2 * Copyright © 2017 Ericsson India Global Services Pvt Ltd. and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
8 package org.opendaylight.netvirt.natservice.internal;
10 import java.math.BigInteger;
11 import java.util.ArrayList;
12 import java.util.Collections;
13 import java.util.List;
15 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
16 import org.opendaylight.controller.md.sal.binding.api.WriteTransaction;
17 import org.opendaylight.genius.mdsalutil.ActionInfo;
18 import org.opendaylight.genius.mdsalutil.BucketInfo;
19 import org.opendaylight.genius.mdsalutil.GroupEntity;
20 import org.opendaylight.genius.mdsalutil.InstructionInfo;
21 import org.opendaylight.genius.mdsalutil.MDSALUtil;
22 import org.opendaylight.genius.mdsalutil.MatchInfo;
23 import org.opendaylight.genius.mdsalutil.MatchInfoBase;
24 import org.opendaylight.genius.mdsalutil.MetaDataUtil;
25 import org.opendaylight.genius.mdsalutil.NwConstants;
26 import org.opendaylight.genius.mdsalutil.actions.ActionGroup;
27 import org.opendaylight.genius.mdsalutil.actions.ActionNxConntrack;
28 import org.opendaylight.genius.mdsalutil.actions.ActionNxConntrack.NxCtAction;
29 import org.opendaylight.genius.mdsalutil.actions.ActionNxLoadInPort;
30 import org.opendaylight.genius.mdsalutil.actions.ActionNxResubmit;
31 import org.opendaylight.genius.mdsalutil.actions.ActionSetFieldMeta;
32 import org.opendaylight.genius.mdsalutil.actions.ActionSetFieldTunnelId;
33 import org.opendaylight.genius.mdsalutil.instructions.InstructionApplyActions;
34 import org.opendaylight.genius.mdsalutil.interfaces.IMdsalApiManager;
35 import org.opendaylight.genius.mdsalutil.matches.MatchEthernetType;
36 import org.opendaylight.genius.mdsalutil.matches.MatchIpv4Destination;
37 import org.opendaylight.genius.mdsalutil.matches.MatchMetadata;
38 import org.opendaylight.genius.mdsalutil.matches.MatchTunnelId;
39 import org.opendaylight.genius.mdsalutil.nxmatches.NxMatchCtState;
40 import org.opendaylight.netvirt.elanmanager.api.IElanService;
41 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.Uuid;
42 import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.idmanager.rev160406.IdManagerService;
43 import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.rpcs.rev160406.OdlInterfaceRpcService;
44 import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.itm.rpcs.rev160406.ItmRpcService;
45 import org.opendaylight.yang.gen.v1.urn.opendaylight.group.types.rev131018.GroupTypes;
46 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.natservice.rev160111.ProviderTypes;
47 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.natservice.rev160111.ext.routers.Routers;
48 import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.natservice.rev160111.ext.routers.routers.ExternalIps;
49 import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.types.rev160517.IpPrefixOrAddress;
50 import org.opendaylight.yang.gen.v1.urn.opendaylight.openflowjava.nx.action.rev140421.NxActionNatFlags;
51 import org.opendaylight.yang.gen.v1.urn.opendaylight.openflowjava.nx.action.rev140421.NxActionNatRangePresent;
52 import org.slf4j.Logger;
53 import org.slf4j.LoggerFactory;
55 public class VxlanGreConntrackBasedSnatService extends ConntrackBasedSnatService {
57 private static final Logger LOG = LoggerFactory.getLogger(VxlanGreConntrackBasedSnatService.class);
58 private final ExternalRoutersListener externalRouterListener;
59 private final IElanService elanManager;
61 public VxlanGreConntrackBasedSnatService(DataBroker dataBroker, IMdsalApiManager mdsalManager,
62 ItmRpcService itmManager, OdlInterfaceRpcService interfaceManager, IdManagerService idManager,
