2 * Copyright (c) 2014 Cisco Systems, Inc. and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
9 package org.opendaylight.groupbasedpolicy.neutron.mapper.infrastructure;
11 import java.util.ArrayList;
12 import java.util.HashSet;
13 import java.util.List;
16 import javax.annotation.Nullable;
18 import org.opendaylight.controller.md.sal.binding.api.WriteTransaction;
19 import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
20 import org.opendaylight.groupbasedpolicy.neutron.mapper.util.MappingUtils;
21 import org.opendaylight.groupbasedpolicy.neutron.mapper.util.Utils;
22 import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.sf.EtherTypeClassifier;
23 import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.sf.L4Classifier;
24 import org.opendaylight.groupbasedpolicy.sf.classifiers.EtherTypeClassifierDefinition;
25 import org.opendaylight.groupbasedpolicy.sf.classifiers.IpProtoClassifierDefinition;
26 import org.opendaylight.groupbasedpolicy.sf.classifiers.L4ClassifierDefinition;
27 import org.opendaylight.groupbasedpolicy.util.IidFactory;
28 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev100924.IpPrefix;
29 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ClassifierName;
30 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ClauseName;
31 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ContractId;
32 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.Description;
33 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.EndpointGroupId;
34 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.Name;
35 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ParameterName;
36 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.RuleName;
37 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.SelectorName;
38 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.SubjectName;
39 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.TenantId;
40 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.HasDirection.Direction;
41 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.classifier.refs.ClassifierRef;
42 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.classifier.refs.ClassifierRefBuilder;
43 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.endpoint.identification.constraints.EndpointIdentificationConstraintsBuilder;
44 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.endpoint.identification.constraints.endpoint.identification.constraints.L3EndpointIdentificationConstraints;
45 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.endpoint.identification.constraints.endpoint.identification.constraints.L3EndpointIdentificationConstraintsBuilder;
46 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.endpoint.identification.constraints.endpoint.identification.constraints.l3.endpoint.identification.constraints.PrefixConstraintBuilder;
47 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.subject.feature.instance.ParameterValue;
48 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.subject.feature.instance.ParameterValueBuilder;
49 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.Contract;
50 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.ContractBuilder;
51 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.EndpointGroup;
52 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.EndpointGroup.IntraGroupPolicy;
53 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.EndpointGroupBuilder;
54 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.Clause;
55 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.ClauseBuilder;
56 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.Subject;
57 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.SubjectBuilder;
58 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.clause.ConsumerMatchers;
59 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.clause.ConsumerMatchersBuilder;
60 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.clause.ProviderMatchers;
61 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.clause.ProviderMatchersBuilder;
62 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.subject.Rule;
63 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.subject.RuleBuilder;
64 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.endpoint.group.ConsumerNamedSelector;
65 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.endpoint.group.ConsumerNamedSelectorBuilder;
66 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.endpoint.group.ProviderNamedSelector;
67 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.endpoint.group.ProviderNamedSelectorBuilder;
68 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.subject.feature.instances.ClassifierInstance;
69 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.subject.feature.instances.ClassifierInstanceBuilder;
71 import com.google.common.collect.ImmutableList;
73 public class NetworkService {
76 * Unit tests {@link NetworkServiceTest}
79 private static final long DHCP_IPV4_SERVER_PORT = 67;
80 private static final long DHCP_IPV4_CLIENT_PORT = 68;
81 private static final long DHCP_IPV6_SERVER_PORT = 547;
82 private static final long DHCP_IPV6_CLIENT_PORT = 546;
83 private static final ClassifierName DHCP_IPV4_CLIENT_SERVER_NAME =
84 new ClassifierName("DHCP_IPv4_FROM_CLIENT_TO_SERVER");
85 private static final ClassifierName DHCP_IPV4_SERVER_CLIENT_NAME =
86 new ClassifierName("DHCP_IPv4_FROM_SERVER_TO_CLIENT");
87 private static final ClassifierName DHCP_IPV6_CLIENT_SERVER_NAME =
88 new ClassifierName("DHCP_IPv6_FROM_CLIENT_TO_SERVER");
89 private static final ClassifierName DHCP_IPV6_SERVER_CLIENT_NAME =
90 new ClassifierName("DHCP_IPv6_FROM_SERVER_TO_CLIENT");
91 private static final SubjectName DHCP_SUBJECT_NAME = new SubjectName("ALLOW_DHCP");
92 private static final Description DHCP_CONTRACT_DESC =
93 new Description("Allow DHCP communication between client and server.");
96 * Id of {@link #DHCP_CONTRACT}
98 public static final ContractId DHCP_CONTRACT_ID = new ContractId("11118d2e-dddd-11e5-885d-feff819cdc9f");
100 * Contains rules with action {@link MappingUtils#ACTION_REF_ALLOW} matching DHCP communication
101 * between Client and Server.
