2 * Copyright (c) 2014 Cisco Systems, Inc. and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
9 package org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow;
11 import static org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.ARP;
12 import static org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.applyActionIns;
13 import static org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.ethernetMatch;
14 import static org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.gotoTableIns;
15 import static org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.instructions;
16 import static org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.nxLoadArpOpAction;
17 import static org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.nxLoadArpShaAction;
18 import static org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.nxLoadArpSpaAction;
19 import static org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.nxLoadRegAction;
20 import static org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.nxLoadTunIdAction;
21 import static org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.nxMoveArpShaToArpThaAction;
22 import static org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.nxMoveArpSpaToArpTpaAction;
23 import static org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.nxMoveEthSrcToEthDstAction;
24 import static org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.outputAction;
25 import static org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.setDlDstAction;
26 import static org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.setDlSrcAction;
27 import static org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.setIpv4DstAction;
28 import static org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.FlowUtils.setIpv6DstAction;
30 import java.math.BigInteger;
31 import java.util.Collection;
33 import org.apache.commons.lang3.ArrayUtils;
34 import org.opendaylight.groupbasedpolicy.dto.EpKey;
35 import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.OfContext;
36 import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.OfWriter;
37 import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.OrdinalFactory.EndpointFwdCtxOrdinals;
38 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev100924.IpAddress;
39 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev100924.Ipv4Prefix;
40 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev100924.Ipv6Prefix;
41 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev100924.MacAddress;
42 import org.opendaylight.yang.gen.v1.urn.opendaylight.action.types.rev131112.action.Action;
43 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.inventory.rev130819.FlowId;
44 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.inventory.rev130819.tables.table.Flow;
45 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.inventory.rev130819.tables.table.FlowBuilder;
46 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.types.rev131026.flow.MatchBuilder;
47 import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.types.rev131026.instruction.Instruction;
48 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.TenantId;
49 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.endpoint.rev140421.endpoints.Endpoint;
50 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.endpoint.rev140421.endpoints.EndpointL3;
51 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.l3endpoint.rev151217.NatAddress;
52 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.ofoverlay.rev140528.Segmentation;
53 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.forwarding.context.L2FloodDomain;
54 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.forwarding.context.Subnet;
55 import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.NodeConnectorId;
56 import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.NodeId;
57 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.Layer3Match;
58 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.layer._3.match.ArpMatchBuilder;
59 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.layer._3.match.Ipv4MatchBuilder;
60 import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.layer._3.match.Ipv6MatchBuilder;
61 import org.opendaylight.yang.gen.v1.urn.opendaylight.openflowjava.nx.match.rev140421.NxmNxReg0;
62 import org.opendaylight.yang.gen.v1.urn.opendaylight.openflowjava.nx.match.rev140421.NxmNxReg1;
63 import org.opendaylight.yang.gen.v1.urn.opendaylight.openflowjava.nx.match.rev140421.NxmNxReg4;
64 import org.opendaylight.yang.gen.v1.urn.opendaylight.openflowjava.nx.match.rev140421.NxmNxReg5;
65 import org.opendaylight.yang.gen.v1.urn.opendaylight.openflowjava.nx.match.rev140421.NxmNxReg6;
66 import org.slf4j.Logger;
67 import org.slf4j.LoggerFactory;
70 * Manage the table that assigns source endpoint group, bridge domain, and
71 * router domain to registers to be used by other tables.
73 public class IngressNatMapper extends FlowTable {
75 protected static final Logger LOG = LoggerFactory.getLogger(IngressNatMapper.class);
77 // TODO Li alagalah Improve UT coverage for this class.
78 public static short TABLE_ID;
80 public IngressNatMapper(OfContext ctx, short tableId) {
86 public short getTableId() {
91 public void sync(NodeId nodeId, OfWriter ofWriter) throws Exception {
93 // TODO for consideration: default instruction is goto next table because when matching against eth type 0x8100
94 // in PortSecurity, it's not possible to match against IPv4 addresses (only inf eth type would be 0x800)
95 // We can't determine just from L2 layer if traffic should be passed from PortSecurity here to IngressNat or to
96 // SourceMapper. Various 802.1q encapsulated IPs can pass through external ports - NATed or not NATed, remote
97 // or directly connected.
