2 * Copyright (c) 2014 Cisco Systems, Inc. and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
9 package org.opendaylight.groupbasedpolicy.neutron.mapper.infrastructure;
11 import java.util.ArrayList;
12 import java.util.HashSet;
13 import java.util.List;
16 import javax.annotation.Nullable;
18 import org.opendaylight.controller.md.sal.binding.api.WriteTransaction;
19 import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
20 import org.opendaylight.groupbasedpolicy.api.sf.EtherTypeClassifierDefinition;
21 import org.opendaylight.groupbasedpolicy.api.sf.IpProtoClassifierDefinition;
22 import org.opendaylight.groupbasedpolicy.api.sf.L4ClassifierDefinition;
23 import org.opendaylight.groupbasedpolicy.neutron.mapper.util.MappingUtils;
24 import org.opendaylight.groupbasedpolicy.neutron.mapper.util.Utils;
25 import org.opendaylight.groupbasedpolicy.util.IidFactory;
26 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev100924.IpPrefix;
27 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ClassifierName;
28 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ClauseName;
29 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ContractId;
30 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.Description;
31 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.EndpointGroupId;
32 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.Name;
33 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ParameterName;
34 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.RuleName;
35 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.SelectorName;
36 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.SubjectName;
37 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.TenantId;
38 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.HasDirection.Direction;
39 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.classifier.refs.ClassifierRef;
40 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.classifier.refs.ClassifierRefBuilder;
41 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.endpoint.identification.constraints.EndpointIdentificationConstraintsBuilder;
42 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.endpoint.identification.constraints.endpoint.identification.constraints.L3EndpointIdentificationConstraints;
43 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.endpoint.identification.constraints.endpoint.identification.constraints.L3EndpointIdentificationConstraintsBuilder;
44 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.endpoint.identification.constraints.endpoint.identification.constraints.l3.endpoint.identification.constraints.PrefixConstraintBuilder;
45 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.subject.feature.instance.ParameterValue;
46 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.subject.feature.instance.ParameterValueBuilder;
47 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.Contract;
48 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.ContractBuilder;
49 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.EndpointGroup;
50 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.EndpointGroup.IntraGroupPolicy;
51 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.EndpointGroupBuilder;
52 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.contract.Clause;
53 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.contract.ClauseBuilder;
54 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.contract.Subject;
55 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.contract.SubjectBuilder;
56 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.contract.clause.ConsumerMatchers;
57 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.contract.clause.ConsumerMatchersBuilder;
58 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.contract.clause.ProviderMatchers;
59 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.contract.clause.ProviderMatchersBuilder;
60 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.contract.subject.Rule;
61 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.contract.subject.RuleBuilder;
62 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.endpoint.group.ConsumerNamedSelector;
63 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.endpoint.group.ConsumerNamedSelectorBuilder;
64 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.endpoint.group.ProviderNamedSelector;
65 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.endpoint.group.ProviderNamedSelectorBuilder;
66 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.subject.feature.instances.ClassifierInstance;
67 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.subject.feature.instances.ClassifierInstanceBuilder;
69 import com.google.common.collect.ImmutableList;
71 public class NetworkService {
74 * Unit tests {@link NetworkServiceTest}
77 private static final long DHCP_IPV4_SERVER_PORT = 67;
78 private static final long DHCP_IPV4_CLIENT_PORT = 68;
79 private static final long DHCP_IPV6_SERVER_PORT = 547;
80 private static final long DHCP_IPV6_CLIENT_PORT = 546;
81 private static final ClassifierName DHCP_IPV4_CLIENT_SERVER_NAME =
82 new ClassifierName("DHCP_IPv4_FROM_CLIENT_TO_SERVER");
83 private static final ClassifierName DHCP_IPV4_SERVER_CLIENT_NAME =
84 new ClassifierName("DHCP_IPv4_FROM_SERVER_TO_CLIENT");
85 private static final ClassifierName DHCP_IPV6_CLIENT_SERVER_NAME =
86 new ClassifierName("DHCP_IPv6_FROM_CLIENT_TO_SERVER");
87 private static final ClassifierName DHCP_IPV6_SERVER_CLIENT_NAME =
88 new ClassifierName("DHCP_IPv6_FROM_SERVER_TO_CLIENT");
89 private static final SubjectName DHCP_SUBJECT_NAME = new SubjectName("ALLOW_DHCP");
90 private static final Description DHCP_CONTRACT_DESC =
91 new Description("Allow DHCP communication between client and server.");
94 * Id of {@link #DHCP_CONTRACT}
96 public static final ContractId DHCP_CONTRACT_ID = new ContractId("11118d2e-dddd-11e5-885d-feff819cdc9f");
98 * Contains rules with action {@link MappingUtils#ACTION_REF_ALLOW} matching DHCP communication
99 * between Client and Server.
