2 * Copyright (c) 2016 Cisco Systems, Inc. and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
9 package org.opendaylight.groupbasedpolicy.renderer.vpp.policy;
11 import java.util.Collection;
12 import java.util.HashSet;
14 import java.util.Map.Entry;
16 import java.util.stream.Collectors;
18 import javax.annotation.Nonnull;
20 import org.opendaylight.controller.config.yang.config.vpp_provider.impl.VppRenderer;
21 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
22 import org.opendaylight.controller.md.sal.binding.api.WriteTransaction;
23 import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
24 import org.opendaylight.groupbasedpolicy.renderer.util.AddressEndpointUtils;
25 import org.opendaylight.groupbasedpolicy.renderer.vpp.config.ConfigUtil;
26 import org.opendaylight.groupbasedpolicy.renderer.vpp.event.NodeOperEvent;
27 import org.opendaylight.groupbasedpolicy.renderer.vpp.event.RendererPolicyConfEvent;
28 import org.opendaylight.groupbasedpolicy.renderer.vpp.policy.acl.AclManager;
29 import org.opendaylight.groupbasedpolicy.renderer.vpp.util.KeyFactory;
30 import org.opendaylight.groupbasedpolicy.util.IidFactory;
31 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.base_endpoint.rev160427.endpoints.address.endpoints.AddressEndpointKey;
32 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.base_endpoint.rev160427.has.absolute.location.absolute.location.location.type.ExternalLocationCase;
33 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.has.rule.group.with.renderer.endpoint.participation.RuleGroupWithRendererEndpointParticipation;
34 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.RendererPolicy;
35 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.RendererPolicyBuilder;
36 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.policy.configuration.RendererForwarding;
37 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.policy.configuration.endpoints.AddressEndpointWithLocation;
38 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.policy.configuration.renderer.endpoints.RendererEndpointKey;
39 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.policy.configuration.renderer.endpoints.renderer.endpoint.PeerEndpoint;
40 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.policy.configuration.rule.groups.RuleGroupKey;
41 import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.NodeId;
42 import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.network.topology.topology.Node;
43 import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
44 import org.slf4j.Logger;
45 import org.slf4j.LoggerFactory;
47 import com.google.common.base.Preconditions;
48 import com.google.common.collect.HashMultimap;
49 import com.google.common.collect.ImmutableSet;
50 import com.google.common.collect.MapDifference;
51 import com.google.common.collect.MapDifference.ValueDifference;
52 import com.google.common.collect.Maps;
53 import com.google.common.collect.SetMultimap;
54 import com.google.common.collect.Sets;
55 import com.google.common.collect.Sets.SetView;
56 import com.google.common.eventbus.Subscribe;
57 import com.google.common.util.concurrent.FutureCallback;
58 import com.google.common.util.concurrent.Futures;
61 public class VppRendererPolicyManager {
63 private static final Logger LOG = LoggerFactory.getLogger(VppRendererPolicyManager.class);
64 private final DataBroker dataProvider;
65 private ForwardingManager fwManager;
66 private final AclManager aclManager;
68 public VppRendererPolicyManager(@Nonnull ForwardingManager fwManager, @Nonnull AclManager aclManager,
69 @Nonnull DataBroker dataProvider) {
70 this.fwManager = Preconditions.checkNotNull(fwManager);
