natservice/impl/src/main/java/org/opendaylight/netvirt/natservice/internal/ConntrackBasedSnatService.java

   1 /*
   2  * Copyright (c) 2017 Red Hat, Inc. and others. All rights reserved.
   3  *
   4  * This program and the accompanying materials are made available under the
   5  * terms of the Eclipse Public License v1.0 which accompanies this distribution,
   6  * and is available at http://www.eclipse.org/legal/epl-v10.html
   7  */
   8 package org.opendaylight.netvirt.natservice.internal;
   9
  10 import com.google.common.base.Optional;
  11 import java.math.BigInteger;
  12 import java.util.ArrayList;
  13 import java.util.List;
  14 import java.util.concurrent.ExecutionException;
  15 import org.apache.commons.lang3.tuple.ImmutablePair;
  16 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
  17 import org.opendaylight.genius.datastoreutils.listeners.DataTreeEventCallbackRegistrar;
  18 import org.opendaylight.genius.infra.Datastore.Configuration;
  19 import org.opendaylight.genius.infra.TypedReadWriteTransaction;
  20 import org.opendaylight.genius.infra.TypedWriteTransaction;
  21 import org.opendaylight.genius.interfacemanager.interfaces.IInterfaceManager;
  22 import org.opendaylight.genius.mdsalutil.ActionInfo;
  23 import org.opendaylight.genius.mdsalutil.InstructionInfo;
  24 import org.opendaylight.genius.mdsalutil.MatchInfo;
  25 import org.opendaylight.genius.mdsalutil.MatchInfoBase;
  26 import org.opendaylight.genius.mdsalutil.MetaDataUtil;
  27 import org.opendaylight.genius.mdsalutil.NWUtil;
  28 import org.opendaylight.genius.mdsalutil.NwConstants;
  29 import org.opendaylight.genius.mdsalutil.actions.ActionNxConntrack;
  30 import org.opendaylight.genius.mdsalutil.actions.ActionNxConntrack.NxCtAction;
  31 import org.opendaylight.genius.mdsalutil.actions.ActionNxCtClear;
  32 import org.opendaylight.genius.mdsalutil.actions.ActionNxLoadInPort;
  33 import org.opendaylight.genius.mdsalutil.actions.ActionNxLoadMetadata;
  34 import org.opendaylight.genius.mdsalutil.actions.ActionNxResubmit;
  35 import org.opendaylight.genius.mdsalutil.actions.ActionSetFieldEthernetSource;
  36 import org.opendaylight.genius.mdsalutil.instructions.InstructionApplyActions;
  37 import org.opendaylight.genius.mdsalutil.interfaces.IMdsalApiManager;
  38 import org.opendaylight.genius.mdsalutil.matches.MatchEthernetType;
  39 import org.opendaylight.genius.mdsalutil.matches.MatchIpv4Destination;
  40 import org.opendaylight.genius.mdsalutil.matches.MatchMetadata;
  41 import org.opendaylight.genius.mdsalutil.matches.MatchTunnelId;
  42 import org.opendaylight.genius.mdsalutil.nxmatches.NxMatchCtState;
  43 import org.opendaylight.netvirt.fibmanager.api.IFibManager;
  44 import org.opendaylight.netvirt.natservice.ha.NatDataUtil;
  45 import org.opendaylight.netvirt.vpnmanager.api.IVpnFootprintService;
  46 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.MacAddress;
  47 import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.idmanager.rev160406.IdManagerService;
  48 import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.rpcs.rev160406.OdlInterfaceRpcService;
  49 import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.itm.rpcs.rev160406.ItmRpcService;
  50 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.l3vpn.rev130911.vpn.instance.op.data.vpn.instance.op.data.entry.vpn.to.dpn.list.IpAddresses;
  51 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.natservice.rev160111.ext.routers.Routers;