103 public static final Contract DHCP_CONTRACT;
105 * {@link ConsumerNamedSelector} pointing to {@link #DHCP_CONTRACT}
107 public static final ConsumerNamedSelector DHCP_CONTRACT_CONSUMER_SELECTOR;
110 private static final long DNS_SERVER_PORT = 53;
111 private static final ClassifierName DNS_UDP_IPV4_CLIENT_SERVER_NAME =
112 new ClassifierName("DNS_UDP_IPv4_FROM_CLIENT_TO_SERVER");
113 private static final ClassifierName DNS_UDP_IPV4_SERVER_CLIENT_NAME =
114 new ClassifierName("DNS_UDP_IPv4_FROM_SERVER_TO_CLIENT");
115 private static final ClassifierName DNS_UDP_IPV6_CLIENT_SERVER_NAME =
116 new ClassifierName("DNS_UDP_IPv6_FROM_CLIENT_TO_SERVER");
117 private static final ClassifierName DNS_UDP_IPV6_SERVER_CLIENT_NAME =
118 new ClassifierName("DNS_UDP_IPv6_FROM_SERVER_TO_CLIENT");
119 private static final ClassifierName DNS_TCP_IPV4_CLIENT_SERVER_NAME =
120 new ClassifierName("DNS_TCP_IPv4_FROM_CLIENT_TO_SERVER");
121 private static final ClassifierName DNS_TCP_IPV4_SERVER_CLIENT_NAME =
122 new ClassifierName("DNS_TCP_IPv4_FROM_SERVER_TO_CLIENT");
123 private static final ClassifierName DNS_TCP_IPV6_CLIENT_SERVER_NAME =
124 new ClassifierName("DNS_TCP_IPv6_FROM_CLIENT_TO_SERVER");
125 private static final ClassifierName DNS_TCP_IPV6_SERVER_CLIENT_NAME =
126 new ClassifierName("DNS_TCP_IPv6_FROM_SERVER_TO_CLIENT");
127 private static final SubjectName DNS_SUBJECT_NAME = new SubjectName("ALLOW_DNS");
128 private static final Description DNS_CONTRACT_DESC =
129 new Description("Allow DNS communication between client and server.");
131 * ID of {@link #DNS_CONTRACT}
133 public static final ContractId DNS_CONTRACT_ID = new ContractId("22218d2e-dddd-11e5-885d-feff819cdc9f");
135 * Contains rules with action {@link MappingUtils#ACTION_REF_ALLOW} matching DNS communication
136 * between Client and Server.
138 public static final Contract DNS_CONTRACT;
140 * {@link ConsumerNamedSelector} pointing to {@link #DNS_CONTRACT}
142 public static final ConsumerNamedSelector DNS_CONTRACT_CONSUMER_SELECTOR;
144 // ########### SSH and ICMP management
145 private static final long SSH_TCP_PORT = 22;
146 private static final ClassifierName SSH_IPV4_SERVER_TO_CLIENT_NAME =
147 new ClassifierName("SSH_IPV4_FROM_SERVER_TO_CLIENT");
148 private static final ClassifierName SSH_IPV6_SERVER_TO_CLIENT_NAME =
149 new ClassifierName("SSH_IPV6_FROM_SERVER_TO_CLIENT");
150 private static final ClassifierName SSH_IPV4_CLIENT_TO_SERVER_NAME =
151 new ClassifierName("SSH_IPV4_FROM_CLIENT_TO_SERVER");
152 private static final ClassifierName SSH_IPV6_CLIENT_TO_SERVER_NAME =
153 new ClassifierName("SSH_IPV6_FROM_CLIENT_TO_SERVER");
154 private static final ClassifierName ICMP_IPV4_BETWEEN_SERVER_CLIENT_NAME =
155 new ClassifierName("ICMP_IPV4_BETWEEN_SERVER_CLIENT");
156 private static final ClassifierName ICMP_IPV6_BETWEEN_SERVER_CLIENT_NAME =
157 new ClassifierName("ICMP_IPV6_BETWEEN_SERVER_CLIENT");
158 private static final SubjectName MGMT_SUBJECT_NAME = new SubjectName("ALLOW_MGMT");
159 private static final Description MGMT_CONTRACT_DESC =
160 new Description("Allow ICMP and SSH management communication between server and client.");
163 * Id of {@link #MGMT_CONTRACT}
165 public static final ContractId MGMT_CONTRACT_ID = new ContractId("33318d2e-dddd-11e5-885d-feff819cdc9f");
167 * Contains rules with action {@link MappingUtils#ACTION_REF_ALLOW} matching ICMP and SSH
169 * between Client and Server.