63 NAPTSwitchSelector naptSwitchSelector,
64 ExternalRoutersListener externalRouterListener, IElanService elanManager) {
65 super(dataBroker, mdsalManager, itmManager, interfaceManager, idManager, naptSwitchSelector);
66 this.externalRouterListener = externalRouterListener;
67 this.elanManager = elanManager;
71 public boolean handleSnatAllSwitch(Routers routers, BigInteger primarySwitchId, int addOrRemove) {
72 ProviderTypes extNwProviderType = NatUtil.getProviderTypefromNetworkId(dataBroker, routers.getNetworkId());
73 LOG.debug("VxlanGreConntrackBasedSnatService: handleSnatAllSwitch ProviderTypes {}", extNwProviderType);
74 if (extNwProviderType == ProviderTypes.FLAT || extNwProviderType == ProviderTypes.VLAN) {
77 return super.handleSnatAllSwitch(routers, primarySwitchId, addOrRemove);
81 public boolean handleSnat(Routers routers, BigInteger primarySwitchId, BigInteger dpnId, int addOrRemove) {
82 ProviderTypes extNwProviderType = NatUtil.getProviderTypefromNetworkId(dataBroker, routers.getNetworkId());
83 LOG.debug("VxlanGreConntrackBasedSnatService: handleSnat ProviderTypes {}", extNwProviderType);
84 if (extNwProviderType == ProviderTypes.FLAT || extNwProviderType == ProviderTypes.VLAN) {
87 return super.handleSnat(routers, primarySwitchId, dpnId, addOrRemove);
91 protected void installSnatSpecificEntriesForNaptSwitch(Routers routers, BigInteger dpnId, int addOrRemove) {
92 LOG.info("installSnatSpecificEntriesForNaptSwitch for router {}",
93 routers.getRouterName());
94 String routerName = routers.getRouterName();
95 Long routerId = NatUtil.getVpnId(dataBroker, routerName);
96 int elanId = NatUtil.getElanInstanceByName(routers.getNetworkId().getValue(), dataBroker)
97 .getElanTag().intValue();
98 /* Install Outbound NAT entries */
100 installSnatMissEntryForPrimrySwch(dpnId, routerId, elanId, addOrRemove);
101 installTerminatingServiceTblEntryForVxlanGre(dpnId, routerName, routerId, elanId, addOrRemove);
102 //Long extNetVpnId = NatUtil.getNetworkVpnIdFromRouterId(dataBroker, routerId);
103 Uuid vpnUuid = NatUtil.getVpnIdfromNetworkId(dataBroker, routers.getNetworkId());
104 if (vpnUuid == null) {
105 LOG.error("installSnatSpecificEntriesForNaptSwitch: Unable to retrieve external vpn_id for "
106 + "external network {} with routerId {}", routers.getNetworkId(), routerId);
109 Long extNetVpnId = NatUtil.getVpnId(dataBroker, vpnUuid.getValue());
110 /*//Long extNetVpnId = NatUtil.getAssociatedVPN(dataBroker, routers.getNetworkId(), LOG);
111 if (extNetVpnId == NatConstants.INVALID_ID && addOrRemove == NwConstants.ADD_FLOW) {
112 LOG.error("installSnatSpecificEntriesForNaptSwitch: Unable to retrieve external vpn_id for "
113 + "external network {} with routerId {}", routers.getNetworkId(), routerId);
116 LOG.info("installSnatSpecificEntriesForNaptSwitch: external network vpn_id {} for router {}",
117 extNetVpnId, routers.getRouterName());
118 List<ExternalIps> externalIps = routers.getExternalIps();
119 createOutboundTblTrackEntryForVxlanGre(dpnId, routerId, extNetVpnId, addOrRemove);
120 createOutboundTblEntryForVxlanGre(dpnId, routerId, extNetVpnId, externalIps, elanId, addOrRemove);
121 installNaptPfibFlowForVxlanGre(routers, dpnId, extNetVpnId, addOrRemove);
122 installNaptPfibEntry(dpnId, routerId, addOrRemove);
124 //Install Inbound NAT entries
125 installInboundEntryForVxlanGre(dpnId, routerId, extNetVpnId, externalIps, elanId, addOrRemove);
126 if (externalIps.isEmpty()) {
127 LOG.error("installSnatSpecificEntriesForNaptSwitch: No externalIP present for router {}",
131 //The logic now handle only one external IP per router, others if present will be ignored.
