2 * Copyright (c) 2017 Red Hat, Inc. and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
8 package org.opendaylight.netvirt.natservice.internal;
10 import java.math.BigInteger;
11 import java.util.ArrayList;
12 import java.util.List;
13 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
14 import org.opendaylight.genius.interfacemanager.interfaces.IInterfaceManager;
15 import org.opendaylight.genius.mdsalutil.ActionInfo;
16 import org.opendaylight.genius.mdsalutil.InstructionInfo;
17 import org.opendaylight.genius.mdsalutil.MatchInfo;
18 import org.opendaylight.genius.mdsalutil.MatchInfoBase;
19 import org.opendaylight.genius.mdsalutil.MetaDataUtil;
20 import org.opendaylight.genius.mdsalutil.NwConstants;
21 import org.opendaylight.genius.mdsalutil.actions.ActionNxConntrack;
22 import org.opendaylight.genius.mdsalutil.actions.ActionNxConntrack.NxCtAction;
23 import org.opendaylight.genius.mdsalutil.actions.ActionNxLoadInPort;
24 import org.opendaylight.genius.mdsalutil.actions.ActionNxLoadMetadata;
25 import org.opendaylight.genius.mdsalutil.actions.ActionNxResubmit;
26 import org.opendaylight.genius.mdsalutil.actions.ActionSetFieldEthernetSource;
27 import org.opendaylight.genius.mdsalutil.instructions.InstructionApplyActions;
28 import org.opendaylight.genius.mdsalutil.interfaces.IMdsalApiManager;
29 import org.opendaylight.genius.mdsalutil.matches.MatchEthernetType;
30 import org.opendaylight.genius.mdsalutil.matches.MatchIpv4Destination;
31 import org.opendaylight.genius.mdsalutil.matches.MatchMetadata;
32 import org.opendaylight.genius.mdsalutil.matches.MatchTunnelId;
33 import org.opendaylight.genius.mdsalutil.nxmatches.NxMatchCtState;
34 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.MacAddress;
35 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.Uuid;
36 import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.idmanager.rev160406.IdManagerService;
37 import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.rpcs.rev160406.OdlInterfaceRpcService;
38 import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.itm.rpcs.rev160406.ItmRpcService;
39 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.natservice.rev160111.ext.routers.Routers;
40 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.natservice.rev160111.ext.routers.routers.ExternalIps;
41 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.types.rev160517.IpPrefixOrAddress;
42 import org.opendaylight.yang.gen.v1.urn.opendaylight.openflowjava.nx.action.rev140421.NxActionNatFlags;
43 import org.opendaylight.yang.gen.v1.urn.opendaylight.openflowjava.nx.action.rev140421.NxActionNatRangePresent;
44 import org.slf4j.Logger;
45 import org.slf4j.LoggerFactory;
47 public abstract class ConntrackBasedSnatService extends AbstractSnatService {
48 private static final Logger LOG = LoggerFactory.getLogger(ConntrackBasedSnatService.class);
50 protected static final int TRACKED_NEW_CT_STATE = 0x21;
51 protected static final int TRACKED_NEW_CT_MASK = 0x21;
52 protected static final int SNAT_CT_STATE = 0x40;
