2 * Copyright (c) 2016 Cisco Systems, Inc. and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
9 package org.opendaylight.groupbasedpolicy.renderer.vpp.policy;
11 import java.util.Collection;
12 import java.util.HashSet;
14 import java.util.Map.Entry;
16 import java.util.stream.Collectors;
18 import javax.annotation.Nonnull;
20 import org.opendaylight.controller.config.yang.config.vpp_provider.impl.VppRenderer;
21 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
22 import org.opendaylight.controller.md.sal.binding.api.WriteTransaction;
23 import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
24 import org.opendaylight.groupbasedpolicy.renderer.util.AddressEndpointUtils;
25 import org.opendaylight.groupbasedpolicy.renderer.vpp.config.ConfigUtil;
26 import org.opendaylight.groupbasedpolicy.renderer.vpp.event.NodeOperEvent;
27 import org.opendaylight.groupbasedpolicy.renderer.vpp.event.RendererPolicyConfEvent;
28 import org.opendaylight.groupbasedpolicy.renderer.vpp.policy.acl.AclManager;
29 import org.opendaylight.groupbasedpolicy.renderer.vpp.util.KeyFactory;
30 import org.opendaylight.groupbasedpolicy.util.IidFactory;
31 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.base_endpoint.rev160427.endpoints.address.endpoints.AddressEndpointKey;
32 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.base_endpoint.rev160427.has.absolute.location.absolute.location.location.type.ExternalLocationCase;
33 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.has.rule.group.with.renderer.endpoint.participation.RuleGroupWithRendererEndpointParticipation;
34 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.RendererPolicy;
35 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.RendererPolicyBuilder;
36 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.policy.configuration.endpoints.AddressEndpointWithLocation;
37 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.policy.configuration.renderer.endpoints.RendererEndpointKey;
38 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.policy.configuration.renderer.endpoints.renderer.endpoint.PeerEndpoint;
39 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.policy.configuration.rule.groups.RuleGroupKey;
40 import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.NodeId;
41 import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.network.topology.topology.Node;
42 import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
43 import org.slf4j.Logger;
44 import org.slf4j.LoggerFactory;
46 import com.google.common.base.Preconditions;
47 import com.google.common.collect.HashMultimap;
48 import com.google.common.collect.ImmutableSet;
49 import com.google.common.collect.MapDifference;
50 import com.google.common.collect.MapDifference.ValueDifference;
51 import com.google.common.collect.Maps;
52 import com.google.common.collect.SetMultimap;
53 import com.google.common.collect.Sets;
54 import com.google.common.collect.Sets.SetView;
55 import com.google.common.eventbus.Subscribe;
56 import com.google.common.util.concurrent.FutureCallback;
57 import com.google.common.util.concurrent.Futures;
60 public class VppRendererPolicyManager {
62 private static final Logger LOG = LoggerFactory.getLogger(VppRendererPolicyManager.class);
63 private final DataBroker dataProvider;
64 private ForwardingManager fwManager;
65 private final AclManager aclManager;
67 public VppRendererPolicyManager(@Nonnull ForwardingManager fwManager, @Nonnull AclManager aclManager,
68 @Nonnull DataBroker dataProvider) {
69 this.fwManager = Preconditions.checkNotNull(fwManager);
70 this.dataProvider = Preconditions.checkNotNull(dataProvider);
71 this.aclManager = Preconditions.checkNotNull(aclManager);
75 public void rendererPolicyChanged(RendererPolicyConfEvent event) {
76 RendererPolicyBuilder responseBuilder = new RendererPolicyBuilder();
