Code Review / groupbasedpolicy.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
Support new actions in new ovs nsh patches
[groupbasedpolicy.git] / renderers / ofoverlay / src / main / java / org / opendaylight / groupbasedpolicy / renderer / ofoverlay / flow / ChainActionFlows.java
1 /*
2  * Copyright (c) 2014 Cisco Systems, Inc. and others. All rights reserved.
3  *
4  * This program and the accompanying materials are made available under the
5  * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6  * and is available at http://www.eclipse.org/legal/epl-v10.html
7  */
8
9 package org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow;
10
11 import static org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.addNxNsiMatch;
12 import static org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.addNxNspMatch;
13 import static org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.addNxRegMatch;
14 import static org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.addNxTunIdMatch;
15 import static org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.addNxTunIpv4DstMatch;
16 import static org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.applyActionIns;
17 import static org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.gotoTableIns;
18 import static org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.instructions;
19 import static org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.nxLoadNshc1RegAction;
20 import static org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.nxLoadNshc2RegAction;
21 import static org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.nxLoadRegAction;
22 import static org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.nxLoadTunGpeNpAction;
23 import static org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.nxLoadTunIPv4Action;
24 import static org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.nxLoadTunIdAction;
25 import static org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.nxOutputRegAction;
26 import static org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.outputAction;
27 import static org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.nxPopNshAction;
28
29 import java.math.BigInteger;
30 import java.util.ArrayList;
31 import java.util.List;
32
33 import org.apache.commons.lang3.StringUtils;
34 import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.OfContext;
35 import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.OfWriter;
36 import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.PolicyManager;
37 import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.RegMatch;
38 import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.OrdinalFactory.EndpointFwdCtxOrdinals;
39 import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.mapper.policyenforcer.NetworkElements;
40 import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.node.SwitchManager;
41 import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.sf.ChainAction;
42 import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.sfcutils.SfcNshHeader;
43 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IpAddress;
44 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Ipv4Address;
45 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Ipv4Prefix;
46 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Ipv6Prefix;
47 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.inventory.rev130819.FlowId;
48 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.inventory.rev130819.tables.table.Flow;
49 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.inventory.rev130819.tables.table.FlowBuilder;
50 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.types.rev131026.flow.Match;
51 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.types.rev131026.flow.MatchBuilder;
52 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.types.rev131026.instruction.instruction.go.to.table._case.GoToTable;
53 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.endpoint.rev140421.endpoint.fields.L3Address;