71 this.dataProvider = Preconditions.checkNotNull(dataProvider);
72 this.aclManager = Preconditions.checkNotNull(aclManager);
76 public void rendererPolicyChanged(RendererPolicyConfEvent event) {
77 RendererPolicyBuilder responseBuilder = new RendererPolicyBuilder();
78 switch (event.getDtoModificationType()) {
80 LOG.debug("CREATED : {}", event.getIid());
81 responseBuilder.setVersion(event.getAfter().get().getVersion());
82 rendererPolicyCreated(event.getAfter().get());
85 LOG.debug("UPDATED: {}", event.getIid());
86 RendererPolicy rPolicyBefore = event.getBefore().get();
87 RendererPolicy rPolicyAfter = event.getAfter().get();
88 responseBuilder.setVersion(rPolicyAfter.getVersion());
89 if (rPolicyBefore.getConfiguration() == null && rPolicyAfter.getConfiguration() == null) {
90 LOG.debug("Configuration is not changed only updating config version from {} to {}",
91 rPolicyBefore.getVersion(), rPolicyAfter.getVersion());
93 // TODO collect unconfigured rules and put them to responseBuilder
94 rendererPolicyUpdated(rPolicyBefore, rPolicyAfter);
98 LOG.debug("DELETED: {}", event.getIid());
99 responseBuilder.setVersion(event.getBefore().get().getVersion());
100 rendererPolicyDeleted(event.getBefore().get());
103 WriteTransaction wTx = dataProvider.newWriteOnlyTransaction();
104 RendererPolicy response = responseBuilder.build();
105 wTx.put(LogicalDatastoreType.OPERATIONAL, IidFactory.rendererIid(VppRenderer.NAME).child(RendererPolicy.class),
107 Futures.addCallback(wTx.submit(), new FutureCallback<Void>() {
110 public void onSuccess(Void result) {
111 LOG.info("Renderer updated renderer policy to version {}", response.getVersion());
115 public void onFailure(Throwable t) {
116 LOG.warn("Renderer failed to update renderer-policy to version {}", response.getVersion());
121 private void rendererPolicyUpdated(RendererPolicy rPolicyBefore, RendererPolicy rPolicyAfter) {
122 LOG.trace("VPP renderer policy updated");
123 PolicyContext policyCtxBefore = new PolicyContext(rPolicyBefore);
124 PolicyContext policyCtxAfter = new PolicyContext(rPolicyAfter);
125 aclManager.cacheMultiInterfaces(policyCtxAfter);
126 MapDifference<String, Collection<NodeId>> vppNodesByL2FlDiff =
127 createDiffForVppNodesByL2Fd(policyCtxBefore, policyCtxAfter);
128 SetMultimap<String, NodeId> removedVppNodesByL2Fd = HashMultimap.create();
129 SetMultimap<String, NodeId> createdVppNodesByL2Fd = HashMultimap.create();
130 for (Entry<String, ValueDifference<Collection<NodeId>>> entry : vppNodesByL2FlDiff.entriesDiffering()
132 String bridgeDomain = entry.getKey();
133 Collection<NodeId> beforeNodes = entry.getValue().leftValue();
134 Collection<NodeId> afterNodes = entry.getValue().rightValue();
135 if (beforeNodes != null && afterNodes != null) {
136 SetView<NodeId> removedNodes = Sets.difference(new HashSet<>(beforeNodes), new HashSet<>(afterNodes));
137 removedVppNodesByL2Fd.putAll(bridgeDomain, removedNodes);
138 SetView<NodeId> createdNodes = Sets.difference(new HashSet<>(afterNodes), new HashSet<>(beforeNodes));
139 createdVppNodesByL2Fd.putAll(bridgeDomain, createdNodes);
140 } else if (beforeNodes != null) {
141 removedVppNodesByL2Fd.putAll(bridgeDomain, beforeNodes);
142 } else if (afterNodes != null) {
143 createdVppNodesByL2Fd.putAll(bridgeDomain, afterNodes);
146 Map<String, Collection<NodeId>> removedL2Fds = vppNodesByL2FlDiff.entriesOnlyOnLeft();
147 for (Entry<String, Collection<NodeId>> entry : removedL2Fds.entrySet()) {
148 String bridgeDomain = entry.getKey();
149 Collection<NodeId> removedNodes = entry.getValue();
150 if (removedNodes != null) {
151 removedVppNodesByL2Fd.putAll(bridgeDomain, removedNodes);
