import com.google.common.base.Optional;
import java.math.BigInteger;
import java.util.ArrayList;
+import java.util.Arrays;
import java.util.Collection;
-import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.Future;
-import javax.annotation.Nonnull;
import javax.inject.Inject;
import javax.inject.Singleton;
+import org.eclipse.jdt.annotation.NonNull;
+import org.eclipse.jdt.annotation.Nullable;
import org.opendaylight.controller.md.sal.binding.api.DataBroker;
-import org.opendaylight.controller.md.sal.binding.api.WriteTransaction;
import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
import org.opendaylight.genius.datastoreutils.SingleTransactionDataBroker;
+import org.opendaylight.genius.infra.Datastore.Configuration;
+import org.opendaylight.genius.infra.TypedReadWriteTransaction;
+import org.opendaylight.genius.interfacemanager.interfaces.IInterfaceManager;
import org.opendaylight.genius.mdsalutil.ActionInfo;
import org.opendaylight.genius.mdsalutil.BucketInfo;
import org.opendaylight.genius.mdsalutil.FlowEntity;
import org.opendaylight.genius.mdsalutil.MetaDataUtil;
import org.opendaylight.genius.mdsalutil.NwConstants;
import org.opendaylight.genius.mdsalutil.actions.ActionGroup;
-import org.opendaylight.genius.mdsalutil.actions.ActionNxResubmit;
import org.opendaylight.genius.mdsalutil.actions.ActionSetFieldTunnelId;
import org.opendaylight.genius.mdsalutil.instructions.InstructionApplyActions;
import org.opendaylight.genius.mdsalutil.instructions.InstructionGotoTable;
import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.itm.rpcs.rev160406.GetTunnelInterfaceNameOutput;
import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.itm.rpcs.rev160406.ItmRpcService;
import org.opendaylight.yang.gen.v1.urn.opendaylight.group.types.rev131018.GroupTypes;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.NodeId;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.Nodes;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.nodes.Node;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.nodes.NodeKey;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.fibmanager.rev150330.FibEntries;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.fibmanager.rev150330.fibentries.VrfTables;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.fibmanager.rev150330.fibentries.VrfTablesKey;
private final DataBroker dataBroker;
private final IMdsalApiManager mdsalManager;
private final ItmRpcService itmManager;
- private final OdlInterfaceRpcService interfaceManager;
+ private final OdlInterfaceRpcService odlInterfaceRpcService;
private final IdManagerService idManager;
private final NAPTSwitchSelector naptSwitchSelector;
private final ExternalRoutersListener externalRouterListener;
private final EvpnNaptSwitchHA evpnNaptSwitchHA;
private final SnatServiceManager natServiceManager;
private final NatMode natMode;
+ private final IInterfaceManager interfaceManager;
+ private final NatOverVxlanUtil natOverVxlanUtil;
private volatile Collection<String> externalIpsCache;
public NaptSwitchHA(final DataBroker dataBroker, final IMdsalApiManager mdsalManager,
final ExternalRoutersListener externalRouterListener,
final ItmRpcService itmManager,
- final OdlInterfaceRpcService interfaceManager,
+ final OdlInterfaceRpcService odlInterfaceRpcService,
final IdManagerService idManager,
final NAPTSwitchSelector naptSwitchSelector,
final IFibManager fibManager,
final IElanService elanManager,
final SnatServiceManager natServiceManager,
final NatserviceConfig config,
- final NaptEventHandler naptEventHandler) {
+ final NaptEventHandler naptEventHandler,
+ final IInterfaceManager interfaceManager,
+ final NatOverVxlanUtil natOverVxlanUtil) {
this.dataBroker = dataBroker;
this.mdsalManager = mdsalManager;
this.externalRouterListener = externalRouterListener;
this.itmManager = itmManager;
- this.interfaceManager = interfaceManager;
+ this.odlInterfaceRpcService = odlInterfaceRpcService;
this.idManager = idManager;
this.naptSwitchSelector = naptSwitchSelector;
this.naptEventHandler = naptEventHandler;
this.evpnNaptSwitchHA = evpnNaptSwitchHA;
this.elanManager = elanManager;
this.natServiceManager = natServiceManager;
+ this.interfaceManager = interfaceManager;
if (config != null) {
this.natMode = config.getNatMode();
} else {
this.natMode = NatMode.Controller;
}
+ this.natOverVxlanUtil = natOverVxlanUtil;
}
- /* This method checks the switch that gone down is a NaptSwitch for a router.