54 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.HasDirection.Direction;
55 import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.NodeConnectorId;
56 import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.NodeId;
57 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.Layer3Match;
58 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.layer._3.match.Ipv4MatchBuilder;
59 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.layer._3.match.Ipv6MatchBuilder;
60 import org.opendaylight.yang.gen.v1.urn.opendaylight.openflowjava.nx.match.rev140421.NxmNxReg0;
61 import org.opendaylight.yang.gen.v1.urn.opendaylight.openflowjava.nx.match.rev140421.NxmNxReg1;
62 import org.opendaylight.yang.gen.v1.urn.opendaylight.openflowjava.nx.match.rev140421.NxmNxReg4;
63 import org.opendaylight.yang.gen.v1.urn.opendaylight.openflowjava.nx.match.rev140421.NxmNxReg5;
64 import org.opendaylight.yang.gen.v1.urn.opendaylight.openflowjava.nx.match.rev140421.NxmNxReg6;
65 import org.opendaylight.yang.gen.v1.urn.opendaylight.openflowjava.nx.match.rev140421.NxmNxReg7;
66 import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.overlay.rev150105.TunnelTypeVxlanGpe;
67 import org.slf4j.Logger;
68 import org.slf4j.LoggerFactory;
69
70 import com.google.common.annotations.VisibleForTesting;
71
72 /**
73  * <h1>Creation of flows related to service chain</h1>
74  *
75  * These flows are built across most of gbp of tables and have higher priority than basic flows. It ensures, that
76  * packet redirected to chain will be sent to tunnel output
77  * <p>
78  *
79  * Flow that allows ALL traffic incoming from chain last hop
80  * <p>
81  * <i>Allow from chain flow</i><br>
82  * Table = 0<br>
83  * Priority = 1200<br>
84  * Matches:<br>
85  *      - Nshc1<br>
86  *      - Nsp<br>
87  *      - Nsi<br>
88  *      - in_port (tunnel port) {@link NodeConnectorId}<br>
89  * Actions:<br>
90  *      - {@link GoToTable} SOURCE MAPPER table
91  * <p>
92  * TODO: looks like duplicity, the same flow is created in policy enforcer
93  * <i>Allow from chain tunnel</i>
94  * Table = 4<br>
95  * Priority = 65000<br>
96  * Matches:<br>
97  *      - in_port (tunnel port) {@link NodeConnectorId}<br>
98  *      - Reg7 (fixed value 0xffffff) {@link NxmNxReg7}
99  * Actions:<br>
100  *      - {@link GoToTable} SOURCE MAPPER table
101  * <p>
102  * <i>Create external flow</i>
103  * Table = 6<br>
104  * Priority = 1000 (if dst node == src node, priority = 1500)<br>
105  * Matches:<br>
106  *      - Reg6 {@link NxmNxReg6}<br>
107  *      - tunnel ID<br>
108  *      - nsp<br>
109  *      - nsi<br>
110  *      - tun_dst (only if dst node == src node)<br>
111  * Actions:<br>
112  *      - set nshc1<br>
113  *      - set nshc2<br>
114  *      - load tunnel ID<br>
115  *      - load tunnel ipv4<br>
116  *      - output:(tunnel port)<br>
117  * <p>
118  * <i>Chain tunnel flow</i><br>
119  * Table = 2<br>
120  * Priority = 150<br>
121  * Matches:<br>
122  *      - in_port (tunnel port) {@link NodeConnectorId}<br>
123  *      - tunnel ID<br>
124  *      - nsp<br>
125  *      - nsi<br>
126  * Actions:<br>
127  *      - Reg0 {@link NxmNxReg0}<br>
128  *      - Reg1 {@link NxmNxReg1}<br>
129  *      - Reg4 {@link NxmNxReg4}<br>
130  *      - Reg5 {@link NxmNxReg5}<br>
131  *      - Reg6 {@link NxmNxReg6}<br>
132  *      - {@link GoToTable} DESTINATION MAPPER table<br>
133  * <p>
134  * <i>Chain broadcast flow</i><br>
135  * Table = 2<br>
136  * Priority = 150<br>
137  * Matches:<br>
138  *      - in_port (tunnel port) {@link NodeConnectorId}<br>
139  *      - tunnel ID<br>
140  *      - nsp<br>
141  *      - nsi<br>
142  * Actions:<br>
143  *      - load Reg5 {@link NxmNxReg5}<br>
144  *      - {@link GoToTable} DESTINATION MAPPER table<br>
145  */
146 public class ChainActionFlows {
147
148     private static final Logger LOG = LoggerFactory.getLogger(ChainAction.class);
149     private static final short TUN_GPE_NP_NSH = 0x4;
150
151     public ChainActionFlows() {
152
153     }
154
