2 * Copyright (c) 2014 Cisco Systems, Inc. and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
9 package org.opendaylight.groupbasedpolicy.neutron.mapper.infrastructure;
11 import java.util.ArrayList;
12 import java.util.Collections;
13 import java.util.HashSet;
14 import java.util.List;
17 import javax.annotation.Nullable;
19 import org.opendaylight.controller.md.sal.binding.api.WriteTransaction;
20 import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
21 import org.opendaylight.groupbasedpolicy.api.sf.EtherTypeClassifierDefinition;
22 import org.opendaylight.groupbasedpolicy.api.sf.IpProtoClassifierDefinition;
23 import org.opendaylight.groupbasedpolicy.api.sf.L4ClassifierDefinition;
24 import org.opendaylight.groupbasedpolicy.neutron.mapper.util.MappingUtils;
25 import org.opendaylight.groupbasedpolicy.neutron.mapper.util.Utils;
26 import org.opendaylight.groupbasedpolicy.util.IidFactory;
27 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IpPrefix;
28 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ClassifierName;
29 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ClauseName;
30 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ContractId;
31 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.Description;
32 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.EndpointGroupId;
33 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.Name;
34 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ParameterName;
35 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.RuleName;
36 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.SelectorName;
37 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.SubjectName;
38 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.TenantId;
39 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.HasDirection.Direction;
40 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.action.refs.ActionRef;
41 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.classifier.refs.ClassifierRef;
42 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.classifier.refs.ClassifierRefBuilder;
43 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.endpoint.identification.constraints.EndpointIdentificationConstraintsBuilder;
44 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.endpoint.identification.constraints.endpoint.identification.constraints.L3EndpointIdentificationConstraints;
45 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.endpoint.identification.constraints.endpoint.identification.constraints.L3EndpointIdentificationConstraintsBuilder;
46 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.endpoint.identification.constraints.endpoint.identification.constraints.l3.endpoint.identification.constraints.PrefixConstraintBuilder;
47 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.subject.feature.instance.ParameterValue;
48 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.subject.feature.instance.ParameterValueBuilder;
49 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.Contract;
50 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.ContractBuilder;
51 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.EndpointGroup;
52 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.EndpointGroup.IntraGroupPolicy;
53 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.EndpointGroupBuilder;
54 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.contract.Clause;
55 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.contract.ClauseBuilder;
56 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.contract.Subject;
57 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.contract.SubjectBuilder;
58 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.contract.clause.ConsumerMatchers;
59 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.contract.clause.ConsumerMatchersBuilder;
60 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.contract.clause.ProviderMatchers;
61 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.contract.clause.ProviderMatchersBuilder;
62 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.contract.subject.Rule;
63 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.contract.subject.RuleBuilder;
64 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.endpoint.group.ConsumerNamedSelector;
65 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.endpoint.group.ConsumerNamedSelectorBuilder;
66 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.endpoint.group.ProviderNamedSelector;
67 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.endpoint.group.ProviderNamedSelectorBuilder;
68 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.subject.feature.instances.ActionInstance;
69 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.subject.feature.instances.ClassifierInstance;
70 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.subject.feature.instances.ClassifierInstanceBuilder;
72 import com.google.common.collect.ImmutableList;
74 public class NetworkService {
77 * Unit tests {@link NetworkServiceTest}
80 private static final long DHCP_IPV4_SERVER_PORT = 67;
81 private static final long DHCP_IPV4_CLIENT_PORT = 68;
82 private static final long DHCP_IPV6_SERVER_PORT = 547;
83 private static final long DHCP_IPV6_CLIENT_PORT = 546;
84 private static final ClassifierName DHCP_IPV4_CLIENT_SERVER_NAME =
85 new ClassifierName("DHCP_IPv4_FROM_CLIENT_TO_SERVER");
86 private static final ClassifierName DHCP_IPV4_SERVER_CLIENT_NAME =
87 new ClassifierName("DHCP_IPv4_FROM_SERVER_TO_CLIENT");
88 private static final ClassifierName DHCP_IPV6_CLIENT_SERVER_NAME =
89 new ClassifierName("DHCP_IPv6_FROM_CLIENT_TO_SERVER");
90 private static final ClassifierName DHCP_IPV6_SERVER_CLIENT_NAME =
91 new ClassifierName("DHCP_IPv6_FROM_SERVER_TO_CLIENT");
92 private static final SubjectName DHCP_SUBJECT_NAME = new SubjectName("ALLOW_DHCP");
93 private static final Description DHCP_CONTRACT_DESC =
94 new Description("Allow DHCP communication between client and server.");
97 * Id of {@link #DHCP_CONTRACT}
99 public static final ContractId DHCP_CONTRACT_ID = new ContractId("11118d2e-dddd-11e5-885d-feff819cdc9f");
101 * Contains rules with action {@link MappingUtils#ACTION_REF_ALLOW} matching DHCP communication
102 * between Client and Server.
