN.getIntValue();
 189         int flags = NxActionNatFlags.NXNATFSRC.getIntValue();
 190         NxCtAction nxCtActionCommit = new ActionNxConntrack.NxNat(0, flags, rangePresent,
 191                 new IpPrefixOrAddress(externalIp.toCharArray()).getIpAddress(),
 192                 null,0, 0);
 193         ctActionsListCommit.add(nxCtActionCommit);
 194         int ctCommitFlag = 1;
 195         ActionNxConntrack actionNxConntrackSubmit = new ActionNxConntrack(ctCommitFlag, 0, elanId,
 196                 NwConstants.NAPT_PFIB_TABLE, ctActionsListCommit);
 197         actionsInfos.add(actionNxConntrackSubmit);
 198         List<InstructionInfo> instructions = new ArrayList<>();
 199         instructions.add(new InstructionApplyActions(actionsInfos));
 200         String flowRef = getFlowRef(dpnId, NwConstants.OUTBOUND_NAPT_TABLE, routerId);
 201         syncFlow(dpnId, NwConstants.OUTBOUND_NAPT_TABLE, flowRef,  NatConstants.SNAT_NEW_FLOW_PRIORITY,
 202                 flowRef, NwConstants.COOKIE_SNAT_TABLE, matches, instructions, addOrRemove);
 203     }
 204
 205     protected void installNaptPfibFlow(Routers routers, BigInteger dpnId, long routerId,
 206             String routerName, long extSubnetId, int addOrRemove) {
 207         Long extNetId = NatUtil.getVpnId(getDataBroker(), routers.getNetworkId().getValue());
 208         LOG.info("installNaptPfibFlow : dpId {}, extNetId {}", dpnId, extNetId);
 209         List<MatchInfoBase> matches = new ArrayList<>();
 210         matches.add(MatchEthernetType.IPV4);
 211         matches.add(new NxMatchCtState(SNAT_CT_STATE, SNAT_CT_STATE_MASK));
 212         matches.add(new MatchMetadata(MetaDataUtil.getVpnIdMetadata(routerId), MetaDataUtil.METADATA_MASK_VRFID));
 213         List<ActionInfo> listActionInfo = new ArrayList<>();
 214         if (addOrRemove == NwConstants.ADD_FLOW) {
 215             if (extSubnetId == NatConstants.INVALID_ID) {
 216                 LOG.error("installNaptPfibFlow : external subnet id is invalid.");
 217                 return;
 218             }
 219             ActionNxLoadMetadata actionLoadMeta = new ActionNxLoadMetadata(MetaDataUtil
 220                     .getVpnIdMetadata(extSubnetId), LOAD_START, LOAD_END);
 221             listActionInfo.add(actionLoadMeta);
 222         }
 223         ArrayList<InstructionInfo> instructions = new ArrayList<>();
 224         listActionInfo.add(new ActionNxLoadInPort(BigInteger.ZERO));
 225         listActionInfo.add(new ActionNxResubmit(NwConstants.L3_FIB_TABLE));
 226         instructions.add(new InstructionApplyActions(listActionInfo));
 227         String flowRef = getFlowRef(dpnId, NwConstants.NAPT_PFIB_TABLE, routerId);
 228         flowRef = flowRef + "OUTBOUND";
 229         syncFlow(dpnId, NwConstants.NAPT_PFIB_TABLE, flowRef, NatConstants.SNAT_TRK_FLOW_PRIORITY,
 230                 flowRef, NwConstants.COOKIE_SNAT_TABLE, matches, instructions, addOrRemove);
 231     }
 232
 233     protected void installInboundEntry(BigInteger dpnId, long routerId, String routerName, Long extNetId,
 234             String externalIp, int elanId, long extSubnetId, int addOrRemove) {
 235         LOG.info("installInboundEntry : dpId {} and routerId {}", dpnId, routerId);
 236         List<MatchInfoBase> matches = new ArrayList<>();
 237         matches.add(MatchEthernetType.IPV4);
 238         matches.add(new MatchIpv4Destination(externalIp,"32"));
 239         if (addOrRemove == NwConstants.ADD_FLOW) {
 240             if (extSubnetId == NatConstants.INVALID_ID) {
 241                 LOG.error("installInboundEntry : external subnet id is invalid.");
 242                 return;
 243             }
 244             matches.add(new MatchMetadata(MetaDataUtil.getVpnIdMetadata(extSubnetId),
 245                     MetaDataUtil.METADATA_MASK_VRFID));
 246         }
 247         List<ActionInfo> actionsInfos = new ArrayList<>();
 248         List<NxCtAction> ctActionsList = new ArrayList<>();
 249         NxCtAction nxCtAction = new ActionNxConntrack.NxNat(0, 0, 0,null, null,0, 0);
 250         ActionNxLoadMetadata actionLoadMeta = new ActionNxLoadMetadata(MetaDataUtil
 251                 .getVpnIdMetadata(routerId), LOAD_START, LOAD_END);
 252         actionsInfos.add(actionLoadMeta);
 253         ctActionsList.add(nxCtAction);
 254         ActionNxConntrack actionNxConntrack = new ActionNxConntrack(0, 0, elanId, NwConstants
 255                 .NAPT_PFIB_TABLE,ctActionsList);
 256
 257         actionsInfos.add(actionNxConntrack);
 258         List<InstructionInfo> instructions = new ArrayList<>();
 259         instructions.add(new InstructionApplyActions(actionsInfos));
 260         String flowRef = getFlowRef(dpnId, NwConstants.INBOUND_NAPT_TABLE, routerId);
 261         flowRef = flowRef + "OUTBOUND";
 262         syncFlow(dpnId, NwConstants.INBOUND_NAPT_TABLE, flowRef, NatConstants.DEFAULT_TS_FLOW_PRIORITY, flowRef,
 263                 NwConstants.COOKIE_SNAT_TABLE, matches, instructions, addOrRemove);
 264     }
 265
 266     protected void installNaptPfibEntry(BigInteger dpnId, long routerId, int addOrRemove) {
 267         LOG.info("installNaptPfibEntry : called for dpnId {} and routerId {} ", dpnId, routerId);
 268         List<MatchInfoBase> matches = new ArrayList<>();
 269         matches.add(MatchEthernetType.IPV4);
 270         matches.add(new NxMatchCtState(DNAT_CT_STATE, DNAT_CT_STATE_MASK));
 271         matches.add(new MatchMetadata(MetaDataUtil.getVpnIdMetadata(routerId), MetaDataUtil.METADATA_MASK_VRFID));
 272
 273         ArrayList<ActionInfo> listActionInfo = new ArrayList<>();
 274         ArrayList<InstructionInfo> instructionInfo = new ArrayList<>();
 275         listActionInfo.add(new ActionNxLoadInPort(BigInteger.ZERO));
 276         listActionInfo.add(new ActionNxResubmit(NwConstants.L3_FIB_TABLE));
 277         instructionInfo.add(new InstructionApplyActions(listActionInfo));
 278
 279
 280         String flowRef = getFlowRef(dpnId, NwConstants.NAPT_PFIB_TABLE, routerId);
 281         flowRef = flowRef + "INBOUND";
 282         syncFlow(dpnId, NwConstants.NAPT_PFIB_TABLE, flowRef, NatConstants.DEFAULT_PSNAT_FLOW_PRIORITY, flowRef,
 283                 NwConstants.COOKIE_SNAT_TABLE, matches, instructionInfo, addOrRemove);
 284     }
 285 }