- If it is a NaptSwitch
- 1) selects new NAPT switch
- 2) installs nat flows in new NAPT switch
- table 21(FIB)->26(PSNAT)->group(resubmit/napttunnel)->36(Terminating)->46(outbound)->47(resubmit)->21
- 3) modify the group and miss entry flow in other vSwitches pointing to newNaptSwitch
- 4) Remove nat flows in oldNaptSwitch
- */
- /*public void handleNaptSwitchDown(BigInteger dpnId){
-
- LOG.debug("handleNaptSwitchDown method is called with dpnId {}",dpnId);
- BigInteger naptSwitch;
- try {
- NaptSwitches naptSwitches = NatUtil.getNaptSwitch(dataBroker);
- if (naptSwitches == null || naptSwitches.getRouterToNaptSwitch() == null
- || naptSwitches.getRouterToNaptSwitch().isEmpty()) {
- LOG.debug("NaptSwitchDown: NaptSwitch is not allocated for none of the routers");
- return;
- }
- for (RouterToNaptSwitch routerToNaptSwitch : naptSwitches.getRouterToNaptSwitch()) {
- String routerName = routerToNaptSwitch.getRouterName();
- naptSwitch = routerToNaptSwitch.getPrimarySwitchId();
- boolean naptStatus = isNaptSwitchDown(routerName,dpnId,naptSwitch);
- if (!naptStatus) {
- LOG.debug("NaptSwitchDown: Switch with DpnId {} is not naptSwitch for router {}",
- dpnId, routerName);
- } else {
- removeSnatFlowsInOldNaptSwitch(routerName,naptSwitch);
- return;
- }
- }
- } catch (Exception ex) {
- LOG.error("Exception in handleNaptSwitchDown method {}",ex);
- }
- }*/
-
protected void removeSnatFlowsInOldNaptSwitch(String routerName, Long routerId, BigInteger naptSwitch,
- Map<String, Long> externalIpmap, WriteTransaction removeFlowInvTx) {
+ @Nullable Map<String, Long> externalIpmap, String externalVpnName,
+ TypedReadWriteTransaction<Configuration> confTx)
+ throws ExecutionException, InterruptedException {
+
//remove SNAT flows in old NAPT SWITCH
- Uuid networkId = NatUtil.getNetworkIdFromRouterName(dataBroker, routerName);
- String vpnName = getExtNetworkVpnName(routerName, networkId);
+ Uuid extNetworkId = NatUtil.getNetworkIdFromRouterName(dataBroker, routerName);
+ String vpnName = getExtNetworkVpnName(routerName, extNetworkId);
if (vpnName == null) {
LOG.error("removeSnatFlowsInOldNaptSwitch : Vpn is not associated to externalN/w of router {}",
- routerName);
+ routerName);
return;
}
- ProviderTypes extNwProvType = NatEvpnUtil.getExtNwProvTypeFromRouterName(dataBroker, routerName, networkId);
+ ProviderTypes extNwProvType = NatEvpnUtil.getExtNwProvTypeFromRouterName(dataBroker, routerName, extNetworkId);
if (extNwProvType == null) {
LOG.error("removeSnatFlowsInOldNaptSwitch : Unable to retrieve the External Network Provider Type "
- + "for Router {}", routerName);
+ + "for Router {}", routerName);
return;
}
if (extNwProvType == ProviderTypes.VXLAN) {
- evpnNaptSwitchHA.evpnRemoveSnatFlowsInOldNaptSwitch(routerName, routerId, vpnName, naptSwitch,
- removeFlowInvTx);
+ evpnNaptSwitchHA.evpnRemoveSnatFlowsInOldNaptSwitch(routerName, routerId, vpnName, naptSwitch, confTx);
} else {
//Remove the Terminating Service table entry which forwards the packet to Outbound NAPT Table