104 public static final Contract DHCP_CONTRACT;
106 * {@link ConsumerNamedSelector} pointing to {@link #DHCP_CONTRACT}
108 public static final ConsumerNamedSelector DHCP_CONTRACT_CONSUMER_SELECTOR;
111 private static final long DNS_SERVER_PORT = 53;
112 private static final ClassifierName DNS_UDP_IPV4_CLIENT_SERVER_NAME =
113 new ClassifierName("DNS_UDP_IPv4_FROM_CLIENT_TO_SERVER");
114 private static final ClassifierName DNS_UDP_IPV4_SERVER_CLIENT_NAME =
115 new ClassifierName("DNS_UDP_IPv4_FROM_SERVER_TO_CLIENT");
116 private static final ClassifierName DNS_UDP_IPV6_CLIENT_SERVER_NAME =
117 new ClassifierName("DNS_UDP_IPv6_FROM_CLIENT_TO_SERVER");
118 private static final ClassifierName DNS_UDP_IPV6_SERVER_CLIENT_NAME =
119 new ClassifierName("DNS_UDP_IPv6_FROM_SERVER_TO_CLIENT");
120 private static final ClassifierName DNS_TCP_IPV4_CLIENT_SERVER_NAME =
121 new ClassifierName("DNS_TCP_IPv4_FROM_CLIENT_TO_SERVER");
122 private static final ClassifierName DNS_TCP_IPV4_SERVER_CLIENT_NAME =
123 new ClassifierName("DNS_TCP_IPv4_FROM_SERVER_TO_CLIENT");
124 private static final ClassifierName DNS_TCP_IPV6_CLIENT_SERVER_NAME =
125 new ClassifierName("DNS_TCP_IPv6_FROM_CLIENT_TO_SERVER");
126 private static final ClassifierName DNS_TCP_IPV6_SERVER_CLIENT_NAME =
127 new ClassifierName("DNS_TCP_IPv6_FROM_SERVER_TO_CLIENT");
128 private static final SubjectName DNS_SUBJECT_NAME = new SubjectName("ALLOW_DNS");
129 private static final Description DNS_CONTRACT_DESC =
130 new Description("Allow DNS communication between client and server.");
132 * ID of {@link #DNS_CONTRACT}
134 public static final ContractId DNS_CONTRACT_ID = new ContractId("22218d2e-dddd-11e5-885d-feff819cdc9f");
136 * Contains rules with action {@link MappingUtils#ACTION_REF_ALLOW} matching DNS communication
137 * between Client and Server.
139 public static final Contract DNS_CONTRACT;
141 * {@link ConsumerNamedSelector} pointing to {@link #DNS_CONTRACT}
143 public static final ConsumerNamedSelector DNS_CONTRACT_CONSUMER_SELECTOR;
145 // ########### SSH and ICMP management
146 private static final long SSH_TCP_PORT = 22;
147 private static final ClassifierName SSH_IPV4_SERVER_TO_CLIENT_NAME =
148 new ClassifierName("SSH_IPV4_FROM_SERVER_TO_CLIENT");
149 private static final ClassifierName SSH_IPV6_SERVER_TO_CLIENT_NAME =
150 new ClassifierName("SSH_IPV6_FROM_SERVER_TO_CLIENT");
151 private static final ClassifierName SSH_IPV4_CLIENT_TO_SERVER_NAME =
152 new ClassifierName("SSH_IPV4_FROM_CLIENT_TO_SERVER");
153 private static final ClassifierName SSH_IPV6_CLIENT_TO_SERVER_NAME =
154 new ClassifierName("SSH_IPV6_FROM_CLIENT_TO_SERVER");
155 private static final ClassifierName ICMP_IPV4_BETWEEN_SERVER_CLIENT_NAME =
156 new ClassifierName("ICMP_IPV4_BETWEEN_SERVER_CLIENT");
157 private static final ClassifierName ICMP_IPV6_BETWEEN_SERVER_CLIENT_NAME =
158 new ClassifierName("ICMP_IPV6_BETWEEN_SERVER_CLIENT");
159 private static final SubjectName MGMT_SUBJECT_NAME = new SubjectName("ALLOW_MGMT");
160 private static final Description MGMT_CONTRACT_DESC =
161 new Description("Allow ICMP and SSH management communication between server and client.");
164 * Id of {@link #MGMT_CONTRACT}
166 public static final ContractId MGMT_CONTRACT_ID = new ContractId("33318d2e-dddd-11e5-885d-feff819cdc9f");
168 * Contains rules with action {@link MappingUtils#ACTION_REF_ALLOW} matching ICMP and SSH
170 * between Client and Server.
