2 * Copyright (c) 2014 Cisco Systems, Inc. and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
9 package org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow;
11 import static org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.addNxNsiMatch;
12 import static org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.addNxNspMatch;
13 import static org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.addNxRegMatch;
14 import static org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.addNxTunIdMatch;
15 import static org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.addNxTunIpv4DstMatch;
16 import static org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.applyActionIns;
17 import static org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.gotoTableIns;
18 import static org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.instructions;
19 import static org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.nxLoadNshc1RegAction;
20 import static org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.nxLoadNshc2RegAction;
21 import static org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.nxLoadRegAction;
22 import static org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.nxLoadTunGpeNpAction;
23 import static org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.nxLoadTunIPv4Action;
24 import static org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.nxLoadTunIdAction;
25 import static org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.nxOutputRegAction;
26 import static org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.outputAction;
27 import static org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.nxPopNshAction;
29 import java.math.BigInteger;
30 import java.util.ArrayList;
31 import java.util.List;
33 import org.apache.commons.lang3.StringUtils;
34 import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.OfContext;
35 import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.OfWriter;
36 import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.PolicyManager;
37 import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.RegMatch;
38 import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.OrdinalFactory.EndpointFwdCtxOrdinals;
39 import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.mapper.policyenforcer.NetworkElements;
40 import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.node.SwitchManager;
41 import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.sf.ChainAction;
42 import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.sfcutils.SfcNshHeader;
43 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IpAddress;
44 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Ipv4Address;
45 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Ipv4Prefix;
46 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Ipv6Prefix;
47 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.inventory.rev130819.FlowId;
48 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.inventory.rev130819.tables.table.Flow;
49 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.inventory.rev130819.tables.table.FlowBuilder;
50 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.types.rev131026.flow.Match;
51 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.types.rev131026.flow.MatchBuilder;
52 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.types.rev131026.instruction.instruction.go.to.table._case.GoToTable;
53 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.endpoint.rev140421.endpoint.fields.L3Address;
54 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.HasDirection.Direction;
55 import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.NodeConnectorId;
56 import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.NodeId;
57 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.Layer3Match;
58 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.layer._3.match.Ipv4MatchBuilder;
59 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.layer._3.match.Ipv6MatchBuilder;