171 public static final Contract MGMT_CONTRACT;
173 * {@link ConsumerNamedSelector} pointing to {@link #MGMT_CONTRACT}
175 public static final ConsumerNamedSelector MGMT_CONTRACT_CONSUMER_SELECTOR;
177 // ########### NETWORK-SERVICE ENDPOINT-GROUP
178 private static final Name NETWORK_SERVICE_EPG_NAME = new Name("NETWORK_SERVICE");
179 private static final Description NETWORK_SERVICE_EPG_DESC = new Description("Represents DHCP and DNS servers.");
183 public static final EndpointGroupId EPG_ID = new EndpointGroupId("ddd6cfe6-dfe5-11e4-8a00-1681e6b88ec1");
185 * Network-service endpoint-group providing {@link #DHCP_CONTRACT} and {@link #DNS_CONTRACT}
187 public static final EndpointGroup EPG;
190 DHCP_CONTRACT = createContractDhcp();
191 DHCP_CONTRACT_CONSUMER_SELECTOR = createConsumerSelector(DHCP_CONTRACT);
192 DNS_CONTRACT = createContractDns();
193 DNS_CONTRACT_CONSUMER_SELECTOR = createConsumerSelector(DNS_CONTRACT);
194 MGMT_CONTRACT = createContractMgmt();
195 MGMT_CONTRACT_CONSUMER_SELECTOR = createConsumerSelector(MGMT_CONTRACT);
196 EPG = createNetworkServiceEpg();
199 private static EndpointGroup createNetworkServiceEpg() {
200 ProviderNamedSelector dhcpProviderSelector = createProviderSelector(DHCP_CONTRACT);
201 ProviderNamedSelector dnsProviderSelector = createProviderSelector(DNS_CONTRACT);
202 ProviderNamedSelector mgmtProviderSelector = createProviderSelector(MGMT_CONTRACT);
203 return new EndpointGroupBuilder().setId(EPG_ID)
204 .setName(NETWORK_SERVICE_EPG_NAME)
205 .setProviderNamedSelector(ImmutableList.of(dhcpProviderSelector, dnsProviderSelector, mgmtProviderSelector))
206 .setIntraGroupPolicy(IntraGroupPolicy.RequireContract)
207 .setDescription(NETWORK_SERVICE_EPG_DESC)
211 private static ProviderNamedSelector createProviderSelector(Contract contract) {
212 SelectorName selectorName = new SelectorName(contract.getSubject().get(0).getName().getValue());
213 return new ProviderNamedSelectorBuilder().setName(selectorName)
214 .setContract(ImmutableList.of(contract.getId()))
218 private static ConsumerNamedSelector createConsumerSelector(Contract contract) {
219 SelectorName selectorName = new SelectorName(contract.getSubject().get(0).getName().getValue());
220 return new ConsumerNamedSelectorBuilder().setName(selectorName)
221 .setContract(ImmutableList.of(contract.getId()))
225 private static Contract createContractDhcp() {
226 Rule clientServerIpv4Rule = createRuleAllow(DHCP_IPV4_CLIENT_SERVER_NAME, Direction.In);
227 Rule serverClientIpv4Rule = createRuleAllow(DHCP_IPV4_SERVER_CLIENT_NAME, Direction.Out);
228 Rule clientServerIpv6Rule = createRuleAllow(DHCP_IPV6_CLIENT_SERVER_NAME, Direction.In);
229 Rule serverClientIpv6Rule = createRuleAllow(DHCP_IPV6_SERVER_CLIENT_NAME, Direction.Out);
230 Subject subject = new SubjectBuilder().setName(DHCP_SUBJECT_NAME)
232 .setRule(ImmutableList.of(clientServerIpv4Rule, serverClientIpv4Rule, clientServerIpv6Rule,
233 serverClientIpv6Rule))
235 return new ContractBuilder().setId(DHCP_CONTRACT_ID)
236 .setSubject(ImmutableList.of(subject))
237 .setDescription(DHCP_CONTRACT_DESC)
241 private static Contract createContractDns() {
242 Rule clientServerUdpIpv4Rule = createRuleAllow(DNS_UDP_IPV4_CLIENT_SERVER_NAME, Direction.In);