- long tunnelId = NatUtil.getTunnelIdForNonNaptToNaptFlow(dataBroker, elanManager, idManager, routerId,
- routerName);
+ long tunnelId = NatUtil.getTunnelIdForNonNaptToNaptFlow(dataBroker, natOverVxlanUtil, elanManager,
+ idManager, routerId, routerName);
String tsFlowRef = externalRouterListener.getFlowRefTs(naptSwitch, NwConstants.INTERNAL_TUNNEL_TABLE,
- tunnelId);
+ tunnelId);
FlowEntity tsNatFlowEntity = NatUtil.buildFlowEntity(naptSwitch, NwConstants.INTERNAL_TUNNEL_TABLE,
- tsFlowRef);
+ tsFlowRef);
LOG.info("removeSnatFlowsInOldNaptSwitch : Remove the flow in table {} for the old napt switch "
- + "with the DPN ID {} and router ID {}", NwConstants.INTERNAL_TUNNEL_TABLE, naptSwitch, routerId);
- mdsalManager.removeFlowToTx(tsNatFlowEntity, removeFlowInvTx);
+ + "with the DPN ID {} and router ID {}", NwConstants.INTERNAL_TUNNEL_TABLE, naptSwitch, routerId);
+ mdsalManager.removeFlow(confTx, tsNatFlowEntity);
}
if (NatUtil.isOpenStackVniSemanticsEnforcedForGreAndVxlan(elanManager, extNwProvType)) {
//Remove the flow table 25->44 If there is no FIP Match on table 25 (PDNAT_TABLE)
- NatUtil.removePreDnatToSnatTableEntry(mdsalManager, naptSwitch, removeFlowInvTx);
+ NatUtil.removePreDnatToSnatTableEntry(confTx, mdsalManager, naptSwitch);
}
//Remove the Outbound flow entry which forwards the packet to Outbound NAPT Table
- String outboundNatFlowRef = externalRouterListener.getFlowRefOutbound(naptSwitch,
- NwConstants.OUTBOUND_NAPT_TABLE, routerId);
- FlowEntity outboundNatFlowEntity = NatUtil.buildFlowEntity(naptSwitch,
- NwConstants.OUTBOUND_NAPT_TABLE, outboundNatFlowRef);
LOG.info("Remove the flow in table {} for the old napt switch with the DPN ID {} and router ID {}",
NwConstants.OUTBOUND_NAPT_TABLE, naptSwitch, routerId);
- mdsalManager.removeFlowToTx(outboundNatFlowEntity, removeFlowInvTx);
+
+ String outboundTcpNatFlowRef = externalRouterListener.getFlowRefOutbound(naptSwitch,
+ NwConstants.OUTBOUND_NAPT_TABLE, routerId, NwConstants.IP_PROT_TCP);
+ FlowEntity outboundTcpNatFlowEntity = NatUtil.buildFlowEntity(naptSwitch,
+ NwConstants.OUTBOUND_NAPT_TABLE, outboundTcpNatFlowRef);
+ mdsalManager.removeFlow(confTx, outboundTcpNatFlowEntity);
+
+ String outboundUdpNatFlowRef = externalRouterListener.getFlowRefOutbound(naptSwitch,
+ NwConstants.OUTBOUND_NAPT_TABLE, routerId, NwConstants.IP_PROT_UDP);
+ FlowEntity outboundUdpNatFlowEntity = NatUtil.buildFlowEntity(naptSwitch,
+ NwConstants.OUTBOUND_NAPT_TABLE, outboundUdpNatFlowRef);
+ mdsalManager.removeFlow(confTx, outboundUdpNatFlowEntity);
+
+ String icmpDropFlowRef = externalRouterListener.getFlowRefOutbound(naptSwitch,
+ NwConstants.OUTBOUND_NAPT_TABLE, routerId, NwConstants.IP_PROT_ICMP);
+ FlowEntity icmpDropFlowEntity = NatUtil.buildFlowEntity(naptSwitch, NwConstants.OUTBOUND_NAPT_TABLE,
+ icmpDropFlowRef);
+ mdsalManager.removeFlow(confTx, icmpDropFlowEntity);
//Remove the NAPT PFIB TABLE (47->21) which forwards the incoming packet to FIB Table matching on the
// External Subnet Vpn Id.