  52 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.natservice.rev160111.ext.routers.routers.ExternalIps;
  53 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.natservice.rev160111.external.subnets.Subnets;
  54 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.types.rev160517.IpPrefixOrAddressBuilder;
  55 import org.opendaylight.yang.gen.v1.urn.opendaylight.openflowjava.nx.action.rev140421.NxActionNatFlags;
  56 import org.opendaylight.yang.gen.v1.urn.opendaylight.openflowjava.nx.action.rev140421.NxActionNatRangePresent;
  57 import org.slf4j.Logger;
  58 import org.slf4j.LoggerFactory;
  59
  60 public abstract class ConntrackBasedSnatService extends AbstractSnatService {
  61     private static final Logger LOG = LoggerFactory.getLogger(ConntrackBasedSnatService.class);
  62
  63     protected static final int TRACKED_NEW_CT_STATE = 0x21;
  64     protected static final int TRACKED_NEW_CT_MASK = 0x21;
  65     protected static final int SNAT_CT_STATE = 0x40;
  66     protected static final int SNAT_CT_STATE_MASK = 0x40;
  67     protected static final int DNAT_CT_STATE = 0x80;
  68     protected static final int DNAT_CT_STATE_MASK = 0x80;
  69
  70     public ConntrackBasedSnatService(DataBroker dataBroker, IMdsalApiManager mdsalManager, ItmRpcService itmManager,
  71                                      IdManagerService idManager, NAPTSwitchSelector naptSwitchSelector,
  72                                      OdlInterfaceRpcService odlInterfaceRpcService,
  73                                      IInterfaceManager interfaceManager, IVpnFootprintService vpnFootprintService,
  74                                      IFibManager fibManager, NatDataUtil natDataUtil,
  75                                      DataTreeEventCallbackRegistrar eventCallbacks) {
  76         super(dataBroker, mdsalManager, itmManager, odlInterfaceRpcService, idManager, naptSwitchSelector,
  77                 interfaceManager, vpnFootprintService, fibManager, natDataUtil, eventCallbacks);
  78     }
  79
  80     @Override
  81     protected void addSnatSpecificEntriesForNaptSwitch(TypedReadWriteTransaction<Configuration> confTx,
  82         Routers routers, BigInteger dpnId) {
  83         LOG.info("installSnatSpecificEntriesForNaptSwitch: called for router {}",
  84             routers.getRouterName());
  85         String routerName = routers.getRouterName();
  86         Long routerId = NatUtil.getVpnId(confTx, routerName);
  87         int elanId = NatUtil.getElanInstanceByName(confTx, routers.getNetworkId().getValue())
  88             .getElanTag().intValue();
  89         if (routerId == NatConstants.INVALID_ID) {
  90             LOG.error("InvalidRouterId: unable to installSnatSpecificEntriesForNaptSwitch on dpn {}", dpnId);
  91             return;
  92         }
  93         /* Install Outbound NAT entries */
  94
  95         addSnatMissEntryForPrimrySwch(confTx, dpnId, routerId, elanId);
  96         addTerminatingServiceTblEntry(confTx, dpnId, routerId, elanId);
  97
  98         String extGwMacAddress = NatUtil.getExtGwMacAddFromRouterName(confTx, routerName);
  99         addOutboundTblTrackEntry(confTx, dpnId, routerId, extGwMacAddress);
 100         for (ExternalIps externalIp : routers.getExternalIps()) {
 101             if (!NWUtil.isIpv4Address(externalIp.getIpAddress())) {
 102                 // In this class we handle only IPv4 use-cases.
 103                 continue;
 104             }
 105             //The logic now handle only one external IP per router, others if present will be ignored.