132 String externalIp = externalIps.get(0).getIpAddress();
133 externalIp = NatUtil.validateAndAddNetworkMask(externalIp);
134 WriteTransaction writeFlowInvTx = dataBroker.newWriteOnlyTransaction();
135 if (addOrRemove == NwConstants.ADD_FLOW) {
136 externalRouterListener.handleSnatReverseTraffic(dpnId, routers, routerId, routerName, externalIp,
139 externalRouterListener.clearFibTsAndReverseTraffic(dpnId, routerId, routers.getNetworkId(),
140 Collections.singletonList(externalIp), null, routers.getExtGwMacAddress(), writeFlowInvTx);
144 protected void createOutboundTblTrackEntryForVxlanGre(BigInteger dpnId, Long routerId, Long extNetVpnId,
146 LOG.info("createOutboundTblTrackEntryForVxlanGre: Install Outbound tracking table flow on dpId {} for "
147 + "routerId {}", dpnId, routerId);
148 List<MatchInfoBase> matches = new ArrayList<>();
149 matches.add(MatchEthernetType.IPV4);
150 matches.add(new NxMatchCtState(SNAT_CT_STATE, SNAT_CT_STATE_MASK));
151 matches.add(new MatchMetadata(MetaDataUtil.getVpnIdMetadata(routerId), MetaDataUtil.METADATA_MASK_VRFID));
153 ArrayList<ActionInfo> listActionInfo = new ArrayList<>();
154 if (addOrRemove == NwConstants.ADD_FLOW) {
155 ActionSetFieldMeta actionSetFieldMeta = new ActionSetFieldMeta(MetaDataUtil
156 .getVpnIdMetadata(extNetVpnId));
157 listActionInfo.add(actionSetFieldMeta);
159 ArrayList<InstructionInfo> instructionInfo = new ArrayList<>();
160 listActionInfo.add(new ActionNxResubmit(NwConstants.NAPT_PFIB_TABLE));
161 instructionInfo.add(new InstructionApplyActions(listActionInfo));
163 String flowRef = getFlowRef(dpnId, NwConstants.OUTBOUND_NAPT_TABLE, routerId);
165 syncFlow(dpnId, NwConstants.OUTBOUND_NAPT_TABLE, flowRef, NatConstants.SNAT_TRK_FLOW_PRIORITY, flowRef,
166 NwConstants.COOKIE_SNAT_TABLE, matches, instructionInfo, addOrRemove);
170 protected void createOutboundTblEntryForVxlanGre(BigInteger dpnId, long routerId, Long extNetVpnId,
171 List<ExternalIps> externalIps, int elanId, int addOrRemove) {
172 LOG.info("createOutboundTblEntryForVxlanGre: Install Outbound table flow on dpId {} for routerId {}", dpnId,
174 List<MatchInfoBase> matches = new ArrayList<>();
175 matches.add(MatchEthernetType.IPV4);
176 matches.add(new NxMatchCtState(TRACKED_NEW_CT_STATE, TRACKED_NEW_CT_MASK));
177 matches.add(new MatchMetadata(MetaDataUtil.getVpnIdMetadata(routerId), MetaDataUtil.METADATA_MASK_VRFID));
178 if (externalIps.isEmpty()) {
179 LOG.error("createOutboundTblEntryForVxlanGre: No externalIP present for routerId {}",
183 //The logic now handle only one external IP per router, others if present will be ignored.
184 String externalIp = externalIps.get(0).getIpAddress();
185 List<ActionInfo> actionsInfos = new ArrayList<>();
186 if (addOrRemove == NwConstants.ADD_FLOW) {
187 ActionSetFieldMeta actionSetFieldMeta = new ActionSetFieldMeta(MetaDataUtil
188 .getVpnIdMetadata(extNetVpnId));
189 actionsInfos.add(actionSetFieldMeta);
191 List<ActionNxConntrack.NxCtAction> ctActionsListCommit = new ArrayList<>();
192 int rangePresent = NxActionNatRangePresent.NXNATRANGEIPV4MIN.getIntValue();
193 int flags = NxActionNatFlags.NXNATFSRC.getIntValue();
194 ActionNxConntrack.NxCtAction nxCtActionCommit = new ActionNxConntrack.NxNat(0, flags, rangePresent,
195 new IpPrefixOrAddress(externalIp.toCharArray()).getIpAddress(),
197 ctActionsListCommit.add(nxCtActionCommit);
198 int ctCommitFlag = 1;
199 ActionNxConntrack actionNxConntrackSubmit = new ActionNxConntrack(ctCommitFlag, 0, elanId,
200 NwConstants.NAPT_PFIB_TABLE, ctActionsListCommit);
201 actionsInfos.add(actionNxConntrackSubmit);
202 List<InstructionInfo> instructions = new ArrayList<>();