154 Map<String, Collection<NodeId>> createdL2Fds = vppNodesByL2FlDiff.entriesOnlyOnRight();
155 for (Entry<String, Collection<NodeId>> entry : createdL2Fds.entrySet()) {
156 String bridgeDomain = entry.getKey();
157 Collection<NodeId> createdNodes = entry.getValue();
158 if (createdNodes != null) {
159 createdVppNodesByL2Fd.putAll(bridgeDomain, createdNodes);
163 ImmutableSet<RendererEndpointKey> rendEpsBefore = policyCtxBefore.getPolicyTable().rowKeySet();
164 ImmutableSet<RendererEndpointKey> rendEpsAfter = policyCtxAfter.getPolicyTable().rowKeySet();
166 SetView<RendererEndpointKey> removedRendEps = Sets.difference(rendEpsBefore, rendEpsAfter);
167 LOG.debug("Removed renderer endpoints {}", removedRendEps);
168 removedRendEps.forEach(rEpKey -> fwManager.removeForwardingForEndpoint(rEpKey, policyCtxBefore));
170 if (!ConfigUtil.getInstance().isL3FlatEnabled()) {
171 LOG.debug("Removing bridge domains on nodes {}", removedVppNodesByL2Fd);
172 fwManager.removeBridgeDomainOnNodes(removedVppNodesByL2Fd);
173 LOG.debug("Creating bridge domains on nodes {}", createdVppNodesByL2Fd);
174 fwManager.createBridgeDomainOnNodes(createdVppNodesByL2Fd);
176 if (rPolicyBefore.getConfiguration() != null) {
177 RendererForwarding rendererForwardingBefore = rPolicyBefore.getConfiguration().getRendererForwarding();
179 SetMultimap<String, NodeId> vppNodesByL2FdBefore =
180 resolveVppNodesByL2Fd(policyCtxBefore.getPolicyTable().rowKeySet(), policyCtxBefore);
181 if (!vppNodesByL2FdBefore.isEmpty()) {
182 LOG.debug("Deleting DhcpRelay for forwarding: {}, on VPP nodes: {}", rendererForwardingBefore,
183 vppNodesByL2FdBefore);
184 fwManager.deleteDhcpRelay(rendererForwardingBefore, vppNodesByL2FdBefore);
188 if (rPolicyAfter.getConfiguration() != null) {
189 RendererForwarding rendererForwardingAfter = rPolicyAfter.getConfiguration().getRendererForwarding();
190 SetMultimap<String, NodeId> vppNodesByL2FdAfter =
191 resolveVppNodesByL2Fd(policyCtxAfter.getPolicyTable().rowKeySet(), policyCtxAfter);
192 if (!vppNodesByL2FdAfter.isEmpty()) {
193 LOG.debug("Creating DhcpRelay for forwarding: {}, on VPP nodes: {}", rendererForwardingAfter,
194 vppNodesByL2FdAfter);
195 fwManager.createDhcpRelay(rendererForwardingAfter, vppNodesByL2FdAfter);
200 fwManager.syncNatEntries(policyCtxAfter);
202 fwManager.deleteRouting(policyCtxBefore);
203 fwManager.syncRouting(policyCtxAfter);
205 SetView<RendererEndpointKey> createdRendEps = Sets.difference(rendEpsAfter, rendEpsBefore);
206 LOG.debug("Created renderer endpoints {}", createdRendEps);
207 createdRendEps.forEach(rEpKey -> fwManager.createForwardingForEndpoint(rEpKey, policyCtxAfter));
209 SetView<RendererEndpointKey> updatedRendEps = Sets.intersection(rendEpsBefore, rendEpsAfter);
210 LOG.debug("Updated renderer endpoints {}", updatedRendEps);
211 // update forwarding for endpoint
212 updatedRendEps.forEach(rEpKey -> {
213 AddressEndpointWithLocation addrEpWithLocBefore =
214 policyCtxBefore.getAddrEpByKey().get(KeyFactory.addressEndpointKey(rEpKey));
215 AddressEndpointWithLocation addrEpWithLocAfter =
216 policyCtxAfter.getAddrEpByKey().get(KeyFactory.addressEndpointKey(rEpKey));
217 if (isLocationChanged(addrEpWithLocBefore, addrEpWithLocAfter)) {
218 LOG.debug("Location is changed in endpoint {}", rEpKey);
219 LOG.debug("\nLocation before: {}\nLocation after: {}", addrEpWithLocBefore.getAbsoluteLocation(),
220 addrEpWithLocAfter.getAbsoluteLocation());
221 fwManager.removeForwardingForEndpoint(rEpKey, policyCtxBefore);
222 fwManager.createForwardingForEndpoint(rEpKey, policyCtxAfter);
225 updatePolicy(policyCtxBefore, policyCtxAfter);
229 * Looks for changed rule groups in {@code policyCtxBefore} and {@code policyCtxAfter}.