 106             long extSubnetId = NatUtil.getExternalSubnetVpnId(confTx, externalIp.getSubnetId());
 107             addOutboundTblEntry(confTx, dpnId, routerId, externalIp.getIpAddress(), elanId, extGwMacAddress);
 108             addNaptPfibFlow(confTx, routers, dpnId, routerId, extSubnetId);
 109
 110             //Install Inbound NAT entries
 111             addInboundEntry(confTx, dpnId, routerId, externalIp.getIpAddress(), elanId, extSubnetId);
 112             addNaptPfibEntry(confTx, dpnId, routerId);
 113
 114             String fibExternalIp = NatUtil.validateAndAddNetworkMask(externalIp.getIpAddress());
 115             Optional<Subnets> externalSubnet = NatUtil.getOptionalExternalSubnets(confTx, externalIp.getSubnetId());
 116             if (externalSubnet.isPresent()) {
 117                 String externalVpn =  externalIp.getSubnetId().getValue();
 118                 String vpnRd = NatUtil.getVpnRd(confTx, externalVpn);
 119                 vpnFootprintService.updateVpnToDpnMapping(dpnId, externalVpn, vpnRd, null /* interfaceName*/,
 120                     new ImmutablePair<>(IpAddresses.IpAddressSource.ExternalFixedIP, fibExternalIp),
 121                     true);
 122             }
 123             break;
 124         }
 125     }
 126
 127     @Override
 128     protected void removeSnatSpecificEntriesForNaptSwitch(TypedReadWriteTransaction<Configuration> confTx,
 129             Routers routers, BigInteger dpnId) throws ExecutionException, InterruptedException {
 130         LOG.info("installSnatSpecificEntriesForNaptSwitch: called for router {}",
 131             routers.getRouterName());
 132         String routerName = routers.getRouterName();
 133         Long routerId = NatUtil.getVpnId(confTx, routerName);
 134         if (routerId == NatConstants.INVALID_ID) {
 135             LOG.error("InvalidRouterId: unable to installSnatSpecificEntriesForNaptSwitch on dpn {}", dpnId);
 136             return;
 137         }
 138         /* Remove Outbound NAT entries */
 139
 140         removeSnatMissEntryForPrimrySwch(confTx, dpnId, routerId);
 141         removeTerminatingServiceTblEntry(confTx, dpnId, routerId);
 142
 143         removeOutboundTblTrackEntry(confTx, dpnId, routerId);
 144         for (ExternalIps externalIp : routers.getExternalIps()) {
 145             if (!NWUtil.isIpv4Address(externalIp.getIpAddress())) {
 146                 // In this class we handle only IPv4 use-cases.
 147                 continue;
 148             }
 149             //The logic now handle only one external IP per router, others if present will be ignored.
 150             removeOutboundTblEntry(confTx, dpnId, routerId);
 151             removeNaptPfibFlow(confTx, routers, dpnId, routerId);
 152
 153             //Install Inbound NAT entries
 154             removeInboundEntry(confTx, dpnId, routerId);
 155             removeNaptPfibEntry(confTx, dpnId, routerId);
 156
 157             String fibExternalIp = NatUtil.validateAndAddNetworkMask(externalIp.getIpAddress());
 158             Optional<Subnets> externalSubnet = NatUtil.getOptionalExternalSubnets(confTx, externalIp.getSubnetId());
 159             if (externalSubnet.isPresent()) {
 160                 String externalVpn =  externalIp.getSubnetId().getValue();
 161                 String vpnRd = NatUtil.getVpnRd(confTx, externalVpn);
 162                 vpnFootprintService.updateVpnToDpnMapping(dpnId, externalVpn, vpnRd, null /* interfaceName*/,
 163                     new ImmutablePair<>(IpAddresses.IpAddressSource.ExternalFixedIP, fibExternalIp),
 164                     false);
 165             }
 166             break;
 167         }
 168     }
 169
 170     @Override
 171     protected void addSnatSpecificEntriesForNonNaptSwitch(TypedReadWriteTransaction<Configuration> confTx,