172 public static final Contract MGMT_CONTRACT;
174 * {@link ConsumerNamedSelector} pointing to {@link #MGMT_CONTRACT}
176 public static final ConsumerNamedSelector MGMT_CONTRACT_CONSUMER_SELECTOR;
178 // ########### METADATA management
179 private static final ClassifierName METADATA_SERVER_TO_CLIENT_NAME =
180 new ClassifierName("METADATA_FROM_SERVER_TO_CLIENT");
181 private static final ClassifierName METADATA_CLIENT_TO_SERVER_NAME =
182 new ClassifierName("METADATA_FROM_CLIENT_TO_SERVER");
183 private static final SubjectName METADATA_SUBJECT_NAME = new SubjectName("ALLOW_METADATA");
184 private static final Description METADATA_CONTRACT_DESC =
185 new Description("Allow METADATA management communication between server and client.");
188 * Id of {@link #METADATA_CONTRACT}
190 public static final ContractId METADATA_CONTRACT_ID = new ContractId("be0675b7-b0d6-46cc-acf1-247ed31cf572");
192 * Contains rules with action {@link MappingUtils#ACTION_REF_ALLOW} matching ICMP and SSH
194 * between Client and Server.
196 public static final Contract METADATA_CONTRACT;
198 * {@link ConsumerNamedSelector} pointing to {@link #METADATA_CONTRACT}
200 public static final ConsumerNamedSelector METADATA_CONTRACT_CONSUMER_SELECTOR;
202 // ########### NETWORK-SERVICE ENDPOINT-GROUP
203 private static final Name NETWORK_SERVICE_EPG_NAME = new Name("NETWORK_SERVICE");
204 private static final Description NETWORK_SERVICE_EPG_DESC = new Description("Represents DHCP and DNS servers.");
208 public static final EndpointGroupId EPG_ID = new EndpointGroupId("ddd6cfe6-dfe5-11e4-8a00-1681e6b88ec1");
210 * Network-service endpoint-group providing {@link #DHCP_CONTRACT} and {@link #DNS_CONTRACT}
212 public static final EndpointGroup EPG;
215 DHCP_CONTRACT = createContractDhcp();
216 DHCP_CONTRACT_CONSUMER_SELECTOR = createConsumerSelector(DHCP_CONTRACT);
217 DNS_CONTRACT = createContractDns();
218 DNS_CONTRACT_CONSUMER_SELECTOR = createConsumerSelector(DNS_CONTRACT);
219 MGMT_CONTRACT = createContractMgmt();
220 MGMT_CONTRACT_CONSUMER_SELECTOR = createConsumerSelector(MGMT_CONTRACT);
221 METADATA_CONTRACT = createContractMetadata();
222 METADATA_CONTRACT_CONSUMER_SELECTOR = createConsumerSelector(METADATA_CONTRACT);
223 EPG = createNetworkServiceEpg();
226 private static EndpointGroup createNetworkServiceEpg() {
227 ProviderNamedSelector dhcpProviderSelector = createProviderSelector(DHCP_CONTRACT);
228 ProviderNamedSelector dnsProviderSelector = createProviderSelector(DNS_CONTRACT);
229 ProviderNamedSelector mgmtProviderSelector = createProviderSelector(MGMT_CONTRACT);
230 ProviderNamedSelector metadataProviderSelector = createProviderSelector(METADATA_CONTRACT);
231 return new EndpointGroupBuilder().setId(EPG_ID)
232 .setName(NETWORK_SERVICE_EPG_NAME)
233 .setProviderNamedSelector(ImmutableList.of(dhcpProviderSelector, dnsProviderSelector, mgmtProviderSelector,
234 metadataProviderSelector))
235 .setIntraGroupPolicy(IntraGroupPolicy.RequireContract)
236 .setDescription(NETWORK_SERVICE_EPG_DESC)
240 private static ProviderNamedSelector createProviderSelector(Contract contract) {
241 SelectorName selectorName = new SelectorName(contract.getSubject().get(0).getName().getValue());
242 return new ProviderNamedSelectorBuilder().setName(selectorName)
243 .setContract(ImmutableList.of(contract.getId()))
247 private static ConsumerNamedSelector createConsumerSelector(Contract contract) {
248 SelectorName selectorName = new SelectorName(contract.getSubject().get(0).getName().getValue());
249 return new ConsumerNamedSelectorBuilder().setName(selectorName)
250 .setContract(ImmutableList.of(contract.getId()))