230 * Access lists are updated for endpoints in {@code policyCtxAfter} affected by changed rule
233 * @param policyCtxBefore policy before
234 * @param policyCtxAfter policy after
236 private void updatePolicy(PolicyContext policyCtxBefore, PolicyContext policyCtxAfter) {
237 LOG.info("Updating policy by rule groups.");
238 Set<RuleGroupKey> diffRuleGroups = new HashSet<>();
239 diffRuleGroups.addAll(Sets.difference(policyCtxBefore.getRuleGroupByKey().keySet(),
240 policyCtxAfter.getRuleGroupByKey().keySet()));
241 diffRuleGroups.addAll(Sets.difference(policyCtxAfter.getRuleGroupByKey().keySet(), policyCtxBefore.getRuleGroupByKey().keySet()));
242 LOG.trace("Rule groups changed: {} ", diffRuleGroups.size());
243 Set<RendererEndpointKey> updates = new HashSet<>();
244 for (PolicyContext policy : new PolicyContext[] {policyCtxBefore, policyCtxAfter}) {
245 if (policy.getPolicy().getConfiguration() == null
246 || policy.getPolicy().getConfiguration().getRendererEndpoints() == null
247 || policy.getPolicy().getConfiguration().getRendererEndpoints().getRendererEndpoint() == null) {
252 .getRendererEndpoints()
253 .getRendererEndpoint()
255 .filter(rEp -> !updates.contains(rEp.getKey()))
257 for (PeerEndpoint pEp : rEp.getPeerEndpoint()) {
258 for (RuleGroupWithRendererEndpointParticipation rg : pEp
259 .getRuleGroupWithRendererEndpointParticipation()) {
260 if (!diffRuleGroups.contains(
261 new RuleGroupKey(rg.getContractId(), rg.getSubjectName(), rg.getTenantId()))) {
264 if (!policy.equals(policyCtxBefore)) {
265 updates.add(rEp.getKey());
266 AddressEndpointKey k1 = AddressEndpointUtils.fromPeerEpKey(pEp.getKey());
267 updates.add(AddressEndpointUtils.toRendererEpKey(k1));
273 for (RendererEndpointKey rEpKey : updates) {
274 aclManager.updateAclsForRendEp(rEpKey, policyCtxAfter);
278 private static boolean isLocationChanged(AddressEndpointWithLocation before, AddressEndpointWithLocation after) {
279 ExternalLocationCase locationBefore = ForwardingManager.resolveAndValidateLocation(before);
280 ExternalLocationCase locationAfter = ForwardingManager.resolveAndValidateLocation(after);
281 if(locationBefore == null && locationAfter == null) {
284 if(locationBefore == null || locationAfter == null) {
287 return !locationBefore.equals(locationAfter);
290 private static MapDifference<String, Collection<NodeId>> createDiffForVppNodesByL2Fd(PolicyContext policyCtxBefore,
291 PolicyContext policyCtxAfter) {
292 ImmutableSet<RendererEndpointKey> rendEpsBefore = policyCtxBefore.getPolicyTable().rowKeySet();
293 ImmutableSet<RendererEndpointKey> rendEpsAfter = policyCtxAfter.getPolicyTable().rowKeySet();
294 SetMultimap<String, NodeId> vppNodesByL2FdBefore = resolveVppNodesByL2Fd(rendEpsBefore, policyCtxBefore);
295 SetMultimap<String, NodeId> vppNodesByL2FdAfter = resolveVppNodesByL2Fd(rendEpsAfter, policyCtxAfter);
296 return Maps.difference(vppNodesByL2FdBefore.asMap(), vppNodesByL2FdAfter.asMap());