155     public static void createChainTunnelFlows(SfcNshHeader sfcNshHeader, NetworkElements netElements, OfWriter ofWriter,
156             OfContext ctx, Direction direction) {
157
158         NodeId localNodeId = netElements.getLocalNodeId();
159         EndpointFwdCtxOrdinals epOrdinals = netElements.getSrcEpOrdinals();
160
161         NodeConnectorId localNodeTunPort = ctx.getSwitchManager().getTunnelPort(localNodeId, TunnelTypeVxlanGpe.class);
162         Ipv4Address tunDestAddress = ctx.getSwitchManager()
163             .getTunnelIP(netElements.getDstNodeId(), TunnelTypeVxlanGpe.class)
164             .getIpv4Address();
165         if (localNodeTunPort == null) {
166             LOG.error("createChainTunnelFlows: No valid VXLAN GPE tunnel for Node {} ", localNodeId);
167             return;
168         }
169         if (direction.equals(Direction.In)) {
170             ofWriter.writeFlow(localNodeId, ctx.getPolicyManager().getTABLEID_PORTSECURITY(), allowFromChainPort(
171                     sfcNshHeader, localNodeTunPort, ctx.getPolicyManager().getTABLEID_PORTSECURITY(), ctx));
172
173             for (Flow flow : createChainTunnelFlow(sfcNshHeader, localNodeTunPort, netElements,
174                     ctx.getPolicyManager().getTABLEID_SOURCE_MAPPER(), ctx)) {
175                 ofWriter.writeFlow(localNodeId, ctx.getPolicyManager().getTABLEID_SOURCE_MAPPER(), flow);
176             }
177
178             ofWriter.writeFlow(localNodeId, ctx.getPolicyManager().getTABLEID_POLICY_ENFORCER(),
179                     allowFromChainTunnel(localNodeTunPort, ctx.getPolicyManager().getTABLEID_POLICY_ENFORCER()));
180
181             ofWriter.writeFlow(localNodeId, ctx.getPolicyManager().getTABLEID_SOURCE_MAPPER(),
182                     createChainBroadcastFlow(sfcNshHeader, localNodeTunPort, epOrdinals,
183                             ctx.getPolicyManager().getTABLEID_SOURCE_MAPPER(), ctx));
184         } else {
185             ofWriter.writeFlow(localNodeId, ctx.getPolicyManager().getTABLEID_EXTERNAL_MAPPER(),
186                     createExternalFlow(sfcNshHeader, localNodeTunPort, netElements, ctx.getPolicyManager(),
187                             ctx.getSwitchManager(), tunDestAddress));
188         }
189     }
190
191     private static Flow createChainBroadcastFlow(SfcNshHeader sfcNshHeader, NodeConnectorId tunPort,
192             EndpointFwdCtxOrdinals epFwdCtxOrds, short tableId, OfContext ctx) {
193
194         int fdId = epFwdCtxOrds.getFdId();
195
196         MatchBuilder mb = new MatchBuilder().setInPort(tunPort);
197
198         addNxNsiMatch(mb, sfcNshHeader.getNshNsiFromChain());
199         addNxNspMatch(mb, sfcNshHeader.getNshNspFromChain());
200         addNxTunIdMatch(mb, fdId);
201
202         org.opendaylight.yang.gen.v1.urn.opendaylight.action.types.rev131112.action.Action fdReg =
203                 nxLoadRegAction(NxmNxReg5.class, BigInteger.valueOf(fdId));
204
205         Match match = mb.build();
206         FlowId flowId = FlowIdUtils.newFlowId(tableId, "chainbroadcast", match);
207
208         FlowBuilder flowb = base(tableId).setId(flowId)
209             .setPriority(150)
210             .setMatch(match)
211             .setInstructions(instructions(applyActionIns(fdReg),
212                     gotoTableIns(ctx.getPolicyManager().getTABLEID_DESTINATION_MAPPER())));
213         return flowb.build();
214     }
215
216     private static Flow createExternalFlow(SfcNshHeader sfcNshHeader, NodeConnectorId tunPort, NetworkElements netElements,
217                                    PolicyManager policyManager, SwitchManager switchManager, Ipv4Address ipTunDest) {
218
219         short tableId = policyManager.getTABLEID_EXTERNAL_MAPPER();
220         org.opendaylight.yang.gen.v1.urn.opendaylight.action.types.rev131112.action.Action loadC1;
221         org.opendaylight.yang.gen.v1.urn.opendaylight.action.types.rev131112.action.Action outputAction;
222
223         Integer priority = 1000;
224         int matchTunnelId = netElements.getSrcEpOrdinals().getTunnelId();