77 switch (event.getDtoModificationType()) {
79 LOG.debug("CREATED : {}", event.getIid());
80 responseBuilder.setVersion(event.getAfter().get().getVersion());
81 rendererPolicyCreated(event.getAfter().get());
84 LOG.debug("UPDATED: {}", event.getIid());
85 RendererPolicy rPolicyBefore = event.getBefore().get();
86 RendererPolicy rPolicyAfter = event.getAfter().get();
87 responseBuilder.setVersion(rPolicyAfter.getVersion());
88 if (rPolicyBefore.getConfiguration() == null && rPolicyAfter.getConfiguration() == null) {
89 LOG.debug("Configuration is not changed only updating config version from {} to {}",
90 rPolicyBefore.getVersion(), rPolicyAfter.getVersion());
92 // TODO collect unconfigured rules and put them to responseBuilder
93 rendererPolicyUpdated(rPolicyBefore, rPolicyAfter);
97 LOG.debug("DELETED: {}", event.getIid());
98 responseBuilder.setVersion(event.getBefore().get().getVersion());
99 rendererPolicyDeleted(event.getBefore().get());
102 WriteTransaction wTx = dataProvider.newWriteOnlyTransaction();
103 RendererPolicy response = responseBuilder.build();
104 wTx.put(LogicalDatastoreType.OPERATIONAL, IidFactory.rendererIid(VppRenderer.NAME).child(RendererPolicy.class),
106 Futures.addCallback(wTx.submit(), new FutureCallback<Void>() {
109 public void onSuccess(Void result) {
110 LOG.info("Renderer updated renderer policy to version {}", response.getVersion());
114 public void onFailure(Throwable t) {
115 LOG.warn("Renderer failed to update renderer-policy to version {}", response.getVersion());
120 private void rendererPolicyUpdated(RendererPolicy rPolicyBefore, RendererPolicy rPolicyAfter) {
121 LOG.trace("VPP renderer policy updated");
122 PolicyContext policyCtxBefore = new PolicyContext(rPolicyBefore);
123 PolicyContext policyCtxAfter = new PolicyContext(rPolicyAfter);
124 aclManager.cacheMultiInterfaces(policyCtxAfter);
125 MapDifference<String, Collection<NodeId>> vppNodesByL2FlDiff =
126 createDiffForVppNodesByL2Fd(policyCtxBefore, policyCtxAfter);
127 SetMultimap<String, NodeId> removedVppNodesByL2Fd = HashMultimap.create();
128 SetMultimap<String, NodeId> createdVppNodesByL2Fd = HashMultimap.create();
129 for (Entry<String, ValueDifference<Collection<NodeId>>> entry : vppNodesByL2FlDiff.entriesDiffering()
131 String bridgeDomain = entry.getKey();
132 Collection<NodeId> beforeNodes = entry.getValue().leftValue();
133 Collection<NodeId> afterNodes = entry.getValue().rightValue();
134 if (beforeNodes != null && afterNodes != null) {
135 SetView<NodeId> removedNodes = Sets.difference(new HashSet<>(beforeNodes), new HashSet<>(afterNodes));
136 removedVppNodesByL2Fd.putAll(bridgeDomain, removedNodes);
137 SetView<NodeId> createdNodes = Sets.difference(new HashSet<>(afterNodes), new HashSet<>(beforeNodes));
138 createdVppNodesByL2Fd.putAll(bridgeDomain, createdNodes);
139 } else if (beforeNodes != null) {
140 removedVppNodesByL2Fd.putAll(bridgeDomain, beforeNodes);
141 } else if (afterNodes != null) {
142 createdVppNodesByL2Fd.putAll(bridgeDomain, afterNodes);
145 Map<String, Collection<NodeId>> removedL2Fds = vppNodesByL2FlDiff.entriesOnlyOnLeft();
146 for (Entry<String, Collection<NodeId>> entry : removedL2Fds.entrySet()) {
147 String bridgeDomain = entry.getKey();
148 Collection<NodeId> removedNodes = entry.getValue();
149 if (removedNodes != null) {
150 removedVppNodesByL2Fd.putAll(bridgeDomain, removedNodes);
153 Map<String, Collection<NodeId>> createdL2Fds = vppNodesByL2FlDiff.entriesOnlyOnRight();
154 for (Entry<String, Collection<NodeId>> entry : createdL2Fds.entrySet()) {
155 String bridgeDomain = entry.getKey();
156 Collection<NodeId> createdNodes = entry.getValue();
157 if (createdNodes != null) {
158 createdVppNodesByL2Fd.putAll(bridgeDomain, createdNodes);
162 ImmutableSet<RendererEndpointKey> rendEpsBefore = policyCtxBefore.getPolicyTable().rowKeySet();