98 // All external ingress traffic is currently passed here and if no match is foud - no NAT is performed
99 // and processing continues in SourceMapper.
101 .setTableId(TABLE_ID)
103 .setInstructions(FlowUtils.instructions(FlowUtils.gotoTableIns(ctx.getPolicyManager().getTABLEID_SOURCE_MAPPER())))
104 .setId(FlowIdUtils.newFlowId("gotoSourceMapper"))
106 ofWriter.writeFlow(nodeId, TABLE_ID, flow);
108 // TODO Bug 3546 - Difficult: External port is unrelated to Tenant, L3C, L2BD..
110 Collection<Endpoint> endpointsForNode = ctx.getEndpointManager().getEndpointsForNode(nodeId);
111 Collection<EndpointL3> l3Endpoints = ctx.getEndpointManager().getL3EndpointsWithNat();
112 for (EndpointL3 l3Ep : l3Endpoints) {
113 if (l3Ep.getL2Context() != null && l3Ep.getMacAddress() !=null ) {
114 Endpoint ep = ctx.getEndpointManager().getEndpoint(new EpKey(l3Ep.getL2Context(), l3Ep.getMacAddress()));
115 if (endpointsForNode.contains(ep)) {
116 createNatFlow(l3Ep, nodeId, ofWriter);
122 private void createNatFlow(EndpointL3 l3Ep, NodeId nodeId, OfWriter ofWriter) throws Exception {
123 NatAddress natAugL3Endpoint = l3Ep.getAugmentation(NatAddress.class);
124 // Match on L3 Nat Augmentation in Destination, set to IPAddress/Mac, send to SourceMapper
125 if (natAugL3Endpoint == null) {
128 Endpoint ep = ctx.getEndpointManager().getEndpoint(new EpKey(l3Ep.getL2Context(), l3Ep.getMacAddress()));
129 EndpointFwdCtxOrdinals epFwdCtxOrds = OrdinalFactory.getEndpointFwdCtxOrdinals(ctx, ep);
130 if (epFwdCtxOrds == null) {
131 LOG.info("getEndpointFwdCtxOrdinals is null for EP {}", ep);
134 Flow flow = buildNatFlow(natAugL3Endpoint.getNatAddress(), l3Ep.getIpAddress(), l3Ep.getMacAddress(), epFwdCtxOrds);
136 ofWriter.writeFlow(nodeId, TABLE_ID, flow);
138 flow = createOutsideArpFlow(l3Ep.getTenant(), natAugL3Endpoint.getNatAddress(), l3Ep.getMacAddress(), nodeId);
140 ofWriter.writeFlow(nodeId, TABLE_ID, flow);
144 private Flow buildNatFlow(IpAddress outsideDestAddress, IpAddress insideDestAddress, MacAddress toMac,
145 EndpointFwdCtxOrdinals epFwdCtxOrds) {
146 // TODO Auto-generated method stub
147 MatchBuilder mb = new MatchBuilder();
149 String outsideIpMatch;
152 Action setDestMac = setDlDstAction(toMac);
153 FlowId flowid = new FlowId(new StringBuilder().append("IngressNat")
155 .append(outsideDestAddress)
157 .append(insideDestAddress)
161 if (insideDestAddress.getIpv4Address() != null) {
162 setDestIp = setIpv4DstAction(insideDestAddress.getIpv4Address());
164 outsideIpMatch = outsideDestAddress.getIpv4Address().getValue() + "/32";
165 m = new Ipv4MatchBuilder().setIpv4Destination(new Ipv4Prefix(outsideIpMatch)).build();
166 mb.setEthernetMatch(ethernetMatch(null, null, FlowUtils.IPv4)).setLayer3Match(m);
167 } else if (insideDestAddress.getIpv6Address() != null) {
168 setDestIp = setIpv6DstAction(insideDestAddress.getIpv6Address());
169 outsideIpMatch = outsideDestAddress.getIpv6Address().getValue() + "/128";
170 m = new Ipv6MatchBuilder().setIpv6Destination(new Ipv6Prefix(outsideIpMatch)).build();
171 mb.setEthernetMatch(ethernetMatch(null, null, FlowUtils.IPv6)).setLayer3Match(m);