101 public static final Contract DHCP_CONTRACT;
103 * {@link ConsumerNamedSelector} pointing to {@link #DHCP_CONTRACT}
105 public static final ConsumerNamedSelector DHCP_CONTRACT_CONSUMER_SELECTOR;
108 private static final long DNS_SERVER_PORT = 53;
109 private static final ClassifierName DNS_UDP_IPV4_CLIENT_SERVER_NAME =
110 new ClassifierName("DNS_UDP_IPv4_FROM_CLIENT_TO_SERVER");
111 private static final ClassifierName DNS_UDP_IPV4_SERVER_CLIENT_NAME =
112 new ClassifierName("DNS_UDP_IPv4_FROM_SERVER_TO_CLIENT");
113 private static final ClassifierName DNS_UDP_IPV6_CLIENT_SERVER_NAME =
114 new ClassifierName("DNS_UDP_IPv6_FROM_CLIENT_TO_SERVER");
115 private static final ClassifierName DNS_UDP_IPV6_SERVER_CLIENT_NAME =
116 new ClassifierName("DNS_UDP_IPv6_FROM_SERVER_TO_CLIENT");
117 private static final ClassifierName DNS_TCP_IPV4_CLIENT_SERVER_NAME =
118 new ClassifierName("DNS_TCP_IPv4_FROM_CLIENT_TO_SERVER");
119 private static final ClassifierName DNS_TCP_IPV4_SERVER_CLIENT_NAME =
120 new ClassifierName("DNS_TCP_IPv4_FROM_SERVER_TO_CLIENT");
121 private static final ClassifierName DNS_TCP_IPV6_CLIENT_SERVER_NAME =
122 new ClassifierName("DNS_TCP_IPv6_FROM_CLIENT_TO_SERVER");
123 private static final ClassifierName DNS_TCP_IPV6_SERVER_CLIENT_NAME =
124 new ClassifierName("DNS_TCP_IPv6_FROM_SERVER_TO_CLIENT");
125 private static final SubjectName DNS_SUBJECT_NAME = new SubjectName("ALLOW_DNS");
126 private static final Description DNS_CONTRACT_DESC =
127 new Description("Allow DNS communication between client and server.");
129 * ID of {@link #DNS_CONTRACT}
131 public static final ContractId DNS_CONTRACT_ID = new ContractId("22218d2e-dddd-11e5-885d-feff819cdc9f");
133 * Contains rules with action {@link MappingUtils#ACTION_REF_ALLOW} matching DNS communication
134 * between Client and Server.
136 public static final Contract DNS_CONTRACT;
138 * {@link ConsumerNamedSelector} pointing to {@link #DNS_CONTRACT}
140 public static final ConsumerNamedSelector DNS_CONTRACT_CONSUMER_SELECTOR;
142 // ########### SSH and ICMP management
143 private static final long SSH_TCP_PORT = 22;
144 private static final ClassifierName SSH_IPV4_SERVER_TO_CLIENT_NAME =
145 new ClassifierName("SSH_IPV4_FROM_SERVER_TO_CLIENT");
146 private static final ClassifierName SSH_IPV6_SERVER_TO_CLIENT_NAME =
147 new ClassifierName("SSH_IPV6_FROM_SERVER_TO_CLIENT");
148 private static final ClassifierName SSH_IPV4_CLIENT_TO_SERVER_NAME =
149 new ClassifierName("SSH_IPV4_FROM_CLIENT_TO_SERVER");
150 private static final ClassifierName SSH_IPV6_CLIENT_TO_SERVER_NAME =
151 new ClassifierName("SSH_IPV6_FROM_CLIENT_TO_SERVER");
152 private static final ClassifierName ICMP_IPV4_BETWEEN_SERVER_CLIENT_NAME =
153 new ClassifierName("ICMP_IPV4_BETWEEN_SERVER_CLIENT");
154 private static final ClassifierName ICMP_IPV6_BETWEEN_SERVER_CLIENT_NAME =
155 new ClassifierName("ICMP_IPV6_BETWEEN_SERVER_CLIENT");
156 private static final SubjectName MGMT_SUBJECT_NAME = new SubjectName("ALLOW_MGMT");
157 private static final Description MGMT_CONTRACT_DESC =
158 new Description("Allow ICMP and SSH management communication between server and client.");
161 * Id of {@link #MGMT_CONTRACT}
163 public static final ContractId MGMT_CONTRACT_ID = new ContractId("33318d2e-dddd-11e5-885d-feff819cdc9f");
165 * Contains rules with action {@link MappingUtils#ACTION_REF_ALLOW} matching ICMP and SSH
167 * between Client and Server.