225         long setTunnelId = netElements.getDstEpOrdinals().getTunnelId();
226         Long l3c = (long) netElements.getSrcEpOrdinals().getL3Id();
227         loadC1 = nxLoadNshc1RegAction(sfcNshHeader.getNshMetaC1());
228
229         // Test for if SFF is on same node
230         IpAddress ipAddress = switchManager.getTunnelIP(netElements.getLocalNodeId(), TunnelTypeVxlanGpe.class);
231
232         if (ipAddress != null && ipAddress.getIpv4Address().equals(sfcNshHeader.getNshTunIpDst())) {
233             Integer newPort = returnOfPortFromNodeConnector(tunPort);
234             outputAction = FlowUtils.createActionResubmit(newPort, policyManager.getTABLEID_SFC_EGRESS());
235         } else {
236             outputAction = outputAction(tunPort);
237         }
238
239         org.opendaylight.yang.gen.v1.urn.opendaylight.action.types.rev131112.action.Action loadC2 =
240                 nxLoadNshc2RegAction(setTunnelId);
241         org.opendaylight.yang.gen.v1.urn.opendaylight.action.types.rev131112.action.Action loadChainTunVnid =
242                 nxLoadTunIdAction(BigInteger.valueOf(setTunnelId), false);
243         org.opendaylight.yang.gen.v1.urn.opendaylight.action.types.rev131112.action.Action loadChainTunDest =
244                 nxLoadTunIPv4Action(sfcNshHeader.getNshTunIpDst().getValue(), false);
245         org.opendaylight.yang.gen.v1.urn.opendaylight.action.types.rev131112.action.Action loadTunGpeNp = nxLoadTunGpeNpAction(BigInteger.valueOf(TUN_GPE_NP_NSH), false);
246
247         MatchBuilder mb = new MatchBuilder();
248         addNxRegMatch(mb, RegMatch.of(NxmNxReg6.class, l3c));
249         addNxTunIdMatch(mb, matchTunnelId);
250         addNxNspMatch(mb, sfcNshHeader.getNshNspToChain());
251         addNxNsiMatch(mb, sfcNshHeader.getNshNsiToChain());
252         if (!netElements.getDstNodeId().equals(netElements.getSrcNodeId())) {
253             addNxTunIpv4DstMatch(mb, ipTunDest);
254             priority = 1500;
255         }
256
257         Match match = mb.build();
258         FlowId flowId = FlowIdUtils.newFlowId(tableId, "chainexternal", match);
259         FlowBuilder flowb =
260                 base(tableId).setId(flowId).setPriority(priority).setMatch(match).setInstructions(
261                         instructions(applyActionIns(loadC1, loadC2, loadChainTunDest, loadChainTunVnid, loadTunGpeNp, outputAction)));
262         return flowb.build();
263     }
264
265     private static List<Flow> createChainTunnelFlow(SfcNshHeader sfcNshHeader, NodeConnectorId tunPort,
266             NetworkElements netElements, short tableId, OfContext ctx) {
267
268         int egId = netElements.getDstEpOrdinals().getEpgId();
269         int bdId = netElements.getDstEpOrdinals().getBdId();
270         int fdId = netElements.getDstEpOrdinals().getFdId();
271         int l3Id = netElements.getDstEpOrdinals().getL3Id();
272         int tunnelId = netElements.getSrcEpOrdinals().getTunnelId();
273
274         org.opendaylight.yang.gen.v1.urn.opendaylight.action.types.rev131112.action.Action segReg =
275                 nxLoadRegAction(NxmNxReg0.class, BigInteger.valueOf(egId));
276         org.opendaylight.yang.gen.v1.urn.opendaylight.action.types.rev131112.action.Action scgReg =
277                 nxLoadRegAction(NxmNxReg1.class, BigInteger.valueOf(0xffffff));
278         org.opendaylight.yang.gen.v1.urn.opendaylight.action.types.rev131112.action.Action bdReg =
279                 nxLoadRegAction(NxmNxReg4.class, BigInteger.valueOf(bdId));
280         org.opendaylight.yang.gen.v1.urn.opendaylight.action.types.rev131112.action.Action fdReg =
281                 nxLoadRegAction(NxmNxReg5.class, BigInteger.valueOf(fdId));
282         org.opendaylight.yang.gen.v1.urn.opendaylight.action.types.rev131112.action.Action vrfReg =
283                 nxLoadRegAction(NxmNxReg6.class, BigInteger.valueOf(l3Id));
284
285         List<Flow> flows = new ArrayList<>();
286         for (L3Address address : netElements.getDstEp().getL3Address()) {
287             Layer3Match l3Match = null;
