2 * Copyright (c) 2014 Cisco Systems, Inc. and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
9 package org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow;
11 import static org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.addNxNsiMatch;
12 import static org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.addNxNspMatch;
13 import static org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.addNxRegMatch;
14 import static org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.addNxTunIdMatch;
15 import static org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.addNxTunIpv4DstMatch;
16 import static org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.applyActionIns;
17 import static org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.gotoTableIns;
18 import static org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.instructions;
19 import static org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.nxLoadNshc1RegAction;
20 import static org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.nxLoadNshc2RegAction;
21 import static org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.nxLoadRegAction;
22 import static org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.nxLoadTunIPv4Action;
23 import static org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.nxLoadTunIdAction;
24 import static org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.nxOutputRegAction;
25 import static org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.outputAction;
27 import java.math.BigInteger;
28 import java.util.ArrayList;
29 import java.util.List;
31 import org.apache.commons.lang3.StringUtils;
32 import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.OfContext;
33 import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.OfWriter;
34 import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.PolicyManager;
35 import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.RegMatch;
36 import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.OrdinalFactory.EndpointFwdCtxOrdinals;
37 import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.mapper.policyenforcer.NetworkElements;
38 import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.node.SwitchManager;
39 import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.sf.ChainAction;
40 import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.sfcutils.SfcNshHeader;
41 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev100924.IpAddress;
42 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev100924.Ipv4Address;
43 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev100924.Ipv4Prefix;
44 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev100924.Ipv6Prefix;
45 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.inventory.rev130819.FlowId;
46 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.inventory.rev130819.tables.table.Flow;
47 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.inventory.rev130819.tables.table.FlowBuilder;
48 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.types.rev131026.flow.Match;
49 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.types.rev131026.flow.MatchBuilder;
50 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.types.rev131026.instruction.instruction.go.to.table._case.GoToTable;
51 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.endpoint.rev140421.endpoint.fields.L3Address;
52 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.HasDirection.Direction;
53 import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.NodeConnectorId;
54 import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.NodeId;
55 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.Layer3Match;
56 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.layer._3.match.Ipv4MatchBuilder;
57 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.layer._3.match.Ipv6MatchBuilder;