169 public static final Contract MGMT_CONTRACT;
171 * {@link ConsumerNamedSelector} pointing to {@link #MGMT_CONTRACT}
173 public static final ConsumerNamedSelector MGMT_CONTRACT_CONSUMER_SELECTOR;
175 // ########### NETWORK-SERVICE ENDPOINT-GROUP
176 private static final Name NETWORK_SERVICE_EPG_NAME = new Name("NETWORK_SERVICE");
177 private static final Description NETWORK_SERVICE_EPG_DESC = new Description("Represents DHCP and DNS servers.");
181 public static final EndpointGroupId EPG_ID = new EndpointGroupId("ddd6cfe6-dfe5-11e4-8a00-1681e6b88ec1");
183 * Network-service endpoint-group providing {@link #DHCP_CONTRACT} and {@link #DNS_CONTRACT}
185 public static final EndpointGroup EPG;
188 DHCP_CONTRACT = createContractDhcp();
189 DHCP_CONTRACT_CONSUMER_SELECTOR = createConsumerSelector(DHCP_CONTRACT);
190 DNS_CONTRACT = createContractDns();
191 DNS_CONTRACT_CONSUMER_SELECTOR = createConsumerSelector(DNS_CONTRACT);
192 MGMT_CONTRACT = createContractMgmt();
193 MGMT_CONTRACT_CONSUMER_SELECTOR = createConsumerSelector(MGMT_CONTRACT);
194 EPG = createNetworkServiceEpg();
197 private static EndpointGroup createNetworkServiceEpg() {
198 ProviderNamedSelector dhcpProviderSelector = createProviderSelector(DHCP_CONTRACT);
199 ProviderNamedSelector dnsProviderSelector = createProviderSelector(DNS_CONTRACT);
200 ProviderNamedSelector mgmtProviderSelector = createProviderSelector(MGMT_CONTRACT);
201 return new EndpointGroupBuilder().setId(EPG_ID)
202 .setName(NETWORK_SERVICE_EPG_NAME)
203 .setProviderNamedSelector(ImmutableList.of(dhcpProviderSelector, dnsProviderSelector, mgmtProviderSelector))
204 .setIntraGroupPolicy(IntraGroupPolicy.RequireContract)
205 .setDescription(NETWORK_SERVICE_EPG_DESC)
209 private static ProviderNamedSelector createProviderSelector(Contract contract) {
210 SelectorName selectorName = new SelectorName(contract.getSubject().get(0).getName().getValue());
211 return new ProviderNamedSelectorBuilder().setName(selectorName)
212 .setContract(ImmutableList.of(contract.getId()))
216 private static ConsumerNamedSelector createConsumerSelector(Contract contract) {
217 SelectorName selectorName = new SelectorName(contract.getSubject().get(0).getName().getValue());
218 return new ConsumerNamedSelectorBuilder().setName(selectorName)
219 .setContract(ImmutableList.of(contract.getId()))
223 private static Contract createContractDhcp() {
224 Rule clientServerIpv4Rule = createRuleAllow(DHCP_IPV4_CLIENT_SERVER_NAME, Direction.In);
225 Rule serverClientIpv4Rule = createRuleAllow(DHCP_IPV4_SERVER_CLIENT_NAME, Direction.Out);
226 Rule clientServerIpv6Rule = createRuleAllow(DHCP_IPV6_CLIENT_SERVER_NAME, Direction.In);
227 Rule serverClientIpv6Rule = createRuleAllow(DHCP_IPV6_SERVER_CLIENT_NAME, Direction.Out);
228 Subject subject = new SubjectBuilder().setName(DHCP_SUBJECT_NAME)
230 .setRule(ImmutableList.of(clientServerIpv4Rule, serverClientIpv4Rule, clientServerIpv6Rule,
231 serverClientIpv6Rule))
233 return new ContractBuilder().setId(DHCP_CONTRACT_ID)
234 .setSubject(ImmutableList.of(subject))
235 .setDescription(DHCP_CONTRACT_DESC)
239 private static Contract createContractDns() {
240 Rule clientServerUdpIpv4Rule = createRuleAllow(DNS_UDP_IPV4_CLIENT_SERVER_NAME, Direction.In);