254 private static Contract createContractDhcp() {
255 Rule clientServerIpv4Rule = createRuleAllow(DHCP_IPV4_CLIENT_SERVER_NAME, Direction.In);
256 Rule serverClientIpv4Rule = createRuleAllow(DHCP_IPV4_SERVER_CLIENT_NAME, Direction.Out);
257 Rule clientServerIpv6Rule = createRuleAllow(DHCP_IPV6_CLIENT_SERVER_NAME, Direction.In);
258 Rule serverClientIpv6Rule = createRuleAllow(DHCP_IPV6_SERVER_CLIENT_NAME, Direction.Out);
259 Subject subject = new SubjectBuilder().setName(DHCP_SUBJECT_NAME)
261 .setRule(ImmutableList.of(clientServerIpv4Rule, serverClientIpv4Rule, clientServerIpv6Rule,
262 serverClientIpv6Rule))
264 return new ContractBuilder().setId(DHCP_CONTRACT_ID)
265 .setSubject(ImmutableList.of(subject))
266 .setDescription(DHCP_CONTRACT_DESC)
270 private static Contract createContractDns() {
271 Rule clientServerUdpIpv4Rule = createRuleAllow(DNS_UDP_IPV4_CLIENT_SERVER_NAME, Direction.In);
272 Rule serverClientUdpIpv4Rule = createRuleAllow(DNS_UDP_IPV4_SERVER_CLIENT_NAME, Direction.Out);
273 Rule clientServerUdpIpv6Rule = createRuleAllow(DNS_UDP_IPV6_CLIENT_SERVER_NAME, Direction.In);
274 Rule serverClientUdpIpv6Rule = createRuleAllow(DNS_UDP_IPV6_SERVER_CLIENT_NAME, Direction.Out);
275 Rule clientServerTcpIpv4Rule = createRuleAllow(DNS_TCP_IPV4_CLIENT_SERVER_NAME, Direction.In);
276 Rule serverClientTcpIpv4Rule = createRuleAllow(DNS_TCP_IPV4_SERVER_CLIENT_NAME, Direction.Out);
277 Rule clientServerTcpIpv6Rule = createRuleAllow(DNS_TCP_IPV6_CLIENT_SERVER_NAME, Direction.In);
278 Rule serverClientTcpIpv6Rule = createRuleAllow(DNS_TCP_IPV6_SERVER_CLIENT_NAME, Direction.Out);
279 Subject subject = new SubjectBuilder().setName(DNS_SUBJECT_NAME)
281 .setRule(ImmutableList.of(clientServerUdpIpv4Rule, serverClientUdpIpv4Rule, clientServerUdpIpv6Rule,
282 serverClientUdpIpv6Rule, clientServerTcpIpv4Rule, serverClientTcpIpv4Rule, clientServerTcpIpv6Rule,
283 serverClientTcpIpv6Rule))
285 return new ContractBuilder().setId(DNS_CONTRACT_ID)
286 .setSubject(ImmutableList.of(subject))
287 .setDescription(DNS_CONTRACT_DESC)
291 private static Contract createContractMgmt() {
292 Rule serverClientSshIpv4Rule = createRuleAllow(SSH_IPV4_SERVER_TO_CLIENT_NAME, Direction.Out);
293 Rule serverClientSshIpv6Rule = createRuleAllow(SSH_IPV6_SERVER_TO_CLIENT_NAME, Direction.Out);
294 Rule clientServerSshIpv4Rule = createRuleAllow(SSH_IPV4_CLIENT_TO_SERVER_NAME, Direction.In);
295 Rule clientServerSshIpv6Rule = createRuleAllow(SSH_IPV6_CLIENT_TO_SERVER_NAME, Direction.In);
296 Rule serverClientIcmpIpv4Rule = createRuleAllow(ICMP_IPV4_BETWEEN_SERVER_CLIENT_NAME, Direction.Out);
297 Rule serverClientIcmpIpv6Rule = createRuleAllow(ICMP_IPV6_BETWEEN_SERVER_CLIENT_NAME, Direction.Out);
298 Rule clientServerIcmpIpv4Rule = createRuleAllow(ICMP_IPV4_BETWEEN_SERVER_CLIENT_NAME, Direction.In);
299 Rule clientServerIcmpIpv6Rule = createRuleAllow(ICMP_IPV6_BETWEEN_SERVER_CLIENT_NAME, Direction.In);
301 Subject subject = new SubjectBuilder().setName(MGMT_SUBJECT_NAME)
303 .setRule(ImmutableList.of(serverClientSshIpv4Rule, serverClientSshIpv6Rule, clientServerSshIpv4Rule,
304 clientServerSshIpv6Rule, clientServerIcmpIpv4Rule, clientServerIcmpIpv6Rule,
305 serverClientIcmpIpv4Rule, serverClientIcmpIpv6Rule))
307 return new ContractBuilder().setId(MGMT_CONTRACT_ID)
308 .setSubject(ImmutableList.of(subject))
309 .setDescription(MGMT_CONTRACT_DESC)
313 private static Contract createContractMetadata() {
314 Rule serverClientMetadataIpv4Rule = createRuleAllow(METADATA_SERVER_TO_CLIENT_NAME, Direction.Out);
315 Rule clientServerMetadataIpv4Rule = createRuleAllow(METADATA_CLIENT_TO_SERVER_NAME, Direction.In);