Collection<Uuid> externalSubnetIdsForRouter = NatUtil.getExternalSubnetIdsForRouter(dataBroker,
- routerName);
+ routerName);
for (Uuid externalSubnetId : externalSubnetIdsForRouter) {
long subnetVpnId = NatUtil.getVpnId(dataBroker, externalSubnetId.getValue());
- if (subnetVpnId != -1) {
+ if (subnetVpnId != -1 && !NatUtil.checkForRoutersWithSameExtSubnetAndNaptSwitch(
+ dataBroker, externalSubnetId, routerName, naptSwitch)) {
String natPfibSubnetFlowRef = externalRouterListener.getFlowRefTs(naptSwitch,
- NwConstants.NAPT_PFIB_TABLE, subnetVpnId);
+ NwConstants.NAPT_PFIB_TABLE, subnetVpnId);
FlowEntity natPfibFlowEntity = NatUtil.buildFlowEntity(naptSwitch, NwConstants.NAPT_PFIB_TABLE,
- natPfibSubnetFlowRef);
- mdsalManager.removeFlowToTx(natPfibFlowEntity, removeFlowInvTx);
+ natPfibSubnetFlowRef);
+ mdsalManager.removeFlow(confTx, natPfibFlowEntity);
LOG.debug("removeSnatFlowsInOldNaptSwitch : Removed the flow in table {} with external subnet "
- + "Vpn Id {} as metadata on Napt Switch {} and vpnId {}", NwConstants.NAPT_PFIB_TABLE,
- subnetVpnId, naptSwitch);
+ + "Vpn Id {} as metadata on Napt Switch {}", NwConstants.NAPT_PFIB_TABLE,
+ subnetVpnId, naptSwitch);
}
}
// Remove the NAPT_PFIB_TABLE(47) flow entry forwards the packet to Fib Table for inbound traffic
// matching on the router ID.
- String naptPFibflowRef = externalRouterListener.getFlowRefTs(naptSwitch, NwConstants.NAPT_PFIB_TABLE, routerId);
+ String naptPFibflowRef =
+ externalRouterListener.getFlowRefTs(naptSwitch, NwConstants.NAPT_PFIB_TABLE, routerId);
FlowEntity naptPFibFlowEntity =
NatUtil.buildFlowEntity(naptSwitch, NwConstants.NAPT_PFIB_TABLE, naptPFibflowRef);
LOG.info("removeSnatFlowsInOldNaptSwitch : Remove the flow in table {} for the old napt switch "
- + "with the DPN ID {} and router ID {}", NwConstants.NAPT_PFIB_TABLE, naptSwitch, routerId);
- mdsalManager.removeFlowToTx(naptPFibFlowEntity, removeFlowInvTx);
+ + "with the DPN ID {} and router ID {}", NwConstants.NAPT_PFIB_TABLE, naptSwitch, routerId);
+ mdsalManager.removeFlow(confTx, naptPFibFlowEntity);
// Remove the NAPT_PFIB_TABLE(47) flow entry forwards the packet to Fib Table for outbound traffic
// matching on the vpn ID.
boolean switchSharedByRouters = false;
- Uuid extNetworkId = NatUtil.getNetworkIdFromRouterName(dataBroker, routerName);
- if (extNetworkId != null) {
+ if (extNetworkId != null && !NatUtil.checkForRoutersWithSameExtNetAndNaptSwitch(
+ dataBroker, extNetworkId, routerName, naptSwitch)) {
List<String> routerNamesAssociated = getRouterIdsForExtNetwork(extNetworkId);
for (String routerNameAssociated : routerNamesAssociated) {
if (!routerNameAssociated.equals(routerName)) {
BigInteger naptDpn = NatUtil.getPrimaryNaptfromRouterName(dataBroker, routerNameAssociated);
if (naptDpn != null && naptDpn.equals(naptSwitch)) {
LOG.debug("removeSnatFlowsInOldNaptSwitch : Napt switch {} is also acting as primary "
- + "for router {}", routerIdAssociated);
+ + "for router {}", naptSwitch, routerIdAssociated);
switchSharedByRouters = true;
break;
}
}
}
if (!switchSharedByRouters) {
- Long vpnId = getVpnIdForRouter(routerId, extNetworkId);