 172         Routers routers, BigInteger dpnId) {
 173         // Nothing to to do here
 174     }
 175
 176     @Override
 177     protected void removeSnatSpecificEntriesForNonNaptSwitch(TypedReadWriteTransaction<Configuration> confTx,
 178         Routers routers, BigInteger dpnId) {
 179         // Nothing to to do here
 180     }
 181
 182     protected void addSnatMissEntryForPrimrySwch(TypedWriteTransaction<Configuration> confTx, BigInteger dpnId,
 183         Long routerId, int elanId) {
 184         LOG.info("installSnatSpecificEntriesForNaptSwitch : called for the primary NAPT switch dpnId {}", dpnId);
 185         List<MatchInfo> matches = new ArrayList<>();
 186         matches.add(MatchEthernetType.IPV4);
 187         matches.add(new MatchMetadata(MetaDataUtil.getVpnIdMetadata(routerId), MetaDataUtil.METADATA_MASK_VRFID));
 188         List<InstructionInfo> instructions = new ArrayList<>();
 189         List<ActionInfo> actionsInfos = new ArrayList<>();
 190         List<NxCtAction> ctActionsList = new ArrayList<>();
 191         NxCtAction nxCtAction = new ActionNxConntrack.NxNat(0, 0, 0,null, null,0, 0);
 192         ctActionsList.add(nxCtAction);
 193         ActionNxConntrack actionNxConntrack = new ActionNxConntrack(0, 0, elanId,
 194                 NwConstants.OUTBOUND_NAPT_TABLE,ctActionsList);
 195
 196         actionsInfos.add(actionNxConntrack);
 197         instructions.add(new InstructionApplyActions(actionsInfos));
 198
 199         String flowRef = getFlowRef(dpnId, NwConstants.PSNAT_TABLE, routerId);
 200         addFlow(confTx, dpnId, NwConstants.PSNAT_TABLE, flowRef, NatConstants.DEFAULT_PSNAT_FLOW_PRIORITY, flowRef,
 201                 NwConstants.COOKIE_SNAT_TABLE, matches, instructions);
 202     }
 203
 204     protected void removeSnatMissEntryForPrimrySwch(TypedReadWriteTransaction<Configuration> confTx, BigInteger dpnId,
 205             Long routerId) throws ExecutionException, InterruptedException {
 206         LOG.info("installSnatSpecificEntriesForNaptSwitch : called for the primary NAPT switch dpnId {}", dpnId);
 207
 208         String flowRef = getFlowRef(dpnId, NwConstants.PSNAT_TABLE, routerId);
 209         removeFlow(confTx, dpnId, NwConstants.PSNAT_TABLE, flowRef);
 210     }
 211
 212     protected void addTerminatingServiceTblEntry(TypedWriteTransaction<Configuration> confTx, BigInteger dpnId,
 213         Long routerId, int elanId) {
 214         LOG.info("installTerminatingServiceTblEntry : creating entry for Terminating Service Table "
 215                 + "for switch {}, routerId {}", dpnId, routerId);
 216         List<MatchInfo> matches = new ArrayList<>();
 217         matches.add(MatchEthernetType.IPV4);
 218         matches.add(new MatchTunnelId(BigInteger.valueOf(routerId)));
 219
 220         List<ActionInfo> actionsInfos = new ArrayList<>();
 221         List<NxCtAction> ctActionsList = new ArrayList<>();
 222         NxCtAction nxCtAction = new ActionNxConntrack.NxNat(0, 0, 0,null, null,0, 0);
 223         ctActionsList.add(nxCtAction);
 224         ActionNxConntrack actionNxConntrack = new ActionNxConntrack(0, 0, elanId, NwConstants
 225                 .OUTBOUND_NAPT_TABLE,ctActionsList);
 226         ActionNxLoadMetadata actionLoadMeta = new ActionNxLoadMetadata(MetaDataUtil
 227                 .getVpnIdMetadata(routerId), LOAD_START, LOAD_END);
 228         actionsInfos.add(actionLoadMeta);
 229         actionsInfos.add(actionNxConntrack);
 230         List<InstructionInfo> instructions = new ArrayList<>();
 231         instructions.add(new InstructionApplyActions(actionsInfos));
 232         String flowRef = getFlowRef(dpnId, NwConstants.INTERNAL_TUNNEL_TABLE, routerId);
 233         addFlow(confTx, dpnId, NwConstants.INTERNAL_TUNNEL_TABLE, flowRef, NatConstants.DEFAULT_TS_FLOW_PRIORITY,