241 Rule serverClientUdpIpv4Rule = createRuleAllow(DNS_UDP_IPV4_SERVER_CLIENT_NAME, Direction.Out);
242 Rule clientServerUdpIpv6Rule = createRuleAllow(DNS_UDP_IPV6_CLIENT_SERVER_NAME, Direction.In);
243 Rule serverClientUdpIpv6Rule = createRuleAllow(DNS_UDP_IPV6_SERVER_CLIENT_NAME, Direction.Out);
244 Rule clientServerTcpIpv4Rule = createRuleAllow(DNS_TCP_IPV4_CLIENT_SERVER_NAME, Direction.In);
245 Rule serverClientTcpIpv4Rule = createRuleAllow(DNS_TCP_IPV4_SERVER_CLIENT_NAME, Direction.Out);
246 Rule clientServerTcpIpv6Rule = createRuleAllow(DNS_TCP_IPV6_CLIENT_SERVER_NAME, Direction.In);
247 Rule serverClientTcpIpv6Rule = createRuleAllow(DNS_TCP_IPV6_SERVER_CLIENT_NAME, Direction.Out);
248 Subject subject = new SubjectBuilder().setName(DNS_SUBJECT_NAME)
250 .setRule(ImmutableList.of(clientServerUdpIpv4Rule, serverClientUdpIpv4Rule, clientServerUdpIpv6Rule,
251 serverClientUdpIpv6Rule, clientServerTcpIpv4Rule, serverClientTcpIpv4Rule, clientServerTcpIpv6Rule,
252 serverClientTcpIpv6Rule))
254 return new ContractBuilder().setId(DNS_CONTRACT_ID)
255 .setSubject(ImmutableList.of(subject))
256 .setDescription(DNS_CONTRACT_DESC)
260 private static Contract createContractMgmt() {
261 Rule serverClientSshIpv4Rule = createRuleAllow(SSH_IPV4_SERVER_TO_CLIENT_NAME, Direction.Out);
262 Rule serverClientSshIpv6Rule = createRuleAllow(SSH_IPV6_SERVER_TO_CLIENT_NAME, Direction.Out);
263 Rule clientServerSshIpv4Rule = createRuleAllow(SSH_IPV4_CLIENT_TO_SERVER_NAME, Direction.In);
264 Rule clientServerSshIpv6Rule = createRuleAllow(SSH_IPV6_CLIENT_TO_SERVER_NAME, Direction.In);
265 Rule serverClientIcmpIpv4Rule = createRuleAllow(ICMP_IPV4_BETWEEN_SERVER_CLIENT_NAME, Direction.Out);
266 Rule serverClientIcmpIpv6Rule = createRuleAllow(ICMP_IPV6_BETWEEN_SERVER_CLIENT_NAME, Direction.Out);
267 Rule clientServerIcmpIpv4Rule = createRuleAllow(ICMP_IPV4_BETWEEN_SERVER_CLIENT_NAME, Direction.In);
268 Rule clientServerIcmpIpv6Rule = createRuleAllow(ICMP_IPV6_BETWEEN_SERVER_CLIENT_NAME, Direction.In);
270 Subject subject = new SubjectBuilder().setName(MGMT_SUBJECT_NAME)
272 .setRule(ImmutableList.of(serverClientSshIpv4Rule, serverClientSshIpv6Rule, clientServerSshIpv4Rule,
273 clientServerSshIpv6Rule, clientServerIcmpIpv4Rule, clientServerIcmpIpv6Rule,
274 serverClientIcmpIpv4Rule, serverClientIcmpIpv6Rule))
276 return new ContractBuilder().setId(MGMT_CONTRACT_ID)
277 .setSubject(ImmutableList.of(subject))
278 .setDescription(MGMT_CONTRACT_DESC)
282 private static Rule createRuleAllow(ClassifierName classifierName, Direction direction) {
283 ClassifierName name =
284 new ClassifierName(direction.name() + MappingUtils.NAME_DOUBLE_DELIMETER + classifierName.getValue());
285 ClassifierRef classifierRef = new ClassifierRefBuilder().setName(name)
286 .setInstanceName(classifierName)
287 .setDirection(direction)
289 return new RuleBuilder().setName(new RuleName(name))
290 .setActionRef(MappingUtils.ACTION_REF_ALLOW)
291 .setClassifierRef(ImmutableList.of(classifierRef))
296 * puts clause with {@link L3EndpointIdentificationConstraints} in {@link ConsumerMatchers}
297 * and {@link ProviderMatchers}. This clause points to subject in {@link #DHCP_CONTRACT}.