58 import org.opendaylight.yang.gen.v1.urn.opendaylight.openflowjava.nx.match.rev140421.NxmNxReg0;
59 import org.opendaylight.yang.gen.v1.urn.opendaylight.openflowjava.nx.match.rev140421.NxmNxReg1;
60 import org.opendaylight.yang.gen.v1.urn.opendaylight.openflowjava.nx.match.rev140421.NxmNxReg4;
61 import org.opendaylight.yang.gen.v1.urn.opendaylight.openflowjava.nx.match.rev140421.NxmNxReg5;
62 import org.opendaylight.yang.gen.v1.urn.opendaylight.openflowjava.nx.match.rev140421.NxmNxReg6;
63 import org.opendaylight.yang.gen.v1.urn.opendaylight.openflowjava.nx.match.rev140421.NxmNxReg7;
64 import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.overlay.rev150105.TunnelTypeVxlanGpe;
65 import org.slf4j.Logger;
66 import org.slf4j.LoggerFactory;
68 import com.google.common.annotations.VisibleForTesting;
71 * <h1>Creation of flows related to service chain</h1>
73 * These flows are built across most of gbp of tables and have higher priority than basic flows. It ensures, that
74 * packet redirected to chain will be sent to tunnel output
77 * Flow that allows ALL traffic incoming from chain last hop
79 * <i>Allow from chain flow</i><br>
86 * - in_port (tunnel port) {@link NodeConnectorId}<br>
88 * - {@link GoToTable} SOURCE MAPPER table
90 * TODO: looks like duplicity, the same flow is created in policy enforcer
91 * <i>Allow from chain tunnel</i>
93 * Priority = 65000<br>
95 * - in_port (tunnel port) {@link NodeConnectorId}<br>
96 * - Reg7 (fixed value 0xffffff) {@link NxmNxReg7}
98 * - {@link GoToTable} SOURCE MAPPER table
100 * <i>Create external flow</i>
102 * Priority = 1000 (if dst node == src node, priority = 1500)<br>
104 * - Reg6 {@link NxmNxReg6}<br>
108 * - tun_dst (only if dst node == src node)<br>
112 * - load tunnel ID<br>
113 * - load tunnel ipv4<br>
114 * - output:(tunnel port)<br>
116 * <i>Chain tunnel flow</i><br>
120 * - in_port (tunnel port) {@link NodeConnectorId}<br>
125 * - Reg0 {@link NxmNxReg0}<br>
126 * - Reg1 {@link NxmNxReg1}<br>
127 * - Reg4 {@link NxmNxReg4}<br>
128 * - Reg5 {@link NxmNxReg5}<br>
129 * - Reg6 {@link NxmNxReg6}<br>
130 * - {@link GoToTable} DESTINATION MAPPER table<br>
132 * <i>Chain broadcast flow</i><br>
136 * - in_port (tunnel port) {@link NodeConnectorId}<br>
141 * - load Reg5 {@link NxmNxReg5}<br>
142 * - {@link GoToTable} DESTINATION MAPPER table<br>
144 public class ChainActionFlows {
146 private static final Logger LOG = LoggerFactory.getLogger(ChainAction.class);
148 public ChainActionFlows() {
152 public static void createChainTunnelFlows(SfcNshHeader sfcNshHeader, NetworkElements netElements, OfWriter ofWriter,
153 OfContext ctx, Direction direction) {
155 NodeId localNodeId = netElements.getLocalNodeId();
156 EndpointFwdCtxOrdinals epOrdinals = netElements.getSrcEpOrdinals();
158 NodeConnectorId localNodeTunPort = ctx.getSwitchManager().getTunnelPort(localNodeId, TunnelTypeVxlanGpe.class);
159 Ipv4Address tunDestAddress = ctx.getSwitchManager()
160 .getTunnelIP(netElements.getDstNodeId(), TunnelTypeVxlanGpe.class)
162 if (localNodeTunPort == null) {
163 LOG.error("createChainTunnelFlows: No valid VXLAN GPE tunnel for Node {} ", localNodeId);
166 if (direction.equals(Direction.In)) {
167 ofWriter.writeFlow(localNodeId, ctx.getPolicyManager().getTABLEID_PORTSECURITY(), allowFromChainPort(
168 sfcNshHeader, localNodeTunPort, ctx.getPolicyManager().getTABLEID_PORTSECURITY(), ctx));
170 for (Flow flow : createChainTunnelFlow(sfcNshHeader, localNodeTunPort, netElements,
171 ctx.getPolicyManager().getTABLEID_SOURCE_MAPPER(), ctx)) {
172 ofWriter.writeFlow(localNodeId, ctx.getPolicyManager().getTABLEID_SOURCE_MAPPER(), flow);
175 ofWriter.writeFlow(localNodeId, ctx.getPolicyManager().getTABLEID_POLICY_ENFORCER(),
176 allowFromChainTunnel(localNodeTunPort, ctx.getPolicyManager().getTABLEID_POLICY_ENFORCER()));
178 ofWriter.writeFlow(localNodeId, ctx.getPolicyManager().getTABLEID_SOURCE_MAPPER(),
179 createChainBroadcastFlow(sfcNshHeader, localNodeTunPort, epOrdinals,