316 Rule serverClientIcmpIpv4Rule = createRuleAllow(ICMP_IPV4_BETWEEN_SERVER_CLIENT_NAME, Direction.Out);
317 Rule serverClientIcmpIpv6Rule = createRuleAllow(ICMP_IPV6_BETWEEN_SERVER_CLIENT_NAME, Direction.Out);
318 Rule clientServerIcmpIpv4Rule = createRuleAllow(ICMP_IPV4_BETWEEN_SERVER_CLIENT_NAME, Direction.In);
319 Rule clientServerIcmpIpv6Rule = createRuleAllow(ICMP_IPV6_BETWEEN_SERVER_CLIENT_NAME, Direction.In);
321 Subject subject = new SubjectBuilder().setName(METADATA_SUBJECT_NAME)
323 .setRule(ImmutableList.of(serverClientMetadataIpv4Rule, clientServerMetadataIpv4Rule,
324 clientServerIcmpIpv4Rule, clientServerIcmpIpv6Rule,
325 serverClientIcmpIpv4Rule, serverClientIcmpIpv6Rule))
327 return new ContractBuilder().setId(METADATA_CONTRACT_ID)
328 .setSubject(ImmutableList.of(subject))
329 .setDescription(METADATA_CONTRACT_DESC)
333 private static Rule createRuleAllow(ClassifierName classifierName, Direction direction) {
334 ClassifierName name =
335 new ClassifierName(direction.name() + MappingUtils.NAME_DOUBLE_DELIMETER + classifierName.getValue());
336 ClassifierRef classifierRef = new ClassifierRefBuilder().setName(name)
337 .setInstanceName(classifierName)
338 .setDirection(direction)
340 return new RuleBuilder().setName(new RuleName(name))
341 .setActionRef(ImmutableList.<ActionRef>of(MappingUtils.ACTION_REF_ALLOW))
342 .setClassifierRef(ImmutableList.of(classifierRef))
347 * puts clause with {@link L3EndpointIdentificationConstraints} in {@link ConsumerMatchers}
348 * and {@link ProviderMatchers}. This clause points to subject in {@link #DHCP_CONTRACT}.
350 * @param tenantId location of {@link #DHCP_CONTRACT}
351 * @param ipPrefix used in {@link L3EndpointIdentificationConstraints}
352 * @param wTx transaction where entities are written
354 public static void writeDhcpClauseWithConsProvEic(TenantId tenantId, @Nullable IpPrefix ipPrefix,
355 WriteTransaction wTx) {
356 Clause clause = createClauseWithConsProvEic(ipPrefix, DHCP_SUBJECT_NAME);
357 wTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.clauseIid(tenantId, DHCP_CONTRACT_ID, clause.getName()),
362 * puts clause with {@link L3EndpointIdentificationConstraints} in {@link ConsumerMatchers}
363 * and {@link ProviderMatchers}. This clause points to subject in {@link #DNS_CONTRACT}.
365 * @param tenantId location of {@link #DNS_CONTRACT}
366 * @param ipPrefix used in {@link L3EndpointIdentificationConstraints}
367 * @param wTx transaction where entities are written
369 public static void writeDnsClauseWithConsProvEic(TenantId tenantId, @Nullable IpPrefix ipPrefix,
370 WriteTransaction wTx) {
371 Clause clause = createClauseWithConsProvEic(ipPrefix, DNS_SUBJECT_NAME);
372 wTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.clauseIid(tenantId, DNS_CONTRACT_ID, clause.getName()),
377 * puts clause with {@link L3EndpointIdentificationConstraints} in {@link ConsumerMatchers}
378 * and {@link ProviderMatchers}. This clause points to subject in {@link #MGMT_CONTRACT}.
380 * @param tenantId location of {@link #MGMT_CONTRACT}
381 * @param ipPrefix used in {@link L3EndpointIdentificationConstraints}
382 * @param wTx transaction where entities are written
384 public static void writeMgmtClauseWithConsProvEic(TenantId tenantId, @Nullable IpPrefix ipPrefix,
385 WriteTransaction wTx) {
386 Clause clause = createClauseWithConsProvEic(ipPrefix, MGMT_SUBJECT_NAME);
387 wTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.clauseIid(tenantId, MGMT_CONTRACT_ID, clause.getName()),
392 * puts clause with {@link L3EndpointIdentificationConstraints} in {@link ConsumerMatchers}
393 * and {@link ProviderMatchers}. This clause points to subject in {@link #METADATA_CONTRACT}.