53 protected static final int SNAT_CT_STATE_MASK = 0x40;
54 protected static final int DNAT_CT_STATE = 0x80;
55 protected static final int DNAT_CT_STATE_MASK = 0x80;
57 public ConntrackBasedSnatService(DataBroker dataBroker, IMdsalApiManager mdsalManager, ItmRpcService itmManager,
58 IdManagerService idManager, NAPTSwitchSelector naptSwitchSelector,
59 OdlInterfaceRpcService odlInterfaceRpcService,
60 IInterfaceManager interfaceManager) {
61 super(dataBroker, mdsalManager, itmManager, odlInterfaceRpcService, idManager, naptSwitchSelector,
66 protected void installSnatSpecificEntriesForNaptSwitch(Routers routers, BigInteger dpnId, int addOrRemove) {
67 LOG.info("installSnatSpecificEntriesForNaptSwitch: called for router {}",
68 routers.getRouterName());
69 String routerName = routers.getRouterName();
70 Long routerId = NatUtil.getVpnId(getDataBroker(), routerName);
71 int elanId = NatUtil.getElanInstanceByName(routers.getNetworkId().getValue(), getDataBroker())
72 .getElanTag().intValue();
73 /* Install Outbound NAT entries */
75 installSnatMissEntryForPrimrySwch(dpnId, routerId, elanId, addOrRemove);
76 installTerminatingServiceTblEntry(dpnId, routerId, elanId, addOrRemove);
78 String extGwMacAddress = NatUtil.getExtGwMacAddFromRouterName(getDataBroker(), routerName);
79 createOutboundTblTrackEntry(dpnId, routerId, extGwMacAddress, addOrRemove);
80 List<ExternalIps> externalIps = routers.getExternalIps();
81 if (externalIps.isEmpty()) {
82 LOG.error("AbstractSnatService: installSnatCommonEntriesForNaptSwitch no externalIP present"
87 //The logic now handle only one external IP per router, others if present will be ignored.
88 String externalIp = externalIps.get(0).getIpAddress();
89 Uuid externalSubnetId = externalIps.get(0).getSubnetId();
90 long extSubnetId = NatConstants.INVALID_ID;
91 if (addOrRemove == NwConstants.ADD_FLOW) {
92 extSubnetId = NatUtil.getExternalSubnetVpnId(getDataBroker(),externalSubnetId);
94 createOutboundTblEntry(dpnId, routerId, externalIp, elanId, extGwMacAddress, addOrRemove);
95 installNaptPfibFlow(routers, dpnId, routerId, extSubnetId, addOrRemove);
97 //Install Inbound NAT entries
98 installInboundEntry(dpnId, routerId, externalIp, elanId, extSubnetId, addOrRemove);
99 installNaptPfibEntry(dpnId, routerId, addOrRemove);
104 protected void installSnatSpecificEntriesForNonNaptSwitch(Routers routers, BigInteger dpnId, int addOrRemove) {
105 // Nothing to to do here.
109 protected void installSnatMissEntryForPrimrySwch(BigInteger dpnId, Long routerId, int elanId, int addOrRemove) {
110 LOG.info("installSnatSpecificEntriesForNaptSwitch : called for the primary NAPT switch dpnId {}", dpnId);
111 List<MatchInfo> matches = new ArrayList<>();
112 matches.add(MatchEthernetType.IPV4);
113 matches.add(new MatchMetadata(MetaDataUtil.getVpnIdMetadata(routerId), MetaDataUtil.METADATA_MASK_VRFID));
114 List<InstructionInfo> instructions = new ArrayList<>();
115 List<ActionInfo> actionsInfos = new ArrayList<>();
116 List<NxCtAction> ctActionsList = new ArrayList<>();