203 instructions.add(new InstructionApplyActions(actionsInfos));
204 String flowRef = getFlowRef(dpnId, NwConstants.OUTBOUND_NAPT_TABLE, routerId);
205 syncFlow(dpnId, NwConstants.OUTBOUND_NAPT_TABLE, flowRef, NatConstants.SNAT_NEW_FLOW_PRIORITY,
206 flowRef, NwConstants.COOKIE_SNAT_TABLE, matches, instructions, addOrRemove);
209 protected void installNaptPfibFlowForVxlanGre(Routers routers, BigInteger dpnId, Long extNetVpnId,
211 LOG.info("installNaptPfibFlowForVxlanGre: Install Napt preFibFlow on dpId {} with matching extNetVpnId {} "
212 + "for router {}", dpnId, extNetVpnId, routers.getRouterName());
213 List<MatchInfoBase> matches = new ArrayList<>();
214 matches.add(MatchEthernetType.IPV4);
215 if (addOrRemove == NwConstants.ADD_FLOW) {
216 matches.add(new MatchMetadata(MetaDataUtil.getVpnIdMetadata(extNetVpnId),
217 MetaDataUtil.METADATA_MASK_VRFID));
219 ArrayList<ActionInfo> listActionInfo = new ArrayList<>();
220 ArrayList<InstructionInfo> instructions = new ArrayList<>();
221 listActionInfo.add(new ActionNxLoadInPort(BigInteger.ZERO));
222 listActionInfo.add(new ActionNxResubmit(NwConstants.L3_FIB_TABLE));
223 instructions.add(new InstructionApplyActions(listActionInfo));
224 String flowRef = getFlowRef(dpnId, NwConstants.NAPT_PFIB_TABLE, extNetVpnId);
225 syncFlow(dpnId, NwConstants.NAPT_PFIB_TABLE, flowRef, NatConstants.SNAT_TRK_FLOW_PRIORITY,
226 flowRef, NwConstants.COOKIE_SNAT_TABLE, matches, instructions, addOrRemove);
229 protected void installInboundEntryForVxlanGre(BigInteger dpnId, long routerId, Long extNeVpnId,
230 List<ExternalIps> externalIps, int elanId, int addOrRemove) {
231 LOG.info("installInboundEntryForVxlanGre: Install Inbound table entry on dpId {} for routerId {}",
233 List<MatchInfoBase> matches = new ArrayList<>();
234 matches.add(MatchEthernetType.IPV4);
235 if (externalIps.isEmpty()) {
236 LOG.error("installInboundEntryForVxlanGre : createInboundTblEntry no externalIP present for routerId {}",
240 String externalIp = externalIps.get(0).getIpAddress();
241 matches.add(new MatchIpv4Destination(externalIp,"32"));
242 if (addOrRemove == NwConstants.ADD_FLOW) {
243 matches.add(new MatchMetadata(MetaDataUtil.getVpnIdMetadata(extNeVpnId),
244 MetaDataUtil.METADATA_MASK_VRFID));
246 List<ActionInfo> actionsInfos = new ArrayList<>();
247 List<ActionNxConntrack.NxCtAction> ctActionsList = new ArrayList<>();
248 ActionNxConntrack.NxCtAction nxCtAction = new ActionNxConntrack.NxNat(0, 0, 0,null, null,0, 0);
249 ActionSetFieldMeta actionSetFieldMeta = new ActionSetFieldMeta(MetaDataUtil
250 .getVpnIdMetadata(routerId));
251 actionsInfos.add(actionSetFieldMeta);
252 ctActionsList.add(nxCtAction);
253 ActionNxConntrack actionNxConntrack = new ActionNxConntrack(0, 0, elanId, NwConstants
254 .NAPT_PFIB_TABLE,ctActionsList);
256 actionsInfos.add(actionNxConntrack);
257 List<InstructionInfo> instructions = new ArrayList<>();
258 instructions.add(new InstructionApplyActions(actionsInfos));
259 String flowRef = getFlowRef(dpnId, NwConstants.INBOUND_NAPT_TABLE, routerId);
260 syncFlow(dpnId, NwConstants.INBOUND_NAPT_TABLE, flowRef, NatConstants.DEFAULT_TS_FLOW_PRIORITY, flowRef,
261 NwConstants.COOKIE_SNAT_TABLE, matches, instructions, addOrRemove);
264 protected void installTerminatingServiceTblEntryForVxlanGre(BigInteger dpnId, String routerName,
265 Long routerId, int elanId, int addOrRemove) {
266 LOG.info("installTerminatingServiceTblEntryForVxlanGre : creating entry for"
267 + "Terminating Service Table for switch {}, routerId {}", dpnId, routerId);
268 List<MatchInfo> matches = new ArrayList<>();
269 matches.add(MatchEthernetType.IPV4);
271 BigInteger tunnelId = BigInteger.valueOf(routerId);