 234             flowRef, NwConstants.COOKIE_SNAT_TABLE, matches, instructions);
 235     }
 236
 237     protected void removeTerminatingServiceTblEntry(TypedReadWriteTransaction<Configuration> confTx, BigInteger dpnId,
 238             Long routerId) throws ExecutionException, InterruptedException {
 239         LOG.info("installTerminatingServiceTblEntry : creating entry for Terminating Service Table "
 240             + "for switch {}, routerId {}", dpnId, routerId);
 241
 242         String flowRef = getFlowRef(dpnId, NwConstants.INTERNAL_TUNNEL_TABLE, routerId);
 243         removeFlow(confTx, dpnId,  NwConstants.INTERNAL_TUNNEL_TABLE, flowRef);
 244     }
 245
 246     protected void addOutboundTblTrackEntry(TypedWriteTransaction<Configuration> confTx, BigInteger dpnId,
 247         Long routerId, String extGwMacAddress) {
 248         LOG.info("createOutboundTblTrackEntry : called for switch {}, routerId {}", dpnId, routerId);
 249         List<MatchInfoBase> matches = new ArrayList<>();
 250         matches.add(MatchEthernetType.IPV4);
 251         matches.add(new NxMatchCtState(SNAT_CT_STATE, SNAT_CT_STATE_MASK));
 252         matches.add(new MatchMetadata(MetaDataUtil.getVpnIdMetadata(routerId), MetaDataUtil.METADATA_MASK_VRFID));
 253         ArrayList<ActionInfo> listActionInfo = new ArrayList<>();
 254         listActionInfo.add(new ActionSetFieldEthernetSource(new MacAddress(extGwMacAddress)));
 255         ArrayList<InstructionInfo> instructionInfo = new ArrayList<>();
 256         listActionInfo.add(new ActionNxResubmit(NwConstants.NAPT_PFIB_TABLE));
 257         instructionInfo.add(new InstructionApplyActions(listActionInfo));
 258
 259         String flowRef = getFlowRef(dpnId, NwConstants.OUTBOUND_NAPT_TABLE, routerId) + "trkest";
 260         addFlow(confTx, dpnId, NwConstants.OUTBOUND_NAPT_TABLE, flowRef, NatConstants.SNAT_TRK_FLOW_PRIORITY, flowRef,
 261                 NwConstants.COOKIE_SNAT_TABLE, matches, instructionInfo);
 262     }
 263
 264     protected void removeOutboundTblTrackEntry(TypedReadWriteTransaction<Configuration> confTx, BigInteger dpnId,
 265             Long routerId) throws ExecutionException, InterruptedException {
 266         LOG.info("createOutboundTblTrackEntry : called for switch {}, routerId {}", dpnId, routerId);
 267
 268         String flowRef = getFlowRef(dpnId, NwConstants.OUTBOUND_NAPT_TABLE, routerId) + "trkest";
 269         removeFlow(confTx, dpnId, NwConstants.OUTBOUND_NAPT_TABLE, flowRef);
 270     }
 271
 272     protected void addOutboundTblEntry(TypedWriteTransaction<Configuration> confTx, BigInteger dpnId, long routerId,
 273         String externalIp, int elanId, String extGwMacAddress) {
 274         LOG.info("createOutboundTblEntry : dpId {} and routerId {}", dpnId, routerId);
 275         List<MatchInfoBase> matches = new ArrayList<>();
 276         matches.add(MatchEthernetType.IPV4);
 277         matches.add(new NxMatchCtState(TRACKED_NEW_CT_STATE, TRACKED_NEW_CT_MASK));
 278         matches.add(new MatchMetadata(MetaDataUtil.getVpnIdMetadata(routerId), MetaDataUtil.METADATA_MASK_VRFID));
 279         List<ActionInfo> actionsInfos = new ArrayList<>();
 280         actionsInfos.add(new ActionSetFieldEthernetSource(new MacAddress(extGwMacAddress)));
 281         List<NxCtAction> ctActionsListCommit = new ArrayList<>();
 282         int rangePresent = NxActionNatRangePresent.NXNATRANGEIPV4MIN.getIntValue();
 283         int flags = NxActionNatFlags.NXNATFSRC.getIntValue();
 284         NxCtAction nxCtActionCommit = new ActionNxConntrack.NxNat(0, flags, rangePresent,
 285             IpPrefixOrAddressBuilder.getDefaultInstance(externalIp).getIpAddress(), null,0, 0);
 286         ctActionsListCommit.add(nxCtActionCommit);
 287         int ctCommitFlag = 1;