117 NxCtAction nxCtAction = new ActionNxConntrack.NxNat(0, 0, 0,null, null,0, 0);
118 ctActionsList.add(nxCtAction);
119 ActionNxConntrack actionNxConntrack = new ActionNxConntrack(0, 0, elanId,
120 NwConstants.OUTBOUND_NAPT_TABLE,ctActionsList);
122 actionsInfos.add(actionNxConntrack);
123 instructions.add(new InstructionApplyActions(actionsInfos));
125 String flowRef = getFlowRef(dpnId, NwConstants.PSNAT_TABLE, routerId);
126 syncFlow(dpnId, NwConstants.PSNAT_TABLE, flowRef, NatConstants.DEFAULT_PSNAT_FLOW_PRIORITY, flowRef,
127 NwConstants.COOKIE_SNAT_TABLE, matches, instructions, addOrRemove);
130 protected void installTerminatingServiceTblEntry(BigInteger dpnId, Long routerId, int elanId, int addOrRemove) {
131 LOG.info("installTerminatingServiceTblEntry : creating entry for Terminating Service Table "
132 + "for switch {}, routerId {}", dpnId, routerId);
133 List<MatchInfo> matches = new ArrayList<>();
134 matches.add(MatchEthernetType.IPV4);
135 matches.add(new MatchTunnelId(BigInteger.valueOf(routerId)));
138 List<ActionInfo> actionsInfos = new ArrayList<>();
139 List<NxCtAction> ctActionsList = new ArrayList<>();
140 NxCtAction nxCtAction = new ActionNxConntrack.NxNat(0, 0, 0,null, null,0, 0);
141 ctActionsList.add(nxCtAction);
142 ActionNxConntrack actionNxConntrack = new ActionNxConntrack(0, 0, elanId, NwConstants
143 .OUTBOUND_NAPT_TABLE,ctActionsList);
144 ActionNxLoadMetadata actionLoadMeta = new ActionNxLoadMetadata(MetaDataUtil
145 .getVpnIdMetadata(routerId.longValue()), LOAD_START, LOAD_END);
146 actionsInfos.add(actionLoadMeta);
147 actionsInfos.add(actionNxConntrack);
148 List<InstructionInfo> instructions = new ArrayList<>();
149 instructions.add(new InstructionApplyActions(actionsInfos));
150 String flowRef = getFlowRef(dpnId, NwConstants.INTERNAL_TUNNEL_TABLE, routerId.longValue());
151 syncFlow(dpnId, NwConstants.INTERNAL_TUNNEL_TABLE, flowRef, NatConstants.DEFAULT_TS_FLOW_PRIORITY, flowRef,
152 NwConstants.COOKIE_SNAT_TABLE, matches, instructions, addOrRemove);
156 protected void createOutboundTblTrackEntry(BigInteger dpnId, Long routerId, String extGwMacAddress,
158 LOG.info("createOutboundTblTrackEntry : called for switch {}, routerId {}", dpnId, routerId);
159 List<MatchInfoBase> matches = new ArrayList<>();
160 matches.add(MatchEthernetType.IPV4);
161 matches.add(new NxMatchCtState(SNAT_CT_STATE, SNAT_CT_STATE_MASK));
162 matches.add(new MatchMetadata(MetaDataUtil.getVpnIdMetadata(routerId), MetaDataUtil.METADATA_MASK_VRFID));
163 ArrayList<ActionInfo> listActionInfo = new ArrayList<>();
164 if (addOrRemove == NwConstants.ADD_FLOW) {
165 listActionInfo.add(new ActionSetFieldEthernetSource(new MacAddress(extGwMacAddress)));
167 ArrayList<InstructionInfo> instructionInfo = new ArrayList<>();
168 listActionInfo.add(new ActionNxResubmit(NwConstants.NAPT_PFIB_TABLE));
169 instructionInfo.add(new InstructionApplyActions(listActionInfo));
171 String flowRef = getFlowRef(dpnId, NwConstants.OUTBOUND_NAPT_TABLE, routerId);
173 syncFlow(dpnId, NwConstants.OUTBOUND_NAPT_TABLE, flowRef, NatConstants.SNAT_TRK_FLOW_PRIORITY, flowRef,