395 * @param tenantId location of {@link #METADATA_CONTRACT}
396 * @param ipPrefix used in {@link L3EndpointIdentificationConstraints}
397 * @param wTx transaction where entities are written
399 public static void writeMetadataClauseWithConsProvEic(TenantId tenantId, @Nullable IpPrefix ipPrefix,
400 WriteTransaction wTx) {
401 Clause clause = createClauseWithConsProvEic(ipPrefix, METADATA_SUBJECT_NAME);
402 wTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.clauseIid(tenantId, METADATA_CONTRACT_ID, clause.getName()),
406 private static Clause createClauseWithConsProvEic(@Nullable IpPrefix ipPrefix, SubjectName subjectName) {
407 ConsumerMatchers consumerMatchers = null;
408 ProviderMatchers providerMatchers = null;
409 StringBuilder clauseName = new StringBuilder();
410 clauseName.append(subjectName.getValue());
411 if (ipPrefix != null) {
412 clauseName.append(MappingUtils.NAME_DOUBLE_DELIMETER).append(Utils.getStringIpPrefix(ipPrefix));
414 new ConsumerMatchersBuilder()
415 .setEndpointIdentificationConstraints(new EndpointIdentificationConstraintsBuilder()
416 .setL3EndpointIdentificationConstraints(new L3EndpointIdentificationConstraintsBuilder()
417 .setPrefixConstraint(
418 ImmutableList.of(new PrefixConstraintBuilder().setIpPrefix(ipPrefix).build()))
423 new ProviderMatchersBuilder()
424 .setEndpointIdentificationConstraints(new EndpointIdentificationConstraintsBuilder()
425 .setL3EndpointIdentificationConstraints(new L3EndpointIdentificationConstraintsBuilder()
426 .setPrefixConstraint(
427 ImmutableList.of(new PrefixConstraintBuilder().setIpPrefix(ipPrefix).build()))
432 return new ClauseBuilder().setName(new ClauseName(clauseName.toString()))
433 .setSubjectRefs(ImmutableList.of(subjectName))
434 .setConsumerMatchers(consumerMatchers)
435 .setProviderMatchers(providerMatchers)
440 * Puts network service entities (classifier-instances, {@link #DHCP_CONTRACT},
441 * {@link #DNS_CONTRACT}, {@link #MGMT_CONTRACT} and {@link #EPG}) to
442 * {@link LogicalDatastoreType#CONFIGURATION}
444 * @param tenantId location of network-service entities
445 * @param wTx transaction where network-service entities are written
447 public static void writeNetworkServiceEntitiesToTenant(TenantId tenantId, WriteTransaction wTx, long metadataPort) {
448 Set<ClassifierInstance> classifierInstances = getAllClassifierInstances(metadataPort);
449 for (ClassifierInstance ci : classifierInstances) {
450 wTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.classifierInstanceIid(tenantId, ci.getName()), ci,
453 for (ActionInstance ai : Collections.singleton(MappingUtils.ACTION_ALLOW)) {
454 wTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.actionInstanceIid(tenantId, ai.getName()), ai, true);
456 wTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.contractIid(tenantId, DHCP_CONTRACT_ID), DHCP_CONTRACT,
458 wTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.contractIid(tenantId, DNS_CONTRACT_ID), DNS_CONTRACT,
460 wTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.contractIid(tenantId, MGMT_CONTRACT_ID), MGMT_CONTRACT,
462 wTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.contractIid(tenantId, METADATA_CONTRACT_ID), METADATA_CONTRACT,
464 wTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.endpointGroupIid(tenantId, EPG_ID), EPG, true);
468 * @return All classifier-instances used in {@link #DHCP_CONTRACT}, {@link #DNS_CONTRACT} and
469 * {@link #MGMT_CONTRACT}
471 public static Set<ClassifierInstance> getAllClassifierInstances(long metadataPort) {
472 HashSet<ClassifierInstance> cis = new HashSet<>();
473 cis.add(createDhcpIpv4ClientServer());
474 cis.add(createDhcpIpv4ServerClient());
475 cis.add(createDhcpIpv6ClientServer());
476 cis.add(createDhcpIpv6ServerClient());
477 cis.add(createDnsUdpIpv4ClientServer());
478 cis.add(createDnsUdpIpv4ServerClient());
479 cis.add(createDnsUdpIpv6ClientServer());
480 cis.add(createDnsUdpIpv6ServerClient());
481 cis.add(createDnsTcpIpv4ClientServer());
482 cis.add(createDnsTcpIpv4ServerClient());
483 cis.add(createDnsTcpIpv6ClientServer());
484 cis.add(createDnsTcpIpv6ServerClient());
486 cis.add(createSshTcpIpv4ServerClient());
487 cis.add(createSshTcpIpv6ServerClient());