299 * @param tenantId location of {@link #DHCP_CONTRACT}
300 * @param ipPrefix used in {@link L3EndpointIdentificationConstraints}
301 * @param wTx transaction where entities are written
303 public static void writeDhcpClauseWithConsProvEic(TenantId tenantId, @Nullable IpPrefix ipPrefix,
304 WriteTransaction wTx) {
305 Clause clause = createClauseWithConsProvEic(ipPrefix, DHCP_SUBJECT_NAME);
306 wTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.clauseIid(tenantId, DHCP_CONTRACT_ID, clause.getName()),
311 * puts clause with {@link L3EndpointIdentificationConstraints} in {@link ConsumerMatchers}
312 * and {@link ProviderMatchers}. This clause points to subject in {@link #DNS_CONTRACT}.
314 * @param tenantId location of {@link #DNS_CONTRACT}
315 * @param ipPrefix used in {@link L3EndpointIdentificationConstraints}
316 * @param wTx transaction where entities are written
318 public static void writeDnsClauseWithConsProvEic(TenantId tenantId, @Nullable IpPrefix ipPrefix,
319 WriteTransaction wTx) {
320 Clause clause = createClauseWithConsProvEic(ipPrefix, DNS_SUBJECT_NAME);
321 wTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.clauseIid(tenantId, DNS_CONTRACT_ID, clause.getName()),
326 * puts clause with {@link L3EndpointIdentificationConstraints} in {@link ConsumerMatchers}
327 * and {@link ProviderMatchers}. This clause points to subject in {@link #MGMT_CONTRACT}.
329 * @param tenantId location of {@link #MGMT_CONTRACT}
330 * @param ipPrefix used in {@link L3EndpointIdentificationConstraints}
331 * @param wTx transaction where entities are written
333 public static void writeMgmtClauseWithConsProvEic(TenantId tenantId, @Nullable IpPrefix ipPrefix,
334 WriteTransaction wTx) {
335 Clause clause = createClauseWithConsProvEic(ipPrefix, MGMT_SUBJECT_NAME);
336 wTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.clauseIid(tenantId, MGMT_CONTRACT_ID, clause.getName()),
340 private static Clause createClauseWithConsProvEic(@Nullable IpPrefix ipPrefix, SubjectName subjectName) {
341 ConsumerMatchers consumerMatchers = null;
342 ProviderMatchers providerMatchers = null;
343 StringBuilder clauseName = new StringBuilder();
344 clauseName.append(subjectName.getValue());
345 if (ipPrefix != null) {
346 clauseName.append(MappingUtils.NAME_DOUBLE_DELIMETER).append(Utils.getStringIpPrefix(ipPrefix));
348 new ConsumerMatchersBuilder()
349 .setEndpointIdentificationConstraints(new EndpointIdentificationConstraintsBuilder()
350 .setL3EndpointIdentificationConstraints(new L3EndpointIdentificationConstraintsBuilder()
351 .setPrefixConstraint(
352 ImmutableList.of(new PrefixConstraintBuilder().setIpPrefix(ipPrefix).build()))
357 new ProviderMatchersBuilder()
358 .setEndpointIdentificationConstraints(new EndpointIdentificationConstraintsBuilder()
359 .setL3EndpointIdentificationConstraints(new L3EndpointIdentificationConstraintsBuilder()
360 .setPrefixConstraint(
361 ImmutableList.of(new PrefixConstraintBuilder().setIpPrefix(ipPrefix).build()))
366 return new ClauseBuilder().setName(new ClauseName(clauseName.toString()))
367 .setSubjectRefs(ImmutableList.of(subjectName))
368 .setConsumerMatchers(consumerMatchers)
369 .setProviderMatchers(providerMatchers)