174 NwConstants.COOKIE_SNAT_TABLE, matches, instructionInfo, addOrRemove);
178 protected void createOutboundTblEntry(BigInteger dpnId, long routerId, String externalIp,
179 int elanId, String extGwMacAddress, int addOrRemove) {
180 LOG.info("createOutboundTblEntry : dpId {} and routerId {}", dpnId, routerId);
181 List<MatchInfoBase> matches = new ArrayList<>();
182 matches.add(MatchEthernetType.IPV4);
183 matches.add(new NxMatchCtState(TRACKED_NEW_CT_STATE, TRACKED_NEW_CT_MASK));
184 matches.add(new MatchMetadata(MetaDataUtil.getVpnIdMetadata(routerId), MetaDataUtil.METADATA_MASK_VRFID));
185 List<ActionInfo> actionsInfos = new ArrayList<>();
186 if (addOrRemove == NwConstants.ADD_FLOW) {
187 actionsInfos.add(new ActionSetFieldEthernetSource(new MacAddress(extGwMacAddress)));
189 List<NxCtAction> ctActionsListCommit = new ArrayList<>();
190 int rangePresent = NxActionNatRangePresent.NXNATRANGEIPV4MIN.getIntValue();
191 int flags = NxActionNatFlags.NXNATFSRC.getIntValue();
192 NxCtAction nxCtActionCommit = new ActionNxConntrack.NxNat(0, flags, rangePresent,
193 new IpPrefixOrAddress(externalIp.toCharArray()).getIpAddress(),
195 ctActionsListCommit.add(nxCtActionCommit);
196 int ctCommitFlag = 1;
197 ActionNxConntrack actionNxConntrackSubmit = new ActionNxConntrack(ctCommitFlag, 0, elanId,
198 NwConstants.NAPT_PFIB_TABLE, ctActionsListCommit);
199 actionsInfos.add(actionNxConntrackSubmit);
200 List<InstructionInfo> instructions = new ArrayList<>();
201 instructions.add(new InstructionApplyActions(actionsInfos));
202 String flowRef = getFlowRef(dpnId, NwConstants.OUTBOUND_NAPT_TABLE, routerId);
203 syncFlow(dpnId, NwConstants.OUTBOUND_NAPT_TABLE, flowRef, NatConstants.SNAT_NEW_FLOW_PRIORITY,
204 flowRef, NwConstants.COOKIE_SNAT_TABLE, matches, instructions, addOrRemove);
207 protected void installNaptPfibFlow(Routers routers, BigInteger dpnId, long routerId,
208 long extSubnetId, int addOrRemove) {
209 Long extNetId = NatUtil.getVpnId(getDataBroker(), routers.getNetworkId().getValue());
210 LOG.info("installNaptPfibFlow : dpId {}, extNetId {}", dpnId, extNetId);
211 List<MatchInfoBase> matches = new ArrayList<>();
212 matches.add(MatchEthernetType.IPV4);
213 matches.add(new NxMatchCtState(SNAT_CT_STATE, SNAT_CT_STATE_MASK));
214 matches.add(new MatchMetadata(MetaDataUtil.getVpnIdMetadata(routerId), MetaDataUtil.METADATA_MASK_VRFID));
215 List<ActionInfo> listActionInfo = new ArrayList<>();
216 if (addOrRemove == NwConstants.ADD_FLOW) {
217 if (extSubnetId == NatConstants.INVALID_ID) {
218 LOG.error("installNaptPfibFlow : external subnet id is invalid.");
221 ActionNxLoadMetadata actionLoadMeta = new ActionNxLoadMetadata(MetaDataUtil
222 .getVpnIdMetadata(extSubnetId), LOAD_START, LOAD_END);
223 listActionInfo.add(actionLoadMeta);
225 ArrayList<InstructionInfo> instructions = new ArrayList<>();
226 listActionInfo.add(new ActionNxLoadInPort(BigInteger.ZERO));
227 listActionInfo.add(new ActionNxResubmit(NwConstants.L3_FIB_TABLE));
228 instructions.add(new InstructionApplyActions(listActionInfo));