272 if (elanManager.isOpenStackVniSemanticsEnforced()) {
273 tunnelId = NatOverVxlanUtil.getRouterVni(idManager, routerName, routerId);
275 matches.add(new MatchTunnelId(tunnelId));
277 List<ActionInfo> actionsInfos = new ArrayList<>();
278 List<NxCtAction> ctActionsList = new ArrayList<>();
279 NxCtAction nxCtAction = new ActionNxConntrack.NxNat(0, 0, 0,null, null,0, 0);
280 ctActionsList.add(nxCtAction);
281 ActionNxConntrack actionNxConntrack = new ActionNxConntrack(0, 0, elanId, NwConstants
282 .OUTBOUND_NAPT_TABLE,ctActionsList);
283 ActionSetFieldMeta actionSetFieldMeta = new ActionSetFieldMeta(MetaDataUtil
284 .getVpnIdMetadata(routerId.longValue()));
285 actionsInfos.add(actionSetFieldMeta);
286 actionsInfos.add(actionNxConntrack);
287 List<InstructionInfo> instructions = new ArrayList<>();
288 instructions.add(new InstructionApplyActions(actionsInfos));
289 String flowRef = getFlowRef(dpnId, NwConstants.INTERNAL_TUNNEL_TABLE, routerId.longValue());
290 syncFlow(dpnId, NwConstants.INTERNAL_TUNNEL_TABLE, flowRef, NatConstants.DEFAULT_TS_FLOW_PRIORITY, flowRef,
291 NwConstants.COOKIE_SNAT_TABLE, matches, instructions, addOrRemove);
295 protected void installSnatMissEntry(BigInteger dpnId, Long routerId, String routerName, BigInteger primarySwitchId,
297 LOG.debug("installSnatMissEntry : Installing SNAT miss entry in switch {}", dpnId);
298 List<ActionInfo> listActionInfoPrimary = new ArrayList<>();
299 String ifNamePrimary = getTunnelInterfaceName(dpnId, primarySwitchId);
300 List<BucketInfo> listBucketInfo = new ArrayList<>();
301 if (ifNamePrimary != null) {
302 LOG.debug("installSnatMissEntry : On Non- Napt switch , Primary Tunnel interface is {}", ifNamePrimary);
303 listActionInfoPrimary = NatUtil.getEgressActionsForInterface(interfaceManager, ifNamePrimary, routerId);
305 BucketInfo bucketPrimary = new BucketInfo(listActionInfoPrimary);
306 listBucketInfo.add(0, bucketPrimary);
307 LOG.debug("installSnatMissEntry : installSnatMissEntry called for dpnId {} with primaryBucket {} ", dpnId,
308 listBucketInfo.get(0));
309 // Install the select group
310 long groupId = createGroupId(getGroupIdKey(routerName));
311 GroupEntity groupEntity = MDSALUtil.buildGroupEntity(dpnId, groupId, routerName, GroupTypes.GroupAll,
313 LOG.debug("installSnatMissEntry : installing the SNAT to NAPT GroupEntity:{}", groupEntity);
314 mdsalManager.installGroup(groupEntity);
315 // Install miss entry pointing to group
316 LOG.debug("installSnatMissEntry : buildSnatFlowEntity is called for dpId {}, routerName {} and groupId {}",
317 dpnId, routerName, groupId);
318 List<MatchInfo> matches = new ArrayList<>();
319 matches.add(new MatchEthernetType(0x0800L));
320 matches.add(new MatchMetadata(MetaDataUtil.getVpnIdMetadata(routerId), MetaDataUtil.METADATA_MASK_VRFID));
322 List<ActionInfo> actionsInfo = new ArrayList<>();
324 BigInteger tunnelId = BigInteger.valueOf(routerId);
325 if (elanManager.isOpenStackVniSemanticsEnforced()) {
326 tunnelId = NatOverVxlanUtil.getRouterVni(idManager, routerName, routerId);
329 actionsInfo.add(new ActionSetFieldTunnelId(tunnelId));
330 LOG.debug("AbstractSnatService : Setting the tunnel to the list of action infos {}", actionsInfo);
331 actionsInfo.add(new ActionGroup(groupId));
332 List<InstructionInfo> instructions = new ArrayList<>();
333 instructions.add(new InstructionApplyActions(actionsInfo));
334 String flowRef = getFlowRef(dpnId, NwConstants.PSNAT_TABLE, routerId);
335 syncFlow(dpnId, NwConstants.PSNAT_TABLE, flowRef, NatConstants.DEFAULT_PSNAT_FLOW_PRIORITY, flowRef,
336 NwConstants.COOKIE_SNAT_TABLE, matches, instructions, addOrRemove);