374 * Puts network service entities (classifier-instances, {@link #DHCP_CONTRACT},
375 * {@link #DNS_CONTRACT}, {@link #MGMT_CONTRACT} and {@link #EPG}) to
376 * {@link LogicalDatastoreType#CONFIGURATION}
378 * @param tenantId location of network-service entities
379 * @param wTx transaction where network-service entities are written
381 public static void writeNetworkServiceEntitiesToTenant(TenantId tenantId, WriteTransaction wTx) {
382 Set<ClassifierInstance> classifierInstances = getAllClassifierInstances();
383 for (ClassifierInstance ci : classifierInstances) {
384 wTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.classifierInstanceIid(tenantId, ci.getName()), ci,
387 wTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.contractIid(tenantId, DHCP_CONTRACT_ID), DHCP_CONTRACT,
389 wTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.contractIid(tenantId, DNS_CONTRACT_ID), DNS_CONTRACT,
391 wTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.contractIid(tenantId, MGMT_CONTRACT_ID), MGMT_CONTRACT,
393 wTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.endpointGroupIid(tenantId, EPG_ID), EPG, true);
397 * @return All classifier-instances used in {@link #DHCP_CONTRACT}, {@link #DNS_CONTRACT} and
398 * {@link #MGMT_CONTRACT}
400 public static Set<ClassifierInstance> getAllClassifierInstances() {
401 HashSet<ClassifierInstance> cis = new HashSet<>();
402 cis.add(createDhcpIpv4ClientServer());
403 cis.add(createDhcpIpv4ServerClient());
404 cis.add(createDhcpIpv6ClientServer());
405 cis.add(createDhcpIpv6ServerClient());
406 cis.add(createDnsUdpIpv4ClientServer());
407 cis.add(createDnsUdpIpv4ServerClient());
408 cis.add(createDnsUdpIpv6ClientServer());
409 cis.add(createDnsUdpIpv6ServerClient());
410 cis.add(createDnsTcpIpv4ClientServer());
411 cis.add(createDnsTcpIpv4ServerClient());
412 cis.add(createDnsTcpIpv6ClientServer());
413 cis.add(createDnsTcpIpv6ServerClient());
415 cis.add(createSshTcpIpv4ServerClient());
416 cis.add(createSshTcpIpv6ServerClient());
417 cis.add(createSshTcpIpv4ClientServer());
418 cis.add(createSshTcpIpv6ClientServer());
419 cis.add(createIcmpIpv4());
420 cis.add(createIcmpIpv6());
425 // ###################### DHCP
426 private static ClassifierInstance createDhcpIpv4ClientServer() {
427 return new ClassifierInstanceBuilder().setName(DHCP_IPV4_CLIENT_SERVER_NAME)
428 .setClassifierDefinitionId(L4ClassifierDefinition.DEFINITION.getId())
429 .setParameterValue(createParams(EtherTypeClassifierDefinition.IPv4_VALUE, IpProtoClassifierDefinition.UDP_VALUE,
430 DHCP_IPV4_CLIENT_PORT, DHCP_IPV4_SERVER_PORT))
434 private static ClassifierInstance createDhcpIpv4ServerClient() {
435 return new ClassifierInstanceBuilder().setName(DHCP_IPV4_SERVER_CLIENT_NAME)
436 .setClassifierDefinitionId(L4ClassifierDefinition.DEFINITION.getId())
437 .setParameterValue(createParams(EtherTypeClassifierDefinition.IPv4_VALUE, IpProtoClassifierDefinition.UDP_VALUE,
438 DHCP_IPV4_SERVER_PORT, DHCP_IPV4_CLIENT_PORT))
442 private static ClassifierInstance createDhcpIpv6ClientServer() {
443 return new ClassifierInstanceBuilder().setName(DHCP_IPV6_CLIENT_SERVER_NAME)
444 .setClassifierDefinitionId(L4ClassifierDefinition.DEFINITION.getId())