176 int egId = epFwdCtxOrds.getEpgId();
177 int bdId = epFwdCtxOrds.getBdId();
178 int fdId = epFwdCtxOrds.getFdId();
179 int l3Id = epFwdCtxOrds.getL3Id();
180 int cgId = epFwdCtxOrds.getCgId();
181 int tunnelId = epFwdCtxOrds.getTunnelId();
182 Action segReg = nxLoadRegAction(NxmNxReg0.class, BigInteger.valueOf(egId));
183 Action scgReg = nxLoadRegAction(NxmNxReg1.class, BigInteger.valueOf(cgId));
184 Action bdReg = nxLoadRegAction(NxmNxReg4.class, BigInteger.valueOf(bdId));
185 Action fdReg = nxLoadRegAction(NxmNxReg5.class, BigInteger.valueOf(fdId));
186 Action vrfReg = nxLoadRegAction(NxmNxReg6.class, BigInteger.valueOf(l3Id));
187 Action tunIdAction = nxLoadTunIdAction(BigInteger.valueOf(tunnelId), false);
189 FlowBuilder flowb = base().setPriority(Integer.valueOf(100))
191 .setMatch(mb.build())
194 applyActionIns(setDestIp, setDestMac, segReg, scgReg, bdReg, fdReg, vrfReg, tunIdAction),
195 gotoTableIns(ctx.getPolicyManager().getTABLEID_DESTINATION_MAPPER())));
196 return flowb.build();
199 private Flow createOutsideArpFlow(TenantId tenantId, IpAddress outsideDestAddress, MacAddress toMac, NodeId nodeId) {
200 String ikey = outsideDestAddress.getIpv4Address().getValue();
201 BigInteger intMac = new BigInteger(1, bytesFromHexString(toMac.getValue()));
202 MatchBuilder mb = new MatchBuilder().setEthernetMatch(ethernetMatch(null, null, ARP)).setLayer3Match(
203 new ArpMatchBuilder().setArpOp(Integer.valueOf(1))
204 .setArpTargetTransportAddress(new Ipv4Prefix(ikey + "/32"))
206 Action[] outsideArpActions = {
207 nxMoveEthSrcToEthDstAction(),
208 setDlSrcAction(toMac),
209 nxLoadArpOpAction(BigInteger.valueOf(2L)),
210 nxMoveArpShaToArpThaAction(),
211 nxLoadArpShaAction(intMac),
212 nxMoveArpSpaToArpTpaAction(),
213 nxLoadArpSpaAction(ikey),
214 outputAction(new NodeConnectorId(nodeId.getValue() + ":INPORT"))
216 Subnet extSubnet = ExternalMapper.resolveSubnetForIpv4Address(ctx.getTenant(tenantId),
217 outsideDestAddress.getIpv4Address());
218 L2FloodDomain l2Fd = null;
219 if (extSubnet != null && extSubnet.getParent() != null) {
220 l2Fd = ctx.getTenant(tenantId).resolveL2FloodDomain(extSubnet.getParent());
222 FlowBuilder flowb = base().setPriority(150);
223 if (l2Fd != null && l2Fd.getAugmentation(Segmentation.class) != null) {
224 Integer vlanId = l2Fd.getAugmentation(Segmentation.class).getSegmentationId();
225 mb.setVlanMatch(FlowUtils.vlanMatch(0, false));
226 Action[] pushVlanpActions = {FlowUtils.pushVlanAction(), FlowUtils.setVlanId(vlanId)};
227 flowb.setInstructions(instructions(FlowUtils.applyActionIns(ArrayUtils.addAll(
229 outsideArpActions))));
231 flowb.setInstructions(instructions(FlowUtils.applyActionIns(outsideArpActions)));
233 flowb.setId(FlowIdUtils.newFlowId(TABLE_ID, "outside-ip-arp", mb.build()));
234 flowb.setMatch(mb.build());
235 return flowb.build();
238 static byte[] bytesFromHexString(String values) {
240 if (values != null) {
243 String[] octets = target.split(":");
245 byte[] ret = new byte[octets.length];
246 for (int i = 0; i < octets.length; i++) {
247 ret[i] = Integer.valueOf(octets[i], 16).byteValue();