180 ctx.getPolicyManager().getTABLEID_SOURCE_MAPPER(), ctx));
182 ofWriter.writeFlow(localNodeId, ctx.getPolicyManager().getTABLEID_EXTERNAL_MAPPER(),
183 createExternalFlow(sfcNshHeader, localNodeTunPort, netElements, ctx.getPolicyManager(),
184 ctx.getSwitchManager(), tunDestAddress));
188 private static Flow createChainBroadcastFlow(SfcNshHeader sfcNshHeader, NodeConnectorId tunPort,
189 EndpointFwdCtxOrdinals epFwdCtxOrds, short tableId, OfContext ctx) {
191 int fdId = epFwdCtxOrds.getFdId();
193 MatchBuilder mb = new MatchBuilder().setInPort(tunPort);
195 addNxNsiMatch(mb, sfcNshHeader.getNshNsiFromChain());
196 addNxNspMatch(mb, sfcNshHeader.getNshNspFromChain());
197 addNxTunIdMatch(mb, fdId);
199 org.opendaylight.yang.gen.v1.urn.opendaylight.action.types.rev131112.action.Action fdReg =
200 nxLoadRegAction(NxmNxReg5.class, BigInteger.valueOf(fdId));
202 Match match = mb.build();
203 FlowId flowId = FlowIdUtils.newFlowId(tableId, "chainbroadcast", match);
205 FlowBuilder flowb = base(tableId).setId(flowId)
208 .setInstructions(instructions(applyActionIns(fdReg),
209 gotoTableIns(ctx.getPolicyManager().getTABLEID_DESTINATION_MAPPER())));
210 return flowb.build();
213 private static Flow createExternalFlow(SfcNshHeader sfcNshHeader, NodeConnectorId tunPort, NetworkElements netElements,
214 PolicyManager policyManager, SwitchManager switchManager, Ipv4Address ipTunDest) {
216 short tableId = policyManager.getTABLEID_EXTERNAL_MAPPER();
217 org.opendaylight.yang.gen.v1.urn.opendaylight.action.types.rev131112.action.Action loadC1;
218 org.opendaylight.yang.gen.v1.urn.opendaylight.action.types.rev131112.action.Action outputAction;
220 Integer priority = 1000;
221 int matchTunnelId = netElements.getSrcEpOrdinals().getTunnelId();
222 long setTunnelId = netElements.getDstEpOrdinals().getTunnelId();
223 Long l3c = (long) netElements.getSrcEpOrdinals().getL3Id();
224 loadC1 = nxLoadNshc1RegAction(sfcNshHeader.getNshMetaC1());
226 // Test for if SFF is on same node
227 IpAddress ipAddress = switchManager.getTunnelIP(netElements.getLocalNodeId(), TunnelTypeVxlanGpe.class);
229 if (ipAddress != null && ipAddress.getIpv4Address().equals(sfcNshHeader.getNshTunIpDst())) {
230 Integer newPort = returnOfPortFromNodeConnector(tunPort);
231 outputAction = FlowUtils.createActionResubmit(newPort, policyManager.getTABLEID_SFC_EGRESS());
233 outputAction = outputAction(tunPort);
236 org.opendaylight.yang.gen.v1.urn.opendaylight.action.types.rev131112.action.Action loadC2 =
237 nxLoadNshc2RegAction(setTunnelId);
238 org.opendaylight.yang.gen.v1.urn.opendaylight.action.types.rev131112.action.Action loadChainTunVnid =
239 nxLoadTunIdAction(BigInteger.valueOf(setTunnelId), false);
240 org.opendaylight.yang.gen.v1.urn.opendaylight.action.types.rev131112.action.Action loadChainTunDest =
241 nxLoadTunIPv4Action(sfcNshHeader.getNshTunIpDst().getValue(), false);
243 MatchBuilder mb = new MatchBuilder();
244 addNxRegMatch(mb, RegMatch.of(NxmNxReg6.class, l3c));
245 addNxTunIdMatch(mb, matchTunnelId);
246 addNxNspMatch(mb, sfcNshHeader.getNshNspToChain());
247 addNxNsiMatch(mb, sfcNshHeader.getNshNsiToChain());
248 if (!netElements.getDstNodeId().equals(netElements.getSrcNodeId())) {
249 addNxTunIpv4DstMatch(mb, ipTunDest);
253 Match match = mb.build();
254 FlowId flowId = FlowIdUtils.newFlowId(tableId, "chainexternal", match);
256 base(tableId).setId(flowId).setPriority(priority).setMatch(match).setInstructions(
257 instructions(applyActionIns(loadC1, loadC2, loadChainTunDest, loadChainTunVnid, outputAction)));
258 return flowb.build();
261 private static List<Flow> createChainTunnelFlow(SfcNshHeader sfcNshHeader, NodeConnectorId tunPort,
262 NetworkElements netElements, short tableId, OfContext ctx) {
264 int egId = netElements.getDstEpOrdinals().getEpgId();
265 int bdId = netElements.getDstEpOrdinals().getBdId();
266 int fdId = netElements.getDstEpOrdinals().getFdId();
267 int l3Id = netElements.getDstEpOrdinals().getL3Id();