488 cis.add(createSshTcpIpv4ClientServer());
489 cis.add(createSshTcpIpv6ClientServer());
490 cis.add(createIcmpIpv4());
491 cis.add(createIcmpIpv6());
493 cis.add(createMetadataIpv4ClientServer(metadataPort));
494 cis.add(createMetadataIpv4ServerClient(metadataPort));
499 // ###################### DHCP
500 private static ClassifierInstance createDhcpIpv4ClientServer() {
501 return new ClassifierInstanceBuilder().setName(DHCP_IPV4_CLIENT_SERVER_NAME)
502 .setClassifierDefinitionId(L4ClassifierDefinition.DEFINITION.getId())
503 .setParameterValue(createParams(EtherTypeClassifierDefinition.IPv4_VALUE, IpProtoClassifierDefinition.UDP_VALUE,
504 DHCP_IPV4_CLIENT_PORT, DHCP_IPV4_SERVER_PORT))
508 private static ClassifierInstance createDhcpIpv4ServerClient() {
509 return new ClassifierInstanceBuilder().setName(DHCP_IPV4_SERVER_CLIENT_NAME)
510 .setClassifierDefinitionId(L4ClassifierDefinition.DEFINITION.getId())
511 .setParameterValue(createParams(EtherTypeClassifierDefinition.IPv4_VALUE, IpProtoClassifierDefinition.UDP_VALUE,
512 DHCP_IPV4_SERVER_PORT, DHCP_IPV4_CLIENT_PORT))
516 private static ClassifierInstance createDhcpIpv6ClientServer() {
517 return new ClassifierInstanceBuilder().setName(DHCP_IPV6_CLIENT_SERVER_NAME)
518 .setClassifierDefinitionId(L4ClassifierDefinition.DEFINITION.getId())
519 .setParameterValue(createParams(EtherTypeClassifierDefinition.IPv6_VALUE, IpProtoClassifierDefinition.UDP_VALUE,
520 DHCP_IPV6_CLIENT_PORT, DHCP_IPV6_SERVER_PORT))
524 private static ClassifierInstance createDhcpIpv6ServerClient() {
525 return new ClassifierInstanceBuilder().setName(DHCP_IPV6_SERVER_CLIENT_NAME)
526 .setClassifierDefinitionId(L4ClassifierDefinition.DEFINITION.getId())
527 .setParameterValue(createParams(EtherTypeClassifierDefinition.IPv6_VALUE, IpProtoClassifierDefinition.UDP_VALUE,
528 DHCP_IPV6_SERVER_PORT, DHCP_IPV6_CLIENT_PORT))
532 // ###################### DNS UDP
533 private static ClassifierInstance createDnsUdpIpv4ClientServer() {
534 return new ClassifierInstanceBuilder().setName(DNS_UDP_IPV4_CLIENT_SERVER_NAME)
535 .setClassifierDefinitionId(L4ClassifierDefinition.DEFINITION.getId())
537 createParams(EtherTypeClassifierDefinition.IPv4_VALUE, IpProtoClassifierDefinition.UDP_VALUE, null, DNS_SERVER_PORT))
541 private static ClassifierInstance createDnsUdpIpv4ServerClient() {
542 return new ClassifierInstanceBuilder().setName(DNS_UDP_IPV4_SERVER_CLIENT_NAME)
543 .setClassifierDefinitionId(L4ClassifierDefinition.DEFINITION.getId())
545 createParams(EtherTypeClassifierDefinition.IPv4_VALUE, IpProtoClassifierDefinition.UDP_VALUE, DNS_SERVER_PORT, null))
549 private static ClassifierInstance createDnsUdpIpv6ClientServer() {
550 return new ClassifierInstanceBuilder().setName(DNS_UDP_IPV6_CLIENT_SERVER_NAME)
551 .setClassifierDefinitionId(L4ClassifierDefinition.DEFINITION.getId())
553 createParams(EtherTypeClassifierDefinition.IPv6_VALUE, IpProtoClassifierDefinition.UDP_VALUE, null, DNS_SERVER_PORT))
557 private static ClassifierInstance createDnsUdpIpv6ServerClient() {
558 return new ClassifierInstanceBuilder().setName(DNS_UDP_IPV6_SERVER_CLIENT_NAME)
559 .setClassifierDefinitionId(L4ClassifierDefinition.DEFINITION.getId())
561 createParams(EtherTypeClassifierDefinition.IPv6_VALUE, IpProtoClassifierDefinition.UDP_VALUE, DNS_SERVER_PORT, null))
565 // ###################### DNS TCP
566 private static ClassifierInstance createDnsTcpIpv4ClientServer() {
567 return new ClassifierInstanceBuilder().setName(DNS_TCP_IPV4_CLIENT_SERVER_NAME)
568 .setClassifierDefinitionId(L4ClassifierDefinition.DEFINITION.getId())
570 createParams(EtherTypeClassifierDefinition.IPv4_VALUE, IpProtoClassifierDefinition.TCP_VALUE, null, DNS_SERVER_PORT))
574 private static ClassifierInstance createDnsTcpIpv4ServerClient() {
575 return new ClassifierInstanceBuilder().setName(DNS_TCP_IPV4_SERVER_CLIENT_NAME)
576 .setClassifierDefinitionId(L4ClassifierDefinition.DEFINITION.getId())
578 createParams(EtherTypeClassifierDefinition.IPv4_VALUE, IpProtoClassifierDefinition.TCP_VALUE, DNS_SERVER_PORT, null))
582 private static ClassifierInstance createDnsTcpIpv6ClientServer() {
583 return new ClassifierInstanceBuilder().setName(DNS_TCP_IPV6_CLIENT_SERVER_NAME)