60 import org.opendaylight.yang.gen.v1.urn.opendaylight.openflowjava.nx.match.rev140421.NxmNxReg0;
61 import org.opendaylight.yang.gen.v1.urn.opendaylight.openflowjava.nx.match.rev140421.NxmNxReg1;
62 import org.opendaylight.yang.gen.v1.urn.opendaylight.openflowjava.nx.match.rev140421.NxmNxReg4;
63 import org.opendaylight.yang.gen.v1.urn.opendaylight.openflowjava.nx.match.rev140421.NxmNxReg5;
64 import org.opendaylight.yang.gen.v1.urn.opendaylight.openflowjava.nx.match.rev140421.NxmNxReg6;
65 import org.opendaylight.yang.gen.v1.urn.opendaylight.openflowjava.nx.match.rev140421.NxmNxReg7;
66 import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.overlay.rev150105.TunnelTypeVxlanGpe;
67 import org.slf4j.Logger;
68 import org.slf4j.LoggerFactory;
70 import com.google.common.annotations.VisibleForTesting;
73 * <h1>Creation of flows related to service chain</h1>
75 * These flows are built across most of gbp of tables and have higher priority than basic flows. It ensures, that
76 * packet redirected to chain will be sent to tunnel output
79 * Flow that allows ALL traffic incoming from chain last hop
81 * <i>Allow from chain flow</i><br>
88 * - in_port (tunnel port) {@link NodeConnectorId}<br>
90 * - {@link GoToTable} SOURCE MAPPER table
92 * TODO: looks like duplicity, the same flow is created in policy enforcer
93 * <i>Allow from chain tunnel</i>
95 * Priority = 65000<br>
97 * - in_port (tunnel port) {@link NodeConnectorId}<br>
98 * - Reg7 (fixed value 0xffffff) {@link NxmNxReg7}
100 * - {@link GoToTable} SOURCE MAPPER table
102 * <i>Create external flow</i>
104 * Priority = 1000 (if dst node == src node, priority = 1500)<br>
106 * - Reg6 {@link NxmNxReg6}<br>
110 * - tun_dst (only if dst node == src node)<br>
114 * - load tunnel ID<br>
115 * - load tunnel ipv4<br>
116 * - output:(tunnel port)<br>
118 * <i>Chain tunnel flow</i><br>
122 * - in_port (tunnel port) {@link NodeConnectorId}<br>
127 * - Reg0 {@link NxmNxReg0}<br>
128 * - Reg1 {@link NxmNxReg1}<br>
129 * - Reg4 {@link NxmNxReg4}<br>
130 * - Reg5 {@link NxmNxReg5}<br>
131 * - Reg6 {@link NxmNxReg6}<br>
132 * - {@link GoToTable} DESTINATION MAPPER table<br>
134 * <i>Chain broadcast flow</i><br>
138 * - in_port (tunnel port) {@link NodeConnectorId}<br>
143 * - load Reg5 {@link NxmNxReg5}<br>
144 * - {@link GoToTable} DESTINATION MAPPER table<br>
146 public class ChainActionFlows {
148 private static final Logger LOG = LoggerFactory.getLogger(ChainAction.class);
149 private static final short TUN_GPE_NP_NSH = 0x4;
151 public ChainActionFlows() {
155 public static void createChainTunnelFlows(SfcNshHeader sfcNshHeader, NetworkElements netElements, OfWriter ofWriter,
156 OfContext ctx, Direction direction) {
158 NodeId localNodeId = netElements.getLocalNodeId();
159 EndpointFwdCtxOrdinals epOrdinals = netElements.getSrcEpOrdinals();
161 NodeConnectorId localNodeTunPort = ctx.getSwitchManager().getTunnelPort(localNodeId, TunnelTypeVxlanGpe.class);
162 Ipv4Address tunDestAddress = ctx.getSwitchManager()
163 .getTunnelIP(netElements.getDstNodeId(), TunnelTypeVxlanGpe.class)
165 if (localNodeTunPort == null) {
166 LOG.error("createChainTunnelFlows: No valid VXLAN GPE tunnel for Node {} ", localNodeId);
169 if (direction.equals(Direction.In)) {
170 ofWriter.writeFlow(localNodeId, ctx.getPolicyManager().getTABLEID_PORTSECURITY(), allowFromChainPort(
171 sfcNshHeader, localNodeTunPort, ctx.getPolicyManager().getTABLEID_PORTSECURITY(), ctx));
173 for (Flow flow : createChainTunnelFlow(sfcNshHeader, localNodeTunPort, netElements,
174 ctx.getPolicyManager().getTABLEID_SOURCE_MAPPER(), ctx)) {
175 ofWriter.writeFlow(localNodeId, ctx.getPolicyManager().getTABLEID_SOURCE_MAPPER(), flow);
178 ofWriter.writeFlow(localNodeId, ctx.getPolicyManager().getTABLEID_POLICY_ENFORCER(),
179 allowFromChainTunnel(localNodeTunPort, ctx.getPolicyManager().getTABLEID_POLICY_ENFORCER()));
181 ofWriter.writeFlow(localNodeId, ctx.getPolicyManager().getTABLEID_SOURCE_MAPPER(),
182 createChainBroadcastFlow(sfcNshHeader, localNodeTunPort, epOrdinals,