243 Rule serverClientUdpIpv4Rule = createRuleAllow(DNS_UDP_IPV4_SERVER_CLIENT_NAME, Direction.Out);
244 Rule clientServerUdpIpv6Rule = createRuleAllow(DNS_UDP_IPV6_CLIENT_SERVER_NAME, Direction.In);
245 Rule serverClientUdpIpv6Rule = createRuleAllow(DNS_UDP_IPV6_SERVER_CLIENT_NAME, Direction.Out);
246 Rule clientServerTcpIpv4Rule = createRuleAllow(DNS_TCP_IPV4_CLIENT_SERVER_NAME, Direction.In);
247 Rule serverClientTcpIpv4Rule = createRuleAllow(DNS_TCP_IPV4_SERVER_CLIENT_NAME, Direction.Out);
248 Rule clientServerTcpIpv6Rule = createRuleAllow(DNS_TCP_IPV6_CLIENT_SERVER_NAME, Direction.In);
249 Rule serverClientTcpIpv6Rule = createRuleAllow(DNS_TCP_IPV6_SERVER_CLIENT_NAME, Direction.Out);
250 Subject subject = new SubjectBuilder().setName(DNS_SUBJECT_NAME)
252 .setRule(ImmutableList.of(clientServerUdpIpv4Rule, serverClientUdpIpv4Rule, clientServerUdpIpv6Rule,
253 serverClientUdpIpv6Rule, clientServerTcpIpv4Rule, serverClientTcpIpv4Rule, clientServerTcpIpv6Rule,
254 serverClientTcpIpv6Rule))
256 return new ContractBuilder().setId(DNS_CONTRACT_ID)
257 .setSubject(ImmutableList.of(subject))
258 .setDescription(DNS_CONTRACT_DESC)
262 private static Contract createContractMgmt() {
263 Rule serverClientSshIpv4Rule = createRuleAllow(SSH_IPV4_SERVER_TO_CLIENT_NAME, Direction.Out);
264 Rule serverClientSshIpv6Rule = createRuleAllow(SSH_IPV6_SERVER_TO_CLIENT_NAME, Direction.Out);
265 Rule clientServerSshIpv4Rule = createRuleAllow(SSH_IPV4_CLIENT_TO_SERVER_NAME, Direction.In);
266 Rule clientServerSshIpv6Rule = createRuleAllow(SSH_IPV6_CLIENT_TO_SERVER_NAME, Direction.In);
267 Rule serverClientIcmpIpv4Rule = createRuleAllow(ICMP_IPV4_BETWEEN_SERVER_CLIENT_NAME, Direction.Out);
268 Rule serverClientIcmpIpv6Rule = createRuleAllow(ICMP_IPV6_BETWEEN_SERVER_CLIENT_NAME, Direction.Out);
269 Rule clientServerIcmpIpv4Rule = createRuleAllow(ICMP_IPV4_BETWEEN_SERVER_CLIENT_NAME, Direction.In);
270 Rule clientServerIcmpIpv6Rule = createRuleAllow(ICMP_IPV6_BETWEEN_SERVER_CLIENT_NAME, Direction.In);
272 Subject subject = new SubjectBuilder().setName(MGMT_SUBJECT_NAME)
274 .setRule(ImmutableList.of(serverClientSshIpv4Rule, serverClientSshIpv6Rule, clientServerSshIpv4Rule,
275 clientServerSshIpv6Rule, clientServerIcmpIpv4Rule, clientServerIcmpIpv6Rule,
276 serverClientIcmpIpv4Rule, serverClientIcmpIpv6Rule))
278 return new ContractBuilder().setId(MGMT_CONTRACT_ID)
279 .setSubject(ImmutableList.of(subject))
280 .setDescription(MGMT_CONTRACT_DESC)
284 private static Rule createRuleAllow(ClassifierName classifierName, Direction direction) {
285 ClassifierName name =
286 new ClassifierName(direction.name() + MappingUtils.NAME_DOUBLE_DELIMETER + classifierName.getValue());
287 ClassifierRef classifierRef = new ClassifierRefBuilder().setName(name)
288 .setInstanceName(classifierName)
289 .setDirection(direction)
291 return new RuleBuilder().setName(new RuleName(name))
292 .setActionRef(MappingUtils.ACTION_REF_ALLOW)
293 .setClassifierRef(ImmutableList.of(classifierRef))
298 * puts clause with {@link L3EndpointIdentificationConstraints} in {@link ConsumerMatchers}
299 * and {@link ProviderMatchers}. This clause points to subject in {@link #DHCP_CONTRACT}.