163 ImmutableSet<RendererEndpointKey> rendEpsAfter = policyCtxAfter.getPolicyTable().rowKeySet();
165 SetView<RendererEndpointKey> removedRendEps = Sets.difference(rendEpsBefore, rendEpsAfter);
166 LOG.debug("Removed renderer endpoints {}", removedRendEps);
167 removedRendEps.forEach(rEpKey -> fwManager.removeForwardingForEndpoint(rEpKey, policyCtxBefore));
169 if (!ConfigUtil.getInstance().isL3FlatEnabled()) {
170 LOG.debug("Removing bridge domains on nodes {}", removedVppNodesByL2Fd);
171 fwManager.removeBridgeDomainOnNodes(removedVppNodesByL2Fd);
172 LOG.debug("Creating bridge domains on nodes {}", createdVppNodesByL2Fd);
173 fwManager.createBridgeDomainOnNodes(createdVppNodesByL2Fd);
176 fwManager.syncNatEntries(policyCtxAfter);
178 fwManager.deleteRouting(policyCtxBefore);
179 fwManager.syncRouting(policyCtxAfter);
181 SetView<RendererEndpointKey> createdRendEps = Sets.difference(rendEpsAfter, rendEpsBefore);
182 LOG.debug("Created renderer endpoints {}", createdRendEps);
183 createdRendEps.forEach(rEpKey -> fwManager.createForwardingForEndpoint(rEpKey, policyCtxAfter));
185 SetView<RendererEndpointKey> updatedRendEps = Sets.intersection(rendEpsBefore, rendEpsAfter);
186 LOG.debug("Updated renderer endpoints {}", updatedRendEps);
187 // update forwarding for endpoint
188 updatedRendEps.forEach(rEpKey -> {
189 AddressEndpointWithLocation addrEpWithLocBefore =
190 policyCtxBefore.getAddrEpByKey().get(KeyFactory.addressEndpointKey(rEpKey));
191 AddressEndpointWithLocation addrEpWithLocAfter =
192 policyCtxAfter.getAddrEpByKey().get(KeyFactory.addressEndpointKey(rEpKey));
193 if (isLocationChanged(addrEpWithLocBefore, addrEpWithLocAfter)) {
194 LOG.debug("Location is changed in endpoint {}", rEpKey);
195 LOG.debug("\nLocation before: {}\nLocation after: {}", addrEpWithLocBefore.getAbsoluteLocation(),
196 addrEpWithLocAfter.getAbsoluteLocation());
197 fwManager.removeForwardingForEndpoint(rEpKey, policyCtxBefore);
198 fwManager.createForwardingForEndpoint(rEpKey, policyCtxAfter);
201 updatePolicy(policyCtxBefore, policyCtxAfter);
205 * Looks for changed rule groups in {@code policyCtxBefore} and {@code policyCtxAfter}.
206 * Access lists are updated for endpoints in {@code policyCtxAfter} affected by changed rule
209 * @param policyCtxBefore policy before
210 * @param policyCtxAfter policy after
212 private void updatePolicy(PolicyContext policyCtxBefore, PolicyContext policyCtxAfter) {
213 LOG.info("Updating policy by rule groups.");
214 Set<RuleGroupKey> diffRuleGroups = new HashSet<>();
215 diffRuleGroups.addAll(Sets.difference(policyCtxBefore.getRuleGroupByKey().keySet(),
216 policyCtxAfter.getRuleGroupByKey().keySet()));
217 diffRuleGroups.addAll(Sets.difference(policyCtxAfter.getRuleGroupByKey().keySet(), policyCtxBefore.getRuleGroupByKey().keySet()));
218 LOG.trace("Rule groups changed: {} ", diffRuleGroups.size());
219 Set<RendererEndpointKey> updates = new HashSet<>();
220 for (PolicyContext policy : new PolicyContext[] {policyCtxBefore, policyCtxAfter}) {
221 if (policy.getPolicy().getConfiguration() == null
222 || policy.getPolicy().getConfiguration().getRendererEndpoints() == null
223 || policy.getPolicy().getConfiguration().getRendererEndpoints().getRendererEndpoint() == null) {
228 .getRendererEndpoints()
229 .getRendererEndpoint()
231 .filter(rEp -> !updates.contains(rEp.getKey()))
233 for (PeerEndpoint pEp : rEp.getPeerEndpoint()) {
234 for (RuleGroupWithRendererEndpointParticipation rg : pEp
235 .getRuleGroupWithRendererEndpointParticipation()) {
236 if (!diffRuleGroups.contains(
237 new RuleGroupKey(rg.getContractId(), rg.getSubjectName(), rg.getTenantId()))) {
240 LOG.debug("Updated resolved rule group: {}. Affected endpoints {} and {}.", rg.getKey(), rEp.getKey(), pEp.getKey());
241 updates.add(rEp.getKey());