183 ctx.getPolicyManager().getTABLEID_SOURCE_MAPPER(), ctx));
185 ofWriter.writeFlow(localNodeId, ctx.getPolicyManager().getTABLEID_EXTERNAL_MAPPER(),
186 createExternalFlow(sfcNshHeader, localNodeTunPort, netElements, ctx.getPolicyManager(),
187 ctx.getSwitchManager(), tunDestAddress));
191 private static Flow createChainBroadcastFlow(SfcNshHeader sfcNshHeader, NodeConnectorId tunPort,
192 EndpointFwdCtxOrdinals epFwdCtxOrds, short tableId, OfContext ctx) {
194 int fdId = epFwdCtxOrds.getFdId();
196 MatchBuilder mb = new MatchBuilder().setInPort(tunPort);
198 addNxNsiMatch(mb, sfcNshHeader.getNshNsiFromChain());
199 addNxNspMatch(mb, sfcNshHeader.getNshNspFromChain());
200 addNxTunIdMatch(mb, fdId);
202 org.opendaylight.yang.gen.v1.urn.opendaylight.action.types.rev131112.action.Action fdReg =
203 nxLoadRegAction(NxmNxReg5.class, BigInteger.valueOf(fdId));
205 Match match = mb.build();
206 FlowId flowId = FlowIdUtils.newFlowId(tableId, "chainbroadcast", match);
208 FlowBuilder flowb = base(tableId).setId(flowId)
211 .setInstructions(instructions(applyActionIns(fdReg),
212 gotoTableIns(ctx.getPolicyManager().getTABLEID_DESTINATION_MAPPER())));
213 return flowb.build();
216 private static Flow createExternalFlow(SfcNshHeader sfcNshHeader, NodeConnectorId tunPort, NetworkElements netElements,
217 PolicyManager policyManager, SwitchManager switchManager, Ipv4Address ipTunDest) {
219 short tableId = policyManager.getTABLEID_EXTERNAL_MAPPER();
220 org.opendaylight.yang.gen.v1.urn.opendaylight.action.types.rev131112.action.Action loadC1;
221 org.opendaylight.yang.gen.v1.urn.opendaylight.action.types.rev131112.action.Action outputAction;
223 Integer priority = 1000;
224 int matchTunnelId = netElements.getSrcEpOrdinals().getTunnelId();
225 long setTunnelId = netElements.getDstEpOrdinals().getTunnelId();
226 Long l3c = (long) netElements.getSrcEpOrdinals().getL3Id();
227 loadC1 = nxLoadNshc1RegAction(sfcNshHeader.getNshMetaC1());
229 // Test for if SFF is on same node
230 IpAddress ipAddress = switchManager.getTunnelIP(netElements.getLocalNodeId(), TunnelTypeVxlanGpe.class);
232 if (ipAddress != null && ipAddress.getIpv4Address().equals(sfcNshHeader.getNshTunIpDst())) {
233 Integer newPort = returnOfPortFromNodeConnector(tunPort);
234 outputAction = FlowUtils.createActionResubmit(newPort, policyManager.getTABLEID_SFC_EGRESS());
236 outputAction = outputAction(tunPort);
239 org.opendaylight.yang.gen.v1.urn.opendaylight.action.types.rev131112.action.Action loadC2 =
240 nxLoadNshc2RegAction(setTunnelId);
241 org.opendaylight.yang.gen.v1.urn.opendaylight.action.types.rev131112.action.Action loadChainTunVnid =
242 nxLoadTunIdAction(BigInteger.valueOf(setTunnelId), false);
243 org.opendaylight.yang.gen.v1.urn.opendaylight.action.types.rev131112.action.Action loadChainTunDest =
244 nxLoadTunIPv4Action(sfcNshHeader.getNshTunIpDst().getValue(), false);
245 org.opendaylight.yang.gen.v1.urn.opendaylight.action.types.rev131112.action.Action loadTunGpeNp = nxLoadTunGpeNpAction(BigInteger.valueOf(TUN_GPE_NP_NSH), false);
247 MatchBuilder mb = new MatchBuilder();
248 addNxRegMatch(mb, RegMatch.of(NxmNxReg6.class, l3c));
249 addNxTunIdMatch(mb, matchTunnelId);
250 addNxNspMatch(mb, sfcNshHeader.getNshNspToChain());
251 addNxNsiMatch(mb, sfcNshHeader.getNshNsiToChain());
252 if (!netElements.getDstNodeId().equals(netElements.getSrcNodeId())) {
253 addNxTunIpv4DstMatch(mb, ipTunDest);
257 Match match = mb.build();
258 FlowId flowId = FlowIdUtils.newFlowId(tableId, "chainexternal", match);
260 base(tableId).setId(flowId).setPriority(priority).setMatch(match).setInstructions(
261 instructions(applyActionIns(loadC1, loadC2, loadChainTunDest, loadChainTunVnid, loadTunGpeNp, outputAction)));
262 return flowb.build();
265 private static List<Flow> createChainTunnelFlow(SfcNshHeader sfcNshHeader, NodeConnectorId tunPort,
266 NetworkElements netElements, short tableId, OfContext ctx) {
268 int egId = netElements.getDstEpOrdinals().getEpgId();
269 int bdId = netElements.getDstEpOrdinals().getBdId();
270 int fdId = netElements.getDstEpOrdinals().getFdId();