301 * @param tenantId location of {@link #DHCP_CONTRACT}
302 * @param ipPrefix used in {@link L3EndpointIdentificationConstraints}
303 * @param wTx transaction where entities are written
305 public static void writeDhcpClauseWithConsProvEic(TenantId tenantId, @Nullable IpPrefix ipPrefix,
306 WriteTransaction wTx) {
307 Clause clause = createClauseWithConsProvEic(ipPrefix, DHCP_SUBJECT_NAME);
308 wTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.clauseIid(tenantId, DHCP_CONTRACT_ID, clause.getName()),
313 * puts clause with {@link L3EndpointIdentificationConstraints} in {@link ConsumerMatchers}
314 * and {@link ProviderMatchers}. This clause points to subject in {@link #DNS_CONTRACT}.
316 * @param tenantId location of {@link #DNS_CONTRACT}
317 * @param ipPrefix used in {@link L3EndpointIdentificationConstraints}
318 * @param wTx transaction where entities are written
320 public static void writeDnsClauseWithConsProvEic(TenantId tenantId, @Nullable IpPrefix ipPrefix,
321 WriteTransaction wTx) {
322 Clause clause = createClauseWithConsProvEic(ipPrefix, DNS_SUBJECT_NAME);
323 wTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.clauseIid(tenantId, DNS_CONTRACT_ID, clause.getName()),
328 * puts clause with {@link L3EndpointIdentificationConstraints} in {@link ConsumerMatchers}
329 * and {@link ProviderMatchers}. This clause points to subject in {@link #MGMT_CONTRACT}.
331 * @param tenantId location of {@link #MGMT_CONTRACT}
332 * @param ipPrefix used in {@link L3EndpointIdentificationConstraints}
333 * @param wTx transaction where entities are written
335 public static void writeMgmtClauseWithConsProvEic(TenantId tenantId, @Nullable IpPrefix ipPrefix,
336 WriteTransaction wTx) {
337 Clause clause = createClauseWithConsProvEic(ipPrefix, MGMT_SUBJECT_NAME);
338 wTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.clauseIid(tenantId, MGMT_CONTRACT_ID, clause.getName()),
342 private static Clause createClauseWithConsProvEic(@Nullable IpPrefix ipPrefix, SubjectName subjectName) {
343 ConsumerMatchers consumerMatchers = null;
344 ProviderMatchers providerMatchers = null;
345 StringBuilder clauseName = new StringBuilder();
346 clauseName.append(subjectName.getValue());
347 if (ipPrefix != null) {
348 clauseName.append(MappingUtils.NAME_DOUBLE_DELIMETER).append(Utils.getStringIpPrefix(ipPrefix));
350 new ConsumerMatchersBuilder()
351 .setEndpointIdentificationConstraints(new EndpointIdentificationConstraintsBuilder()
352 .setL3EndpointIdentificationConstraints(new L3EndpointIdentificationConstraintsBuilder()
353 .setPrefixConstraint(
354 ImmutableList.of(new PrefixConstraintBuilder().setIpPrefix(ipPrefix).build()))
359 new ProviderMatchersBuilder()
360 .setEndpointIdentificationConstraints(new EndpointIdentificationConstraintsBuilder()
361 .setL3EndpointIdentificationConstraints(new L3EndpointIdentificationConstraintsBuilder()
362 .setPrefixConstraint(
363 ImmutableList.of(new PrefixConstraintBuilder().setIpPrefix(ipPrefix).build()))
368 return new ClauseBuilder().setName(new ClauseName(clauseName.toString()))
369 .setSubjectRefs(ImmutableList.of(subjectName))
370 .setConsumerMatchers(consumerMatchers)
371 .setProviderMatchers(providerMatchers)