288             MatchBuilder mb = null;
289             if (address.getIpAddress() != null) {
290                 if (address.getIpAddress().getIpv4Address() != null) {
291                     l3Match = new Ipv4MatchBuilder()
292                         .setIpv4Source(new Ipv4Prefix(address.getIpAddress().getIpv4Address().getValue() + "/32"))
293                         .build();
294                     mb = new MatchBuilder().setInPort(tunPort)
295                         .setLayer3Match(l3Match)
296                         .setEthernetMatch(FlowUtils.ethernetMatch(null, null, FlowUtils.IPv4));
297                 } else if (address.getIpAddress().getIpv6Address() != null) {
298                     l3Match = new Ipv6MatchBuilder()
299                         .setIpv6Source(new Ipv6Prefix(address.getIpAddress().getIpv6Address().getValue() + "/128"))
300                         .build();
301                     mb = new MatchBuilder().setInPort(tunPort)
302                         .setLayer3Match(l3Match)
303                         .setEthernetMatch(FlowUtils.ethernetMatch(null, null, FlowUtils.IPv6));
304                 }
305             }
306
307             addNxTunIdMatch(mb, tunnelId);
308             addNxNspMatch(mb, sfcNshHeader.getNshNspFromChain());
309             addNxNsiMatch(mb, sfcNshHeader.getNshNsiFromChain());
310
311             Match match = mb.build();
312             FlowId flowId = FlowIdUtils.newFlowId(tableId, "chaintunnel", match);
313             FlowBuilder flowb = base(tableId).setId(flowId).setPriority(150).setMatch(match).setInstructions(
314                     instructions(applyActionIns(segReg, scgReg, bdReg, fdReg, vrfReg),
315                             gotoTableIns(ctx.getPolicyManager().getTABLEID_DESTINATION_MAPPER())));
316             flows.add(flowb.build());
317         }
318         return flows;
319     }
320
321     private static Flow allowFromChainPort(SfcNshHeader sfcNshHeader, NodeConnectorId port, short tableId,
322             OfContext ctx) {
323
324         // Matching on last NSP/NSI that SFF leaves on but with C1=0
325         MatchBuilder mb = new MatchBuilder();
326         FlowUtils.addNxNshc1RegMatch(mb, 0L);
327         FlowUtils.addNxNsiMatch(mb, sfcNshHeader.getNshNsiFromChain());
328         FlowUtils.addNxNspMatch(mb, sfcNshHeader.getNshNspFromChain());
329         Match match = mb.setInPort(port).build();
330
331         FlowId flowId = FlowIdUtils.newFlowId(tableId, "chainport", match);
332         FlowBuilder flowb =
333                 base(tableId).setId(flowId).setPriority(1200).setMatch(match).setInstructions(
334                         FlowUtils.gotoTableInstructions(ctx.getPolicyManager().getTABLEID_SOURCE_MAPPER()));
335         return flowb.build();
336     }
337
338     private static Flow allowFromChainTunnel(NodeConnectorId tunPort, short tableId) {
339
340         MatchBuilder mb = new MatchBuilder().setInPort(tunPort);
341         addNxRegMatch(mb, RegMatch.of(NxmNxReg1.class, 0xffffffL));
342         Match match = mb.build();
343         FlowId flowId = FlowIdUtils.newFlowId(tableId, "chainport", match);
344
345         FlowBuilder flow = base(tableId).setId(flowId).setMatch(match).setPriority(65000).setInstructions(
346                 instructions(applyActionIns(nxPopNshAction(), nxOutputRegAction(NxmNxReg7.class))));
347         return flow.build();
348
349     }
350
351     private static Integer returnOfPortFromNodeConnector(NodeConnectorId nodeConnectorId) {
352         String[] elements = StringUtils.split(nodeConnectorId.getValue(), ":");
353         if (elements.length != 3)
354             return null;
355         return new Integer(elements[2]);
356     }
357
358     /**
359      * Get a base flow builder with some common features already set
360      */
361     private static FlowBuilder base(short tableId) {
362         return new FlowBuilder().setTableId(tableId).setBarrier(false).setHardTimeout(0).setIdleTimeout(0);
363     }
364 }
OpenDaylight Group Based Policy Plugin