 288         ActionNxConntrack actionNxConntrackSubmit = new ActionNxConntrack(ctCommitFlag, 0, elanId,
 289             NwConstants.NAPT_PFIB_TABLE, ctActionsListCommit);
 290         actionsInfos.add(actionNxConntrackSubmit);
 291         List<InstructionInfo> instructions = new ArrayList<>();
 292         instructions.add(new InstructionApplyActions(actionsInfos));
 293         String flowRef = getFlowRef(dpnId, NwConstants.OUTBOUND_NAPT_TABLE, routerId);
 294         addFlow(confTx, dpnId, NwConstants.OUTBOUND_NAPT_TABLE, flowRef,  NatConstants.SNAT_NEW_FLOW_PRIORITY,
 295             flowRef, NwConstants.COOKIE_SNAT_TABLE, matches, instructions);
 296     }
 297
 298     protected void removeOutboundTblEntry(TypedReadWriteTransaction<Configuration> confTx, BigInteger dpnId,
 299             long routerId) throws ExecutionException, InterruptedException {
 300         LOG.info("createOutboundTblEntry : dpId {} and routerId {}", dpnId, routerId);
 301         String flowRef = getFlowRef(dpnId, NwConstants.OUTBOUND_NAPT_TABLE, routerId);
 302         removeFlow(confTx, dpnId, NwConstants.OUTBOUND_NAPT_TABLE, flowRef);
 303     }
 304
 305     protected void addNaptPfibFlow(TypedReadWriteTransaction<Configuration> confTx, Routers routers, BigInteger dpnId,
 306         long routerId, long extSubnetId) {
 307         Long extNetId = NatUtil.getVpnId(confTx, routers.getNetworkId().getValue());
 308         LOG.info("installNaptPfibFlow : dpId {}, extNetId {}", dpnId, extNetId);
 309         List<MatchInfoBase> matches = new ArrayList<>();
 310         matches.add(MatchEthernetType.IPV4);
 311         matches.add(new NxMatchCtState(SNAT_CT_STATE, SNAT_CT_STATE_MASK));
 312         matches.add(new MatchMetadata(MetaDataUtil.getVpnIdMetadata(routerId), MetaDataUtil.METADATA_MASK_VRFID));
 313         List<ActionInfo> listActionInfo = new ArrayList<>();
 314         if (extSubnetId == NatConstants.INVALID_ID) {
 315             LOG.error("installNaptPfibFlow : external subnet id is invalid.");
 316             return;
 317         }
 318         ActionNxLoadMetadata actionLoadMeta = new ActionNxLoadMetadata(MetaDataUtil
 319             .getVpnIdMetadata(extSubnetId), LOAD_START, LOAD_END);
 320         listActionInfo.add(actionLoadMeta);
 321         listActionInfo.add(new ActionNxLoadInPort(BigInteger.ZERO));
 322         listActionInfo.add(new ActionNxCtClear());
 323         listActionInfo.add(new ActionNxResubmit(NwConstants.L3_FIB_TABLE));
 324         ArrayList<InstructionInfo> instructions = new ArrayList<>();
 325         instructions.add(new InstructionApplyActions(listActionInfo));
 326         String flowRef = getFlowRef(dpnId, NwConstants.NAPT_PFIB_TABLE, routerId);
 327         flowRef = flowRef + "OUTBOUND";
 328         addFlow(confTx, dpnId, NwConstants.NAPT_PFIB_TABLE, flowRef, NatConstants.SNAT_TRK_FLOW_PRIORITY,
 329             flowRef, NwConstants.COOKIE_SNAT_TABLE, matches, instructions);
 330     }
 331
 332     protected void removeNaptPfibFlow(TypedReadWriteTransaction<Configuration> confTx, Routers routers,
 333             BigInteger dpnId, long routerId) throws ExecutionException, InterruptedException {
 334         Long extNetId = NatUtil.getVpnId(confTx, routers.getNetworkId().getValue());
 335         LOG.info("installNaptPfibFlow : dpId {}, extNetId {}", dpnId, extNetId);
 336         String flowRef = getFlowRef(dpnId, NwConstants.NAPT_PFIB_TABLE, routerId) + "OUTBOUND";
 337         removeFlow(confTx, dpnId, NwConstants.NAPT_PFIB_TABLE, flowRef);
 338     }
 339
 340     protected void addInboundEntry(TypedWriteTransaction<Configuration> confTx, BigInteger dpnId, long routerId,
 341         String externalIp, int elanId, long extSubnetId) {
 342         LOG.info("installInboundEntry : dpId {} and routerId {}", dpnId, routerId);
 343         List<MatchInfoBase> matches = new ArrayList<>();