376 * Puts network service entities (classifier-instances, {@link #DHCP_CONTRACT},
377 * {@link #DNS_CONTRACT}, {@link #MGMT_CONTRACT} and {@link #EPG}) to
378 * {@link LogicalDatastoreType#CONFIGURATION}
380 * @param tenantId location of network-service entities
381 * @param wTx transaction where network-service entities are written
383 public static void writeNetworkServiceEntitiesToTenant(TenantId tenantId, WriteTransaction wTx) {
384 Set<ClassifierInstance> classifierInstances = getAllClassifierInstances();
385 for (ClassifierInstance ci : classifierInstances) {
386 wTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.classifierInstanceIid(tenantId, ci.getName()), ci,
389 wTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.contractIid(tenantId, DHCP_CONTRACT_ID), DHCP_CONTRACT,
391 wTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.contractIid(tenantId, DNS_CONTRACT_ID), DNS_CONTRACT,
393 wTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.contractIid(tenantId, MGMT_CONTRACT_ID), MGMT_CONTRACT,
395 wTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.endpointGroupIid(tenantId, EPG_ID), EPG, true);
399 * @return All classifier-instances used in {@link #DHCP_CONTRACT}, {@link #DNS_CONTRACT} and
400 * {@link #MGMT_CONTRACT}
402 public static Set<ClassifierInstance> getAllClassifierInstances() {
403 HashSet<ClassifierInstance> cis = new HashSet<>();
404 cis.add(createDhcpIpv4ClientServer());
405 cis.add(createDhcpIpv4ServerClient());
406 cis.add(createDhcpIpv6ClientServer());
407 cis.add(createDhcpIpv6ServerClient());
408 cis.add(createDnsUdpIpv4ClientServer());
409 cis.add(createDnsUdpIpv4ServerClient());
410 cis.add(createDnsUdpIpv6ClientServer());
411 cis.add(createDnsUdpIpv6ServerClient());
412 cis.add(createDnsTcpIpv4ClientServer());
413 cis.add(createDnsTcpIpv4ServerClient());
414 cis.add(createDnsTcpIpv6ClientServer());
415 cis.add(createDnsTcpIpv6ServerClient());
417 cis.add(createSshTcpIpv4ServerClient());
418 cis.add(createSshTcpIpv6ServerClient());
419 cis.add(createSshTcpIpv4ClientServer());
420 cis.add(createSshTcpIpv6ClientServer());
421 cis.add(createIcmpIpv4());
422 cis.add(createIcmpIpv6());
427 // ###################### DHCP
428 private static ClassifierInstance createDhcpIpv4ClientServer() {
429 return new ClassifierInstanceBuilder().setName(DHCP_IPV4_CLIENT_SERVER_NAME)
430 .setClassifierDefinitionId(L4ClassifierDefinition.DEFINITION.getId())
431 .setParameterValue(createParams(EtherTypeClassifierDefinition.IPv4_VALUE, IpProtoClassifierDefinition.UDP_VALUE,
432 DHCP_IPV4_CLIENT_PORT, DHCP_IPV4_SERVER_PORT))
436 private static ClassifierInstance createDhcpIpv4ServerClient() {
437 return new ClassifierInstanceBuilder().setName(DHCP_IPV4_SERVER_CLIENT_NAME)
438 .setClassifierDefinitionId(L4ClassifierDefinition.DEFINITION.getId())
439 .setParameterValue(createParams(EtherTypeClassifierDefinition.IPv4_VALUE, IpProtoClassifierDefinition.UDP_VALUE,
440 DHCP_IPV4_SERVER_PORT, DHCP_IPV4_CLIENT_PORT))
444 private static ClassifierInstance createDhcpIpv6ClientServer() {
445 return new ClassifierInstanceBuilder().setName(DHCP_IPV6_CLIENT_SERVER_NAME)
446 .setClassifierDefinitionId(L4ClassifierDefinition.DEFINITION.getId())