299 private void rendererPolicyCreated(RendererPolicy rPolicy) {
300 LOG.trace("VPP renderer policy version {} created", rPolicy.getVersion());
301 PolicyContext policyCtx = new PolicyContext(rPolicy);
302 aclManager.cacheMultiInterfaces(policyCtx);
303 ImmutableSet<RendererEndpointKey> rEpKeys = policyCtx.getPolicyTable().rowKeySet();
304 SetMultimap<String, NodeId> vppNodesByL2Fd = resolveVppNodesByL2Fd(rEpKeys, policyCtx);
305 if (!ConfigUtil.getInstance().isL3FlatEnabled()) {
306 fwManager.createBridgeDomainOnNodes(vppNodesByL2Fd);
308 RendererForwarding rendererForwarding = rPolicy.getConfiguration().getRendererForwarding();
309 fwManager.createDhcpRelay(rendererForwarding, vppNodesByL2Fd);
312 rEpKeys.forEach(rEpKey -> fwManager.createForwardingForEndpoint(rEpKey, policyCtx));
313 fwManager.syncNatEntries(policyCtx);
314 fwManager.syncRouting(policyCtx);
317 private void rendererPolicyDeleted(RendererPolicy rendererPolicy) {
318 LOG.trace("VPP renderer policy version {} deleted", rendererPolicy.getVersion());
319 PolicyContext policyCtx = new PolicyContext(rendererPolicy);
320 aclManager.cacheMultiInterfaces(policyCtx);
321 ImmutableSet<RendererEndpointKey> rEpKeys = policyCtx.getPolicyTable().rowKeySet();
323 rEpKeys.forEach(rEpKey -> fwManager.removeForwardingForEndpoint(rEpKey, policyCtx));
324 SetMultimap<String, NodeId> vppNodesByL2Fd = resolveVppNodesByL2Fd(rEpKeys, policyCtx);
325 if (!ConfigUtil.getInstance().isL3FlatEnabled()) {
326 fwManager.removeBridgeDomainOnNodes(vppNodesByL2Fd);
328 RendererForwarding rendererForwarding = rendererPolicy.getConfiguration().getRendererForwarding();
329 fwManager.deleteDhcpRelay(rendererForwarding, vppNodesByL2Fd);
331 fwManager.deleteNatEntries(policyCtx);
332 fwManager.deleteRouting(policyCtx);
335 private static SetMultimap<String, NodeId> resolveVppNodesByL2Fd(Set<RendererEndpointKey> rEpKeys,
336 PolicyContext policyCtx) {
337 SetMultimap<String, NodeId> vppNodesByL2Fd = HashMultimap.create();
339 .map(rEpKey -> KeyFactory.addressEndpointKey(rEpKey))
340 .map(addrEpKey -> policyCtx.getAddrEpByKey().get(addrEpKey))
341 .collect(Collectors.toSet())
342 .forEach(addrEpWithLoc -> {
343 java.util.Optional<String> optL2Fd = ForwardingManager.resolveL2FloodDomain(addrEpWithLoc, policyCtx);
344 if (optL2Fd.isPresent()) {
345 ExternalLocationCase rEpLoc = ForwardingManager.resolveAndValidateLocation(addrEpWithLoc);
346 if (rEpLoc != null) {
347 InstanceIdentifier<?> externalNodeMountPoint = rEpLoc.getExternalNodeMountPoint();
348 NodeId vppNode = externalNodeMountPoint.firstKeyOf(Node.class).getNodeId();
349 vppNodesByL2Fd.put(optL2Fd.get(), vppNode);
353 return vppNodesByL2Fd;
357 public void vppNodeChanged(NodeOperEvent event) {
358 switch (event.getDtoModificationType()) {
360 if (event.isAfterConnected()) {
365 if (!event.isBeforeConnected() && event.isAfterConnected()) {
370 if (event.isBeforeConnected()) {