+ Long vpnId = NatUtil.getVpnId(dataBroker,externalVpnName);
if (vpnId != NatConstants.INVALID_ID) {
String naptFibflowRef =
- externalRouterListener.getFlowRefTs(naptSwitch, NwConstants.NAPT_PFIB_TABLE, vpnId);
+ externalRouterListener.getFlowRefTs(naptSwitch, NwConstants.NAPT_PFIB_TABLE, vpnId);
FlowEntity naptFibFlowEntity =
- NatUtil.buildFlowEntity(naptSwitch, NwConstants.NAPT_PFIB_TABLE, naptFibflowRef);
+ NatUtil.buildFlowEntity(naptSwitch, NwConstants.NAPT_PFIB_TABLE, naptFibflowRef);
LOG.info("removeSnatFlowsInOldNaptSwitch : Remove the flow in table {} for the old napt switch"
- + " with the DPN ID {} and vpnId {}", NwConstants.NAPT_PFIB_TABLE, naptSwitch, vpnId);
- mdsalManager.removeFlowToTx(naptFibFlowEntity, removeFlowInvTx);
+ + " with the DPN ID {} and vpnId {}", NwConstants.NAPT_PFIB_TABLE, naptSwitch, vpnId);
+ mdsalManager.removeFlow(confTx, naptFibFlowEntity);
} else {
LOG.error("removeSnatFlowsInOldNaptSwitch : Invalid vpnId retrieved for routerId {}",
- routerId);
+ routerId);
return;
}
}
for (Entry<String, Long> entry : externalIpmap.entrySet()) {
String externalIp = entry.getKey();
Long label = entry.getValue();
- externalRouterListener.delFibTsAndReverseTraffic(naptSwitch, routerId, externalIp, vpnName,
- extNetworkId, label, gwMacAddress, true, removeFlowInvTx);
+ externalRouterListener.delFibTsAndReverseTraffic(naptSwitch, routerName, routerId, externalIp, vpnName,
+ extNetworkId, label, gwMacAddress, true, confTx);
LOG.debug("removeSnatFlowsInOldNaptSwitch : Successfully removed fib entries in old naptswitch {} "
- + "for router {} and externalIps {} label {}", naptSwitch, routerId, externalIp, label);
+ + "for router {} and externalIps {} label {}", naptSwitch, routerId, externalIp, label);
}
} else {
List<String> externalIps = NatUtil.getExternalIpsForRouter(dataBroker, routerName);
- if (networkId != null) {
- externalRouterListener.clearFibTsAndReverseTraffic(naptSwitch, routerId, networkId,
- externalIps, null, gwMacAddress, removeFlowInvTx);
- LOG.debug("removeSnatFlowsInOldNaptSwitch : Successfully removed fib entries in old naptswitch {} for "
- + "router {} with networkId {} and externalIps {}", naptSwitch, routerId, networkId,
- externalIps);
+ if (extNetworkId != null) {
+ externalRouterListener.clearFibTsAndReverseTraffic(naptSwitch, routerId, extNetworkId,
+ externalIps, null, gwMacAddress, confTx);
+ LOG.debug(
+ "removeSnatFlowsInOldNaptSwitch : Successfully removed fib entries in old naptswitch {} for "
+ + "router {} with networkId {} and externalIps {}", naptSwitch, routerId, extNetworkId,
+ externalIps);
} else {
- LOG.debug("removeSnatFlowsInOldNaptSwitch : External network not associated to router {}", routerId);
+ LOG.debug("removeSnatFlowsInOldNaptSwitch : External network not associated to router {}",
+ routerId);
}
externalRouterListener.removeNaptFibExternalOutputFlows(routerId, naptSwitch, extNetworkId,
- externalIps, removeFlowInvTx);
+ externalIps, confTx);
}
//For the router ID get the internal IP , internal port and the corresponding external IP and external Port.
if (ipPortMapping == null || ipPortMapping.getIntextIpProtocolType() == null
|| ipPortMapping.getIntextIpProtocolType().isEmpty()) {
LOG.warn("removeSnatFlowsInOldNaptSwitch : No Internal Ip Port mapping associated to router {}, "
- + "no flows need to be removed in oldNaptSwitch {}", routerId, naptSwitch);
+ + "no flows need to be removed in oldNaptSwitch {}", routerId, naptSwitch);
return;
}
BigInteger cookieSnatFlow = NatUtil.getCookieNaptFlow(routerId);
if (intextIpProtocolType.getIpPortMap() == null || intextIpProtocolType.getIpPortMap().isEmpty()) {
LOG.debug("removeSnatFlowsInOldNaptSwitch : No {} session associated to router {},"
+ "no flows need to be removed in oldNaptSwitch {}",
- intextIpProtocolType.getProtocol(), routerId, naptSwitch);
- break;
+ intextIpProtocolType.getProtocol(), routerId, naptSwitch);
+ continue;
}
+ String protocol = intextIpProtocolType.getProtocol().name();
List<IpPortMap> ipPortMaps = intextIpProtocolType.getIpPortMap();
for (IpPortMap ipPortMap : ipPortMaps) {
String ipPortInternal = ipPortMap.getIpPortInternal();
//Build and remove flow in outbound NAPT table
String switchFlowRef =
NatUtil.getNaptFlowRef(naptSwitch, NwConstants.OUTBOUND_NAPT_TABLE, String.valueOf(routerId),
- internalIp, Integer.parseInt(internalPort));
- FlowEntity outboundNaptFlowEntity = NatUtil.buildFlowEntity(naptSwitch, NwConstants.OUTBOUND_NAPT_TABLE,
- cookieSnatFlow, switchFlowRef);
+ internalIp, Integer.parseInt(internalPort), protocol);
+ FlowEntity outboundNaptFlowEntity =
+ NatUtil.buildFlowEntity(naptSwitch, NwConstants.OUTBOUND_NAPT_TABLE,
+ cookieSnatFlow, switchFlowRef);
LOG.info("removeSnatFlowsInOldNaptSwitch : Remove the flow in table {} for old napt switch "
- + "with the DPN ID {} and router ID {}", NwConstants.OUTBOUND_NAPT_TABLE, naptSwitch, routerId);
- mdsalManager.removeFlowToTx(outboundNaptFlowEntity, removeFlowInvTx);
-
- IpPortExternal ipPortExternal = ipPortMap.getIpPortExternal();
- if (ipPortExternal == null) {
- LOG.debug("removeSnatFlowsInOldNaptSwitch : External Ipport mapping not found for internalIp {} "
- + "with port {} for router", internalIp, internalPort, routerId);
- continue;
- }
- String externalIp = ipPortExternal.getIpAddress();
- int externalPort = ipPortExternal.getPortNum();
+ + "with the DPN ID {} and router ID {}", NwConstants.OUTBOUND_NAPT_TABLE, naptSwitch, routerId);
+ mdsalManager.removeFlow(confTx, outboundNaptFlowEntity);
//Build and remove flow in inbound NAPT table
switchFlowRef =
NatUtil.getNaptFlowRef(naptSwitch, NwConstants.INBOUND_NAPT_TABLE, String.valueOf(routerId),
- externalIp, externalPort);
- FlowEntity inboundNaptFlowEntity = NatUtil.buildFlowEntity(naptSwitch, NwConstants.INBOUND_NAPT_TABLE,
- cookieSnatFlow, switchFlowRef);
+ internalIp, Integer.parseInt(internalPort), protocol);
+ FlowEntity inboundNaptFlowEntity =
+ NatUtil.buildFlowEntity(naptSwitch, NwConstants.INBOUND_NAPT_TABLE,
+ cookieSnatFlow, switchFlowRef);
- LOG.info("removeSnatFlowsInOldNaptSwitch : Remove the flow in table {} for old napt switch with the "
+ LOG.info(
+ "removeSnatFlowsInOldNaptSwitch : Remove the flow in table {} for old napt switch with the "
+ "DPN ID {} and router ID {}", NwConstants.INBOUND_NAPT_TABLE, naptSwitch, routerId);
- mdsalManager.removeFlowToTx(inboundNaptFlowEntity, removeFlowInvTx);
+ mdsalManager.removeFlow(confTx, inboundNaptFlowEntity);
}
}
}
- @Nonnull
+ @NonNull
private List<String> getRouterIdsForExtNetwork(Uuid extNetworkId) {
List<String> routerUuidsAsString = new ArrayList<>();
InstanceIdentifier<Networks> extNetwork = InstanceIdentifier.builder(ExternalNetworks.class)
public boolean isNaptSwitchDown(String routerName, Long routerId, BigInteger dpnId, BigInteger naptSwitch,
Long routerVpnId, Collection<String> externalIpCache,
- WriteTransaction writeFlowInvTx) {
+ TypedReadWriteTransaction<Configuration> confTx)
+ throws ExecutionException, InterruptedException {
return isNaptSwitchDown(routerName, routerId, dpnId, naptSwitch, routerVpnId, externalIpCache, true,
- writeFlowInvTx);
+ confTx);
}
// TODO Clean up the exception handling
@SuppressWarnings("checkstyle:IllegalCatch")
public boolean isNaptSwitchDown(String routerName, Long routerId, BigInteger dpnId, BigInteger naptSwitch,
Long routerVpnId, Collection<String> externalIpCache, boolean isClearBgpRts,
- WriteTransaction writeFlowInvTx) {
+ TypedReadWriteTransaction<Configuration> confTx)
+ throws ExecutionException, InterruptedException {
externalIpsCache = externalIpCache;
if (!naptSwitch.equals(dpnId)) {
LOG.debug("isNaptSwitchDown : DpnId {} is not a naptSwitch {} for Router {}",
Uuid networkId = NatUtil.getNetworkIdFromRouterName(dataBroker, routerName);
String vpnName = getExtNetworkVpnName(routerName, networkId);
//elect a new NaptSwitch
- naptSwitch = naptSwitchSelector.selectNewNAPTSwitch(routerName);
+ naptSwitch = naptSwitchSelector.selectNewNAPTSwitch(routerName, Arrays.asList(naptSwitch));
if (natMode == NatMode.Conntrack) {
Routers extRouters = NatUtil.getRoutersFromConfigDS(dataBroker, routerName);
- natServiceManager.notify(extRouters, dpnId, dpnId, SnatServiceManager.Action.SNAT_ALL_SWITCH_DISBL);
- natServiceManager.notify(extRouters, naptSwitch, naptSwitch,
- SnatServiceManager.Action.SNAT_ALL_SWITCH_ENBL);
+ natServiceManager.notify(confTx, extRouters, null, dpnId, dpnId,
+ SnatServiceManager.Action.CNT_ROUTER_ALL_SWITCH_DISBL);
+ if (extRouters.isEnableSnat()) {
+ natServiceManager.notify(confTx, extRouters, null, dpnId, dpnId,
+ SnatServiceManager.Action.SNAT_ALL_SWITCH_DISBL);
+ }
+ natServiceManager.notify(confTx, extRouters, null, naptSwitch, naptSwitch,
+ SnatServiceManager.Action.CNT_ROUTER_ALL_SWITCH_ENBL);
+ if (extRouters.isEnableSnat()) {
+ natServiceManager.notify(confTx, extRouters, null, naptSwitch, naptSwitch,
+ SnatServiceManager.Action.SNAT_ALL_SWITCH_ENBL);
+ }
} else {
if (naptSwitch.equals(BigInteger.ZERO)) {
LOG.warn("isNaptSwitchDown : No napt switch is elected since all the switches for router {}"
- + " are down. SNAT IS NOT SUPPORTED FOR ROUTER {}", routerName);
+ + " are down. SNAT IS NOT SUPPORTED FOR ROUTER {}", routerName, routerName);
boolean naptUpdatedStatus = updateNaptSwitch(routerName, naptSwitch);
if (!naptUpdatedStatus) {
LOG.debug("isNaptSwitchDown : Failed to update naptSwitch {} for router {} in ds",
return true;
}
//checking elected switch health status
- if (!getSwitchStatus(naptSwitch)) {
+ if (!NatUtil.getSwitchStatus(dataBroker, naptSwitch)) {
LOG.error("isNaptSwitchDown : Newly elected Napt switch {} for router {} is down",
naptSwitch, routerName);
return true;
} else {
LOG.debug("isNaptSwitchDown : Successfully installed flow in naptSwitch {} for router {}",
naptSwitch, routerName);
- mdsalManager.addFlowToTx(flowEntity, writeFlowInvTx);
+ mdsalManager.addFlow(confTx, flowEntity);
}
- installSnatFlows(routerName, routerId, naptSwitch, routerVpnId, writeFlowInvTx);
+ installSnatFlows(routerName, routerId, naptSwitch, routerVpnId, networkId, vpnName, confTx);
boolean flowInstalledStatus = handleNatFlowsInNewNaptSwitch(routerName, routerId, dpnId, naptSwitch,
routerVpnId, networkId);
}
//remove group in new naptswitch, coz this switch acted previously as ordinary switch
- long groupId = NatUtil.createGroupId(NatUtil.getGroupIdKey(routerName), idManager);
- GroupEntity groupEntity = null;
- try {
- groupEntity = MDSALUtil.buildGroupEntity(naptSwitch, groupId, routerName,
- GroupTypes.GroupAll, Collections.emptyList() /*listBucketInfo*/);
- LOG.info("isNaptSwitchDown : Removing NAPT Group in new naptSwitch {}", naptSwitch);
- mdsalManager.removeGroup(groupEntity);
- } catch (Exception ex) {
- LOG.error("isNaptSwitchDown : Failed to remove group in new naptSwitch {}", groupEntity, ex);
+ long groupId = NatUtil.getUniqueId(idManager, NatConstants.SNAT_IDPOOL_NAME,
+ NatUtil.getGroupIdKey(routerName));
+ if (groupId != NatConstants.INVALID_ID) {
+ try {
+ LOG.info("isNaptSwitchDown : Removing NAPT Group in new naptSwitch {}",
+ naptSwitch);
+ mdsalManager.removeGroup(confTx, naptSwitch, groupId);
+ } catch (Exception ex) {
+ LOG.error("isNaptSwitchDown : Failed to remove group in new naptSwitch {}",
+ naptSwitch, ex);
+ }
+ } else {
+ LOG.error("NAT Service : Unable to obtain groupId for router:{}", routerName);
}
}
return true;
}
+ @Nullable
private String getExtNetworkVpnName(String routerName, Uuid networkId) {
if (networkId == null) {
LOG.error("getExtNetworkVpnName : networkId is null for the router ID {}", routerName);
LOG.debug("updateNaptSwitchBucketStatus : Updating SNAT_TABLE missentry for DpnId {} "
+ "which is not naptSwitch for router {}", dpn, routerName);
List<BucketInfo> bucketInfoList = handleGroupInNeighborSwitches(dpn, routerName, routerId, naptSwitch);
+ if (bucketInfoList.isEmpty()) {
+ LOG.error("Failed to populate bucketInfo for non-napt switch {} whose naptSwitch:{} for router:{}",
+ dpn,naptSwitch,routerName);
+ continue;
+ }
modifySnatGroupEntry(dpn, bucketInfoList, routerName);
+ externalRouterListener.installSnatMissEntry(dpn, bucketInfoList, routerName, routerId);
}
}
}
}
Long bgpVpnId;
if (routerId.equals(routerVpnId)) {
- bgpVpnId = NatConstants.INVALID_ID;
+ bgpVpnId = Long.valueOf(NatConstants.INVALID_ID);
} else {
bgpVpnId = routerVpnId;
}
SessionAddress externalAddress = new SessionAddress(externalIpAddress, extportNumber);
//checking naptSwitch status before installing flows
- if (getSwitchStatus(newNaptSwitch)) {
+ if (NatUtil.getSwitchStatus(dataBroker, newNaptSwitch)) {
//Install the flow in newNaptSwitch Inbound NAPT table.
try {
naptEventHandler.buildAndInstallNatFlows(newNaptSwitch, NwConstants.INBOUND_NAPT_TABLE,
vpnId, routerId, bgpVpnId, sourceAddress, externalAddress, proto, extGwMacAddress);
} catch (RuntimeException ex) {
LOG.error("handleNatFlowsInNewNaptSwitch : Failed to add flow in OUTBOUND_NAPT_TABLE for "
- + "routerid {} dpnId {} ipport {}:{} proto {} extIpport {}:{} BgpVpnId {} - {}",
+ + "routerid {} dpnId {} ipport {}:{} proto {} extIpport {}:{} BgpVpnId {}",
routerId, newNaptSwitch, internalIpAddress,
intportnum, proto, externalAddress, extportNumber, bgpVpnId, ex);
return false;
} catch (Exception ex) {
LOG.error("getVpnIdForRouter : Exception while retrieving vpnId for router {}", routerId, ex);
}
- return NatConstants.INVALID_ID;
- }
-
- public boolean getSwitchStatus(BigInteger switchId) {
- NodeId nodeId = new NodeId("openflow:" + switchId);
- LOG.debug("