447 .setParameterValue(createParams(EtherTypeClassifierDefinition.IPv6_VALUE, IpProtoClassifierDefinition.UDP_VALUE,
448 DHCP_IPV6_CLIENT_PORT, DHCP_IPV6_SERVER_PORT))
452 private static ClassifierInstance createDhcpIpv6ServerClient() {
453 return new ClassifierInstanceBuilder().setName(DHCP_IPV6_SERVER_CLIENT_NAME)
454 .setClassifierDefinitionId(L4ClassifierDefinition.DEFINITION.getId())
455 .setParameterValue(createParams(EtherTypeClassifierDefinition.IPv6_VALUE, IpProtoClassifierDefinition.UDP_VALUE,
456 DHCP_IPV6_SERVER_PORT, DHCP_IPV6_CLIENT_PORT))
460 // ###################### DNS UDP
461 private static ClassifierInstance createDnsUdpIpv4ClientServer() {
462 return new ClassifierInstanceBuilder().setName(DNS_UDP_IPV4_CLIENT_SERVER_NAME)
463 .setClassifierDefinitionId(L4ClassifierDefinition.DEFINITION.getId())
465 createParams(EtherTypeClassifierDefinition.IPv4_VALUE, IpProtoClassifierDefinition.UDP_VALUE, null, DNS_SERVER_PORT))
469 private static ClassifierInstance createDnsUdpIpv4ServerClient() {
470 return new ClassifierInstanceBuilder().setName(DNS_UDP_IPV4_SERVER_CLIENT_NAME)
471 .setClassifierDefinitionId(L4ClassifierDefinition.DEFINITION.getId())
473 createParams(EtherTypeClassifierDefinition.IPv4_VALUE, IpProtoClassifierDefinition.UDP_VALUE, DNS_SERVER_PORT, null))
477 private static ClassifierInstance createDnsUdpIpv6ClientServer() {
478 return new ClassifierInstanceBuilder().setName(DNS_UDP_IPV6_CLIENT_SERVER_NAME)
479 .setClassifierDefinitionId(L4ClassifierDefinition.DEFINITION.getId())
481 createParams(EtherTypeClassifierDefinition.IPv6_VALUE, IpProtoClassifierDefinition.UDP_VALUE, null, DNS_SERVER_PORT))
485 private static ClassifierInstance createDnsUdpIpv6ServerClient() {
486 return new ClassifierInstanceBuilder().setName(DNS_UDP_IPV6_SERVER_CLIENT_NAME)
487 .setClassifierDefinitionId(L4ClassifierDefinition.DEFINITION.getId())
489 createParams(EtherTypeClassifierDefinition.IPv6_VALUE, IpProtoClassifierDefinition.UDP_VALUE, DNS_SERVER_PORT, null))
493 // ###################### DNS TCP
494 private static ClassifierInstance createDnsTcpIpv4ClientServer() {
495 return new ClassifierInstanceBuilder().setName(DNS_TCP_IPV4_CLIENT_SERVER_NAME)
496 .setClassifierDefinitionId(L4ClassifierDefinition.DEFINITION.getId())
498 createParams(EtherTypeClassifierDefinition.IPv4_VALUE, IpProtoClassifierDefinition.TCP_VALUE, null, DNS_SERVER_PORT))
502 private static ClassifierInstance createDnsTcpIpv4ServerClient() {
503 return new ClassifierInstanceBuilder().setName(DNS_TCP_IPV4_SERVER_CLIENT_NAME)
504 .setClassifierDefinitionId(L4ClassifierDefinition.DEFINITION.getId())
506 createParams(EtherTypeClassifierDefinition.IPv4_VALUE, IpProtoClassifierDefinition.TCP_VALUE, DNS_SERVER_PORT, null))
510 private static ClassifierInstance createDnsTcpIpv6ClientServer() {
511 return new ClassifierInstanceBuilder().setName(DNS_TCP_IPV6_CLIENT_SERVER_NAME)
512 .setClassifierDefinitionId(L4ClassifierDefinition.DEFINITION.getId())
514 createParams(EtherTypeClassifierDefinition.IPv6_VALUE, IpProtoClassifierDefinition.TCP_VALUE, null, DNS_SERVER_PORT))
518 private static ClassifierInstance createDnsTcpIpv6ServerClient() {
519 return new ClassifierInstanceBuilder().setName(DNS_TCP_IPV6_SERVER_CLIENT_NAME)