584 .setClassifierDefinitionId(L4ClassifierDefinition.DEFINITION.getId())
586 createParams(EtherTypeClassifierDefinition.IPv6_VALUE, IpProtoClassifierDefinition.TCP_VALUE, null, DNS_SERVER_PORT))
590 private static ClassifierInstance createDnsTcpIpv6ServerClient() {
591 return new ClassifierInstanceBuilder().setName(DNS_TCP_IPV6_SERVER_CLIENT_NAME)
592 .setClassifierDefinitionId(L4ClassifierDefinition.DEFINITION.getId())
594 createParams(EtherTypeClassifierDefinition.IPv6_VALUE, IpProtoClassifierDefinition.TCP_VALUE, DNS_SERVER_PORT, null))
598 // ###################### SSH TCP
599 private static ClassifierInstance createSshTcpIpv4ClientServer() {
600 return new ClassifierInstanceBuilder().setName(SSH_IPV4_CLIENT_TO_SERVER_NAME)
601 .setClassifierDefinitionId(L4ClassifierDefinition.DEFINITION.getId())
603 createParams(EtherTypeClassifierDefinition.IPv4_VALUE, IpProtoClassifierDefinition.TCP_VALUE, SSH_TCP_PORT, null))
607 private static ClassifierInstance createSshTcpIpv4ServerClient() {
608 return new ClassifierInstanceBuilder().setName(SSH_IPV4_SERVER_TO_CLIENT_NAME)
609 .setClassifierDefinitionId(L4ClassifierDefinition.DEFINITION.getId())
611 createParams(EtherTypeClassifierDefinition.IPv4_VALUE, IpProtoClassifierDefinition.TCP_VALUE, null, SSH_TCP_PORT))
615 private static ClassifierInstance createSshTcpIpv6ClientServer() {
616 return new ClassifierInstanceBuilder().setName(SSH_IPV6_CLIENT_TO_SERVER_NAME)
617 .setClassifierDefinitionId(L4ClassifierDefinition.DEFINITION.getId())
619 createParams(EtherTypeClassifierDefinition.IPv6_VALUE, IpProtoClassifierDefinition.TCP_VALUE, SSH_TCP_PORT, null))
623 private static ClassifierInstance createSshTcpIpv6ServerClient() {
624 return new ClassifierInstanceBuilder().setName(SSH_IPV6_SERVER_TO_CLIENT_NAME)
625 .setClassifierDefinitionId(L4ClassifierDefinition.DEFINITION.getId())
627 createParams(EtherTypeClassifierDefinition.IPv6_VALUE, IpProtoClassifierDefinition.TCP_VALUE, null, SSH_TCP_PORT))
631 // ###################### ICMP
632 private static ClassifierInstance createIcmpIpv4() {
633 return new ClassifierInstanceBuilder().setName(ICMP_IPV4_BETWEEN_SERVER_CLIENT_NAME)
634 .setClassifierDefinitionId(IpProtoClassifierDefinition.DEFINITION.getId())
635 .setParameterValue(createParams(EtherTypeClassifierDefinition.IPv4_VALUE, IpProtoClassifierDefinition.ICMP_VALUE, null, null))
639 private static ClassifierInstance createIcmpIpv6() {
640 return new ClassifierInstanceBuilder().setName(ICMP_IPV6_BETWEEN_SERVER_CLIENT_NAME)
641 .setClassifierDefinitionId(IpProtoClassifierDefinition.DEFINITION.getId())
642 .setParameterValue(createParams(EtherTypeClassifierDefinition.IPv6_VALUE, IpProtoClassifierDefinition.ICMP_VALUE, null, null))
646 // ###################### METADATA
647 private static ClassifierInstance createMetadataIpv4ClientServer(long dstPort) {
648 return new ClassifierInstanceBuilder().setName(METADATA_CLIENT_TO_SERVER_NAME)
649 .setClassifierDefinitionId(L4ClassifierDefinition.DEFINITION.getId())
651 createParams(EtherTypeClassifierDefinition.IPv4_VALUE, IpProtoClassifierDefinition.TCP_VALUE, null,
656 private static ClassifierInstance createMetadataIpv4ServerClient(long srcPort) {
657 return new ClassifierInstanceBuilder().setName(METADATA_SERVER_TO_CLIENT_NAME)
658 .setClassifierDefinitionId(L4ClassifierDefinition.DEFINITION.getId())
660 createParams(EtherTypeClassifierDefinition.IPv4_VALUE, IpProtoClassifierDefinition.TCP_VALUE,
665 private static List<ParameterValue> createParams(long etherType, long proto, @Nullable Long srcPort,
666 @Nullable Long dstPort) {
667 List<ParameterValue> params = new ArrayList<>();
668 if (srcPort != null) {
669 params.add(new ParameterValueBuilder().setName(new ParameterName(L4ClassifierDefinition.SRC_PORT_PARAM))
670 .setIntValue(srcPort)
673 if (dstPort != null) {
674 params.add(new ParameterValueBuilder().setName(new ParameterName(L4ClassifierDefinition.DST_PORT_PARAM))
675 .setIntValue(dstPort)
678 params.add(new ParameterValueBuilder().setName(new ParameterName(IpProtoClassifierDefinition.PROTO_PARAM))
681 params.add(new ParameterValueBuilder().setName(new ParameterName(EtherTypeClassifierDefinition.ETHERTYPE_PARAM))
682 .setIntValue(etherType)