242 AddressEndpointKey k1 = AddressEndpointUtils.fromPeerEpKey(pEp.getKey());
243 updates.add(AddressEndpointUtils.toRendererEpKey(k1));
248 for (RendererEndpointKey rEpKey : updates) {
249 aclManager.updateAclsForRendEp(rEpKey, policyCtxAfter);
253 private static boolean isLocationChanged(AddressEndpointWithLocation before, AddressEndpointWithLocation after) {
254 ExternalLocationCase locationBefore = ForwardingManager.resolveAndValidateLocation(before);
255 ExternalLocationCase locationAfter = ForwardingManager.resolveAndValidateLocation(after);
256 return !locationBefore.equals(locationAfter);
259 private static MapDifference<String, Collection<NodeId>> createDiffForVppNodesByL2Fd(PolicyContext policyCtxBefore,
260 PolicyContext policyCtxAfter) {
261 ImmutableSet<RendererEndpointKey> rendEpsBefore = policyCtxBefore.getPolicyTable().rowKeySet();
262 ImmutableSet<RendererEndpointKey> rendEpsAfter = policyCtxAfter.getPolicyTable().rowKeySet();
263 SetMultimap<String, NodeId> vppNodesByL2FdBefore = resolveVppNodesByL2Fd(rendEpsBefore, policyCtxBefore);
264 SetMultimap<String, NodeId> vppNodesByL2FdAfter = resolveVppNodesByL2Fd(rendEpsAfter, policyCtxAfter);
265 return Maps.difference(vppNodesByL2FdBefore.asMap(), vppNodesByL2FdAfter.asMap());
268 private void rendererPolicyCreated(RendererPolicy rPolicy) {
269 LOG.trace("VPP renderer policy version {} created", rPolicy.getVersion());
270 PolicyContext policyCtx = new PolicyContext(rPolicy);
271 aclManager.cacheMultiInterfaces(policyCtx);
272 ImmutableSet<RendererEndpointKey> rEpKeys = policyCtx.getPolicyTable().rowKeySet();
273 if (!ConfigUtil.getInstance().isL3FlatEnabled()) {
274 SetMultimap<String, NodeId> vppNodesByL2Fd = resolveVppNodesByL2Fd(rEpKeys, policyCtx);
275 fwManager.createBridgeDomainOnNodes(vppNodesByL2Fd);
277 fwManager.syncNatEntries(policyCtx);
278 fwManager.syncRouting(policyCtx);
279 rEpKeys.forEach(rEpKey -> fwManager.createForwardingForEndpoint(rEpKey, policyCtx));
282 private void rendererPolicyDeleted(RendererPolicy rendererPolicy) {
283 LOG.trace("VPP renderer policy version {} deleted", rendererPolicy.getVersion());
284 PolicyContext policyCtx = new PolicyContext(rendererPolicy);
285 aclManager.cacheMultiInterfaces(policyCtx);
286 ImmutableSet<RendererEndpointKey> rEpKeys = policyCtx.getPolicyTable().rowKeySet();
288 rEpKeys.forEach(rEpKey -> fwManager.removeForwardingForEndpoint(rEpKey, policyCtx));
289 if (!ConfigUtil.getInstance().isL3FlatEnabled()) {
290 SetMultimap<String, NodeId> vppNodesByL2Fd = resolveVppNodesByL2Fd(rEpKeys, policyCtx);
291 fwManager.removeBridgeDomainOnNodes(vppNodesByL2Fd);
293 fwManager.deleteNatEntries(policyCtx);
294 fwManager.deleteRouting(policyCtx);
297 private static SetMultimap<String, NodeId> resolveVppNodesByL2Fd(Set<RendererEndpointKey> rEpKeys,
298 PolicyContext policyCtx) {
299 SetMultimap<String, NodeId> vppNodesByL2Fd = HashMultimap.create();
301 .map(rEpKey -> KeyFactory.addressEndpointKey(rEpKey))
302 .map(addrEpKey -> policyCtx.getAddrEpByKey().get(addrEpKey))
303 .collect(Collectors.toSet())
304 .forEach(addrEpWithLoc -> {
305 java.util.Optional<String> optL2Fd = ForwardingManager.resolveL2FloodDomain(addrEpWithLoc, policyCtx);
306 if (optL2Fd.isPresent()) {
307 ExternalLocationCase rEpLoc = ForwardingManager.resolveAndValidateLocation(addrEpWithLoc);
308 InstanceIdentifier<?> externalNodeMountPoint = rEpLoc.getExternalNodeMountPoint();
309 NodeId vppNode = externalNodeMountPoint.firstKeyOf(Node.class).getNodeId();
310 vppNodesByL2Fd.put(optL2Fd.get(), vppNode);
313 return vppNodesByL2Fd;
317 public void vppNodeChanged(NodeOperEvent event) {
318 switch (event.getDtoModificationType()) {
320 if (event.isAfterConnected()) {
325 if (!event.isBeforeConnected() && event.isAfterConnected()) {
330 if (event.isBeforeConnected()) {