268 int tunnelId = netElements.getSrcEpOrdinals().getTunnelId();
270 org.opendaylight.yang.gen.v1.urn.opendaylight.action.types.rev131112.action.Action segReg =
271 nxLoadRegAction(NxmNxReg0.class, BigInteger.valueOf(egId));
272 org.opendaylight.yang.gen.v1.urn.opendaylight.action.types.rev131112.action.Action scgReg =
273 nxLoadRegAction(NxmNxReg1.class, BigInteger.valueOf(0xffffff));
274 org.opendaylight.yang.gen.v1.urn.opendaylight.action.types.rev131112.action.Action bdReg =
275 nxLoadRegAction(NxmNxReg4.class, BigInteger.valueOf(bdId));
276 org.opendaylight.yang.gen.v1.urn.opendaylight.action.types.rev131112.action.Action fdReg =
277 nxLoadRegAction(NxmNxReg5.class, BigInteger.valueOf(fdId));
278 org.opendaylight.yang.gen.v1.urn.opendaylight.action.types.rev131112.action.Action vrfReg =
279 nxLoadRegAction(NxmNxReg6.class, BigInteger.valueOf(l3Id));
281 List<Flow> flows = new ArrayList<>();
282 for (L3Address address : netElements.getDstEp().getL3Address()) {
283 Layer3Match l3Match = null;
284 MatchBuilder mb = null;
285 if (address.getIpAddress() != null) {
286 if (address.getIpAddress().getIpv4Address() != null) {
287 l3Match = new Ipv4MatchBuilder()
288 .setIpv4Source(new Ipv4Prefix(address.getIpAddress().getIpv4Address().getValue() + "/32"))
290 mb = new MatchBuilder().setInPort(tunPort)
291 .setLayer3Match(l3Match)
292 .setEthernetMatch(FlowUtils.ethernetMatch(null, null, FlowUtils.IPv4));
293 } else if (address.getIpAddress().getIpv6Address() != null) {
294 l3Match = new Ipv6MatchBuilder()
295 .setIpv6Source(new Ipv6Prefix(address.getIpAddress().getIpv6Address().getValue() + "/128"))
297 mb = new MatchBuilder().setInPort(tunPort)
298 .setLayer3Match(l3Match)
299 .setEthernetMatch(FlowUtils.ethernetMatch(null, null, FlowUtils.IPv6));
303 addNxTunIdMatch(mb, tunnelId);
304 addNxNspMatch(mb, sfcNshHeader.getNshNspFromChain());
305 addNxNsiMatch(mb, sfcNshHeader.getNshNsiFromChain());
307 Match match = mb.build();
308 FlowId flowId = FlowIdUtils.newFlowId(tableId, "chaintunnel", match);
309 FlowBuilder flowb = base(tableId).setId(flowId).setPriority(150).setMatch(match).setInstructions(
310 instructions(applyActionIns(segReg, scgReg, bdReg, fdReg, vrfReg),
311 gotoTableIns(ctx.getPolicyManager().getTABLEID_DESTINATION_MAPPER())));
312 flows.add(flowb.build());
317 private static Flow allowFromChainPort(SfcNshHeader sfcNshHeader, NodeConnectorId port, short tableId,
320 // Matching on last NSP/NSI that SFF leaves on but with C1=0
321 MatchBuilder mb = new MatchBuilder();
322 FlowUtils.addNxNshc1RegMatch(mb, 0L);
323 FlowUtils.addNxNsiMatch(mb, sfcNshHeader.getNshNsiFromChain());
324 FlowUtils.addNxNspMatch(mb, sfcNshHeader.getNshNspFromChain());
325 Match match = mb.setInPort(port).build();
327 FlowId flowId = FlowIdUtils.newFlowId(tableId, "chainport", match);
329 base(tableId).setId(flowId).setPriority(1200).setMatch(match).setInstructions(
330 FlowUtils.gotoTableInstructions(ctx.getPolicyManager().getTABLEID_SOURCE_MAPPER()));
331 return flowb.build();
334 private static Flow allowFromChainTunnel(NodeConnectorId tunPort, short tableId) {
336 MatchBuilder mb = new MatchBuilder().setInPort(tunPort);
337 addNxRegMatch(mb, RegMatch.of(NxmNxReg1.class, 0xffffffL));
338 Match match = mb.build();
339 FlowId flowId = FlowIdUtils.newFlowId(tableId, "chainport", match);
341 FlowBuilder flow = base(tableId).setId(flowId).setMatch(match).setPriority(65000).setInstructions(
342 instructions(applyActionIns(nxOutputRegAction(NxmNxReg7.class))));
347 private static Integer returnOfPortFromNodeConnector(NodeConnectorId nodeConnectorId) {
348 String[] elements = StringUtils.split(nodeConnectorId.getValue(), ":");
349 if (elements.length != 3)
351 return new Integer(elements[2]);
355 * Get a base flow builder with some common features already set
357 private static FlowBuilder base(short tableId) {
358 return new FlowBuilder().setTableId(tableId).setBarrier(false).setHardTimeout(0).setIdleTimeout(0);