229 String flowRef = getFlowRef(dpnId, NwConstants.NAPT_PFIB_TABLE, routerId);
230 flowRef = flowRef + "OUTBOUND";
231 syncFlow(dpnId, NwConstants.NAPT_PFIB_TABLE, flowRef, NatConstants.SNAT_TRK_FLOW_PRIORITY,
232 flowRef, NwConstants.COOKIE_SNAT_TABLE, matches, instructions, addOrRemove);
235 protected void installInboundEntry(BigInteger dpnId, long routerId, String externalIp, int elanId, long extSubnetId,
237 LOG.info("installInboundEntry : dpId {} and routerId {}", dpnId, routerId);
238 List<MatchInfoBase> matches = new ArrayList<>();
239 matches.add(MatchEthernetType.IPV4);
240 matches.add(new MatchIpv4Destination(externalIp,"32"));
241 if (addOrRemove == NwConstants.ADD_FLOW) {
242 if (extSubnetId == NatConstants.INVALID_ID) {
243 LOG.error("installInboundEntry : external subnet id is invalid.");
246 matches.add(new MatchMetadata(MetaDataUtil.getVpnIdMetadata(extSubnetId),
247 MetaDataUtil.METADATA_MASK_VRFID));
249 List<ActionInfo> actionsInfos = new ArrayList<>();
250 List<NxCtAction> ctActionsList = new ArrayList<>();
251 NxCtAction nxCtAction = new ActionNxConntrack.NxNat(0, 0, 0,null, null,0, 0);
252 ActionNxLoadMetadata actionLoadMeta = new ActionNxLoadMetadata(MetaDataUtil
253 .getVpnIdMetadata(routerId), LOAD_START, LOAD_END);
254 actionsInfos.add(actionLoadMeta);
255 ctActionsList.add(nxCtAction);
256 ActionNxConntrack actionNxConntrack = new ActionNxConntrack(0, 0, elanId, NwConstants
257 .NAPT_PFIB_TABLE,ctActionsList);
259 actionsInfos.add(actionNxConntrack);
260 List<InstructionInfo> instructions = new ArrayList<>();
261 instructions.add(new InstructionApplyActions(actionsInfos));
262 String flowRef = getFlowRef(dpnId, NwConstants.INBOUND_NAPT_TABLE, routerId);
263 flowRef = flowRef + "OUTBOUND";
264 syncFlow(dpnId, NwConstants.INBOUND_NAPT_TABLE, flowRef, NatConstants.DEFAULT_TS_FLOW_PRIORITY, flowRef,
265 NwConstants.COOKIE_SNAT_TABLE, matches, instructions, addOrRemove);
268 protected void installNaptPfibEntry(BigInteger dpnId, long routerId, int addOrRemove) {
269 LOG.info("installNaptPfibEntry : called for dpnId {} and routerId {} ", dpnId, routerId);
270 List<MatchInfoBase> matches = new ArrayList<>();
271 matches.add(MatchEthernetType.IPV4);
272 matches.add(new NxMatchCtState(DNAT_CT_STATE, DNAT_CT_STATE_MASK));
273 matches.add(new MatchMetadata(MetaDataUtil.getVpnIdMetadata(routerId), MetaDataUtil.METADATA_MASK_VRFID));
275 ArrayList<ActionInfo> listActionInfo = new ArrayList<>();
276 ArrayList<InstructionInfo> instructionInfo = new ArrayList<>();
277 listActionInfo.add(new ActionNxLoadInPort(BigInteger.ZERO));
278 listActionInfo.add(new ActionNxResubmit(NwConstants.L3_FIB_TABLE));
279 instructionInfo.add(new InstructionApplyActions(listActionInfo));
282 String flowRef = getFlowRef(dpnId, NwConstants.NAPT_PFIB_TABLE, routerId);
283 flowRef = flowRef + "INBOUND";
284 syncFlow(dpnId, NwConstants.NAPT_PFIB_TABLE, flowRef, NatConstants.DEFAULT_PSNAT_FLOW_PRIORITY, flowRef,
285 NwConstants.COOKIE_SNAT_TABLE, matches, instructionInfo, addOrRemove);