271 int l3Id = netElements.getDstEpOrdinals().getL3Id();
272 int tunnelId = netElements.getSrcEpOrdinals().getTunnelId();
274 org.opendaylight.yang.gen.v1.urn.opendaylight.action.types.rev131112.action.Action segReg =
275 nxLoadRegAction(NxmNxReg0.class, BigInteger.valueOf(egId));
276 org.opendaylight.yang.gen.v1.urn.opendaylight.action.types.rev131112.action.Action scgReg =
277 nxLoadRegAction(NxmNxReg1.class, BigInteger.valueOf(0xffffff));
278 org.opendaylight.yang.gen.v1.urn.opendaylight.action.types.rev131112.action.Action bdReg =
279 nxLoadRegAction(NxmNxReg4.class, BigInteger.valueOf(bdId));
280 org.opendaylight.yang.gen.v1.urn.opendaylight.action.types.rev131112.action.Action fdReg =
281 nxLoadRegAction(NxmNxReg5.class, BigInteger.valueOf(fdId));
282 org.opendaylight.yang.gen.v1.urn.opendaylight.action.types.rev131112.action.Action vrfReg =
283 nxLoadRegAction(NxmNxReg6.class, BigInteger.valueOf(l3Id));
285 List<Flow> flows = new ArrayList<>();
286 for (L3Address address : netElements.getDstEp().getL3Address()) {
287 Layer3Match l3Match = null;
288 MatchBuilder mb = null;
289 if (address.getIpAddress() != null) {
290 if (address.getIpAddress().getIpv4Address() != null) {
291 l3Match = new Ipv4MatchBuilder()
292 .setIpv4Source(new Ipv4Prefix(address.getIpAddress().getIpv4Address().getValue() + "/32"))
294 mb = new MatchBuilder().setInPort(tunPort)
295 .setLayer3Match(l3Match)
296 .setEthernetMatch(FlowUtils.ethernetMatch(null, null, FlowUtils.IPv4));
297 } else if (address.getIpAddress().getIpv6Address() != null) {
298 l3Match = new Ipv6MatchBuilder()
299 .setIpv6Source(new Ipv6Prefix(address.getIpAddress().getIpv6Address().getValue() + "/128"))
301 mb = new MatchBuilder().setInPort(tunPort)
302 .setLayer3Match(l3Match)
303 .setEthernetMatch(FlowUtils.ethernetMatch(null, null, FlowUtils.IPv6));
307 addNxTunIdMatch(mb, tunnelId);
308 addNxNspMatch(mb, sfcNshHeader.getNshNspFromChain());
309 addNxNsiMatch(mb, sfcNshHeader.getNshNsiFromChain());
311 Match match = mb.build();
312 FlowId flowId = FlowIdUtils.newFlowId(tableId, "chaintunnel", match);
313 FlowBuilder flowb = base(tableId).setId(flowId).setPriority(150).setMatch(match).setInstructions(
314 instructions(applyActionIns(segReg, scgReg, bdReg, fdReg, vrfReg),
315 gotoTableIns(ctx.getPolicyManager().getTABLEID_DESTINATION_MAPPER())));
316 flows.add(flowb.build());
321 private static Flow allowFromChainPort(SfcNshHeader sfcNshHeader, NodeConnectorId port, short tableId,
324 // Matching on last NSP/NSI that SFF leaves on but with C1=0
325 MatchBuilder mb = new MatchBuilder();
326 FlowUtils.addNxNshc1RegMatch(mb, 0L);
327 FlowUtils.addNxNsiMatch(mb, sfcNshHeader.getNshNsiFromChain());
328 FlowUtils.addNxNspMatch(mb, sfcNshHeader.getNshNspFromChain());
329 Match match = mb.setInPort(port).build();
331 FlowId flowId = FlowIdUtils.newFlowId(tableId, "chainport", match);
333 base(tableId).setId(flowId).setPriority(1200).setMatch(match).setInstructions(
334 FlowUtils.gotoTableInstructions(ctx.getPolicyManager().getTABLEID_SOURCE_MAPPER()));
335 return flowb.build();
338 private static Flow allowFromChainTunnel(NodeConnectorId tunPort, short tableId) {
340 MatchBuilder mb = new MatchBuilder().setInPort(tunPort);
341 addNxRegMatch(mb, RegMatch.of(NxmNxReg1.class, 0xffffffL));
342 Match match = mb.build();
343 FlowId flowId = FlowIdUtils.newFlowId(tableId, "chainport", match);
345 FlowBuilder flow = base(tableId).setId(flowId).setMatch(match).setPriority(65000).setInstructions(
346 instructions(applyActionIns(nxPopNshAction(), nxOutputRegAction(NxmNxReg7.class))));
351 private static Integer returnOfPortFromNodeConnector(NodeConnectorId nodeConnectorId) {
352 String[] elements = StringUtils.split(nodeConnectorId.getValue(), ":");
353 if (elements.length != 3)
355 return new Integer(elements[2]);
359 * Get a base flow builder with some common features already set
361 private static FlowBuilder base(short tableId) {
362 return new FlowBuilder().setTableId(tableId).setBarrier(false).setHardTimeout(0).setIdleTimeout(0);