445 .setParameterValue(createParams(EtherTypeClassifierDefinition.IPv6_VALUE, IpProtoClassifierDefinition.UDP_VALUE,
446 DHCP_IPV6_CLIENT_PORT, DHCP_IPV6_SERVER_PORT))
450 private static ClassifierInstance createDhcpIpv6ServerClient() {
451 return new ClassifierInstanceBuilder().setName(DHCP_IPV6_SERVER_CLIENT_NAME)
452 .setClassifierDefinitionId(L4ClassifierDefinition.DEFINITION.getId())
453 .setParameterValue(createParams(EtherTypeClassifierDefinition.IPv6_VALUE, IpProtoClassifierDefinition.UDP_VALUE,
454 DHCP_IPV6_SERVER_PORT, DHCP_IPV6_CLIENT_PORT))
458 // ###################### DNS UDP
459 private static ClassifierInstance createDnsUdpIpv4ClientServer() {
460 return new ClassifierInstanceBuilder().setName(DNS_UDP_IPV4_CLIENT_SERVER_NAME)
461 .setClassifierDefinitionId(L4ClassifierDefinition.DEFINITION.getId())
463 createParams(EtherTypeClassifierDefinition.IPv4_VALUE, IpProtoClassifierDefinition.UDP_VALUE, null, DNS_SERVER_PORT))
467 private static ClassifierInstance createDnsUdpIpv4ServerClient() {
468 return new ClassifierInstanceBuilder().setName(DNS_UDP_IPV4_SERVER_CLIENT_NAME)
469 .setClassifierDefinitionId(L4ClassifierDefinition.DEFINITION.getId())
471 createParams(EtherTypeClassifierDefinition.IPv4_VALUE, IpProtoClassifierDefinition.UDP_VALUE, DNS_SERVER_PORT, null))
475 private static ClassifierInstance createDnsUdpIpv6ClientServer() {
476 return new ClassifierInstanceBuilder().setName(DNS_UDP_IPV6_CLIENT_SERVER_NAME)
477 .setClassifierDefinitionId(L4ClassifierDefinition.DEFINITION.getId())
479 createParams(EtherTypeClassifierDefinition.IPv6_VALUE, IpProtoClassifierDefinition.UDP_VALUE, null, DNS_SERVER_PORT))
483 private static ClassifierInstance createDnsUdpIpv6ServerClient() {
484 return new ClassifierInstanceBuilder().setName(DNS_UDP_IPV6_SERVER_CLIENT_NAME)
485 .setClassifierDefinitionId(L4ClassifierDefinition.DEFINITION.getId())
487 createParams(EtherTypeClassifierDefinition.IPv6_VALUE, IpProtoClassifierDefinition.UDP_VALUE, DNS_SERVER_PORT, null))
491 // ###################### DNS TCP
492 private static ClassifierInstance createDnsTcpIpv4ClientServer() {
493 return new ClassifierInstanceBuilder().setName(DNS_TCP_IPV4_CLIENT_SERVER_NAME)
494 .setClassifierDefinitionId(L4ClassifierDefinition.DEFINITION.getId())
496 createParams(EtherTypeClassifierDefinition.IPv4_VALUE, IpProtoClassifierDefinition.TCP_VALUE, null, DNS_SERVER_PORT))
500 private static ClassifierInstance createDnsTcpIpv4ServerClient() {
501 return new ClassifierInstanceBuilder().setName(DNS_TCP_IPV4_SERVER_CLIENT_NAME)
502 .setClassifierDefinitionId(L4ClassifierDefinition.DEFINITION.getId())
504 createParams(EtherTypeClassifierDefinition.IPv4_VALUE, IpProtoClassifierDefinition.TCP_VALUE, DNS_SERVER_PORT, null))
508 private static ClassifierInstance createDnsTcpIpv6ClientServer() {
509 return new ClassifierInstanceBuilder().setName(DNS_TCP_IPV6_CLIENT_SERVER_NAME)
510 .setClassifierDefinitionId(L4ClassifierDefinition.DEFINITION.getId())
512 createParams(EtherTypeClassifierDefinition.IPv6_VALUE, IpProtoClassifierDefinition.TCP_VALUE, null, DNS_SERVER_PORT))
516 private static ClassifierInstance createDnsTcpIpv6ServerClient() {