520 .setClassifierDefinitionId(L4ClassifierDefinition.DEFINITION.getId())
522 createParams(EtherTypeClassifierDefinition.IPv6_VALUE, IpProtoClassifierDefinition.TCP_VALUE, DNS_SERVER_PORT, null))
526 // ###################### SSH TCP
527 private static ClassifierInstance createSshTcpIpv4ClientServer() {
528 return new ClassifierInstanceBuilder().setName(SSH_IPV4_CLIENT_TO_SERVER_NAME)
529 .setClassifierDefinitionId(L4ClassifierDefinition.DEFINITION.getId())
531 createParams(EtherTypeClassifierDefinition.IPv4_VALUE, IpProtoClassifierDefinition.TCP_VALUE, SSH_TCP_PORT, null))
535 private static ClassifierInstance createSshTcpIpv4ServerClient() {
536 return new ClassifierInstanceBuilder().setName(SSH_IPV4_SERVER_TO_CLIENT_NAME)
537 .setClassifierDefinitionId(L4ClassifierDefinition.DEFINITION.getId())
539 createParams(EtherTypeClassifierDefinition.IPv4_VALUE, IpProtoClassifierDefinition.TCP_VALUE, null, SSH_TCP_PORT))
543 private static ClassifierInstance createSshTcpIpv6ClientServer() {
544 return new ClassifierInstanceBuilder().setName(SSH_IPV6_CLIENT_TO_SERVER_NAME)
545 .setClassifierDefinitionId(L4ClassifierDefinition.DEFINITION.getId())
547 createParams(EtherTypeClassifierDefinition.IPv6_VALUE, IpProtoClassifierDefinition.TCP_VALUE, SSH_TCP_PORT, null))
551 private static ClassifierInstance createSshTcpIpv6ServerClient() {
552 return new ClassifierInstanceBuilder().setName(SSH_IPV6_SERVER_TO_CLIENT_NAME)
553 .setClassifierDefinitionId(L4ClassifierDefinition.DEFINITION.getId())
555 createParams(EtherTypeClassifierDefinition.IPv6_VALUE, IpProtoClassifierDefinition.TCP_VALUE, null, SSH_TCP_PORT))
559 // ###################### ICMP
560 private static ClassifierInstance createIcmpIpv4() {
561 return new ClassifierInstanceBuilder().setName(ICMP_IPV4_BETWEEN_SERVER_CLIENT_NAME)
562 .setClassifierDefinitionId(IpProtoClassifierDefinition.DEFINITION.getId())
563 .setParameterValue(createParams(EtherTypeClassifierDefinition.IPv4_VALUE, IpProtoClassifierDefinition.ICMP_VALUE, null, null))
567 private static ClassifierInstance createIcmpIpv6() {
568 return new ClassifierInstanceBuilder().setName(ICMP_IPV6_BETWEEN_SERVER_CLIENT_NAME)
569 .setClassifierDefinitionId(IpProtoClassifierDefinition.DEFINITION.getId())
570 .setParameterValue(createParams(EtherTypeClassifierDefinition.IPv6_VALUE, IpProtoClassifierDefinition.ICMP_VALUE, null, null))
574 private static List<ParameterValue> createParams(long etherType, long proto, @Nullable Long srcPort,
575 @Nullable Long dstPort) {
576 List<ParameterValue> params = new ArrayList<>();
577 if (srcPort != null) {
578 params.add(new ParameterValueBuilder().setName(new ParameterName(L4ClassifierDefinition.SRC_PORT_PARAM))
579 .setIntValue(srcPort)
582 if (dstPort != null) {
583 params.add(new ParameterValueBuilder().setName(new ParameterName(L4ClassifierDefinition.DST_PORT_PARAM))
584 .setIntValue(dstPort)
587 params.add(new ParameterValueBuilder().setName(new ParameterName(IpProtoClassifierDefinition.PROTO_PARAM))
590 params.add(new ParameterValueBuilder().setName(new ParameterName(EtherTypeClassifierDefinition.ETHERTYPE_PARAM))
591 .setIntValue(etherType)
Code Review / groupbasedpolicy.git / blob