 344         matches.add(MatchEthernetType.IPV4);
 345         matches.add(new MatchIpv4Destination(externalIp,"32"));
 346         if (extSubnetId == NatConstants.INVALID_ID) {
 347             LOG.error("installInboundEntry : external subnet id is invalid.");
 348             return;
 349         }
 350         matches.add(new MatchMetadata(MetaDataUtil.getVpnIdMetadata(extSubnetId),
 351             MetaDataUtil.METADATA_MASK_VRFID));
 352         List<ActionInfo> actionsInfos = new ArrayList<>();
 353         List<NxCtAction> ctActionsList = new ArrayList<>();
 354         NxCtAction nxCtAction = new ActionNxConntrack.NxNat(0, 0, 0,null, null,0, 0);
 355         ActionNxLoadMetadata actionLoadMeta = new ActionNxLoadMetadata(MetaDataUtil
 356             .getVpnIdMetadata(routerId), LOAD_START, LOAD_END);
 357         actionsInfos.add(actionLoadMeta);
 358         ctActionsList.add(nxCtAction);
 359         ActionNxConntrack actionNxConntrack = new ActionNxConntrack(0, 0, elanId, NwConstants
 360             .NAPT_PFIB_TABLE,ctActionsList);
 361
 362         actionsInfos.add(actionNxConntrack);
 363         List<InstructionInfo> instructions = new ArrayList<>();
 364         instructions.add(new InstructionApplyActions(actionsInfos));
 365         String flowRef = getFlowRef(dpnId, NwConstants.INBOUND_NAPT_TABLE, routerId);
 366         flowRef = flowRef + "OUTBOUND";
 367         addFlow(confTx, dpnId, NwConstants.INBOUND_NAPT_TABLE, flowRef, NatConstants.DEFAULT_TS_FLOW_PRIORITY, flowRef,
 368             NwConstants.COOKIE_SNAT_TABLE, matches, instructions);
 369     }
 370
 371     protected void removeInboundEntry(TypedReadWriteTransaction<Configuration> confTx, BigInteger dpnId,
 372             long routerId) throws ExecutionException, InterruptedException {
 373         LOG.info("installInboundEntry : dpId {} and routerId {}", dpnId, routerId);
 374
 375         String flowRef = getFlowRef(dpnId, NwConstants.INBOUND_NAPT_TABLE, routerId) + "OUTBOUND";
 376         removeFlow(confTx, dpnId, NwConstants.INBOUND_NAPT_TABLE, flowRef);
 377     }
 378
 379     protected void addNaptPfibEntry(TypedWriteTransaction<Configuration> confTx, BigInteger dpnId, long routerId) {
 380         LOG.info("installNaptPfibEntry : called for dpnId {} and routerId {} ", dpnId, routerId);
 381         List<MatchInfoBase> matches = new ArrayList<>();
 382         matches.add(MatchEthernetType.IPV4);
 383         matches.add(new NxMatchCtState(DNAT_CT_STATE, DNAT_CT_STATE_MASK));
 384         matches.add(new MatchMetadata(MetaDataUtil.getVpnIdMetadata(routerId), MetaDataUtil.METADATA_MASK_VRFID));
 385
 386         ArrayList<ActionInfo> listActionInfo = new ArrayList<>();
 387         ArrayList<InstructionInfo> instructionInfo = new ArrayList<>();
 388         listActionInfo.add(new ActionNxLoadInPort(BigInteger.ZERO));
 389         listActionInfo.add(new ActionNxResubmit(NwConstants.L3_FIB_TABLE));
 390         instructionInfo.add(new InstructionApplyActions(listActionInfo));
 391
 392         String flowRef = getFlowRef(dpnId, NwConstants.NAPT_PFIB_TABLE, routerId) + "INBOUND";
 393         addFlow(confTx, dpnId, NwConstants.NAPT_PFIB_TABLE, flowRef, NatConstants.DEFAULT_PSNAT_FLOW_PRIORITY, flowRef,
 394             NwConstants.COOKIE_SNAT_TABLE, matches, instructionInfo);
 395     }
 396
 397     protected void removeNaptPfibEntry(TypedReadWriteTransaction<Configuration> confTx, BigInteger dpnId,
 398             long routerId) throws ExecutionException, InterruptedException {
 399         LOG.info("installNaptPfibEntry : called for dpnId {} and routerId {} ", dpnId, routerId);
 400         String flowRef = getFlowRef(dpnId, NwConstants.NAPT_PFIB_TABLE, routerId) + "INBOUND";
 401         removeFlow(confTx, dpnId, NwConstants.NAPT_PFIB_TABLE, flowRef);
 402     }
 403 }