517 return new ClassifierInstanceBuilder().setName(DNS_TCP_IPV6_SERVER_CLIENT_NAME)
518 .setClassifierDefinitionId(L4ClassifierDefinition.DEFINITION.getId())
520 createParams(EtherTypeClassifierDefinition.IPv6_VALUE, IpProtoClassifierDefinition.TCP_VALUE, DNS_SERVER_PORT, null))
524 // ###################### SSH TCP
525 private static ClassifierInstance createSshTcpIpv4ClientServer() {
526 return new ClassifierInstanceBuilder().setName(SSH_IPV4_CLIENT_TO_SERVER_NAME)
527 .setClassifierDefinitionId(L4ClassifierDefinition.DEFINITION.getId())
529 createParams(EtherTypeClassifierDefinition.IPv4_VALUE, IpProtoClassifierDefinition.TCP_VALUE, SSH_TCP_PORT, null))
533 private static ClassifierInstance createSshTcpIpv4ServerClient() {
534 return new ClassifierInstanceBuilder().setName(SSH_IPV4_SERVER_TO_CLIENT_NAME)
535 .setClassifierDefinitionId(L4ClassifierDefinition.DEFINITION.getId())
537 createParams(EtherTypeClassifierDefinition.IPv4_VALUE, IpProtoClassifierDefinition.TCP_VALUE, null, SSH_TCP_PORT))
541 private static ClassifierInstance createSshTcpIpv6ClientServer() {
542 return new ClassifierInstanceBuilder().setName(SSH_IPV6_CLIENT_TO_SERVER_NAME)
543 .setClassifierDefinitionId(L4ClassifierDefinition.DEFINITION.getId())
545 createParams(EtherTypeClassifierDefinition.IPv6_VALUE, IpProtoClassifierDefinition.TCP_VALUE, SSH_TCP_PORT, null))
549 private static ClassifierInstance createSshTcpIpv6ServerClient() {
550 return new ClassifierInstanceBuilder().setName(SSH_IPV6_SERVER_TO_CLIENT_NAME)
551 .setClassifierDefinitionId(L4ClassifierDefinition.DEFINITION.getId())
553 createParams(EtherTypeClassifierDefinition.IPv6_VALUE, IpProtoClassifierDefinition.TCP_VALUE, null, SSH_TCP_PORT))
557 // ###################### ICMP
558 private static ClassifierInstance createIcmpIpv4() {
559 return new ClassifierInstanceBuilder().setName(ICMP_IPV4_BETWEEN_SERVER_CLIENT_NAME)
560 .setClassifierDefinitionId(IpProtoClassifierDefinition.DEFINITION.getId())
561 .setParameterValue(createParams(EtherTypeClassifierDefinition.IPv4_VALUE, IpProtoClassifierDefinition.ICMP_VALUE, null, null))
565 private static ClassifierInstance createIcmpIpv6() {
566 return new ClassifierInstanceBuilder().setName(ICMP_IPV6_BETWEEN_SERVER_CLIENT_NAME)
567 .setClassifierDefinitionId(IpProtoClassifierDefinition.DEFINITION.getId())
568 .setParameterValue(createParams(EtherTypeClassifierDefinition.IPv6_VALUE, IpProtoClassifierDefinition.ICMP_VALUE, null, null))
572 private static List<ParameterValue> createParams(long etherType, long proto, @Nullable Long srcPort,
573 @Nullable Long dstPort) {
574 List<ParameterValue> params = new ArrayList<>();
575 if (srcPort != null) {
576 params.add(new ParameterValueBuilder().setName(new ParameterName(L4ClassifierDefinition.SRC_PORT_PARAM))
577 .setIntValue(srcPort)
580 if (dstPort != null) {
581 params.add(new ParameterValueBuilder().setName(new ParameterName(L4ClassifierDefinition.DST_PORT_PARAM))
582 .setIntValue(dstPort)
585 params.add(new ParameterValueBuilder().setName(new ParameterName(IpProtoClassifierDefinition.PROTO_PARAM))
588 params.add(new ParameterValueBuilder().setName(new ParameterName(EtherTypeClassifierDefinition.ETHERTYPE_PARAM))
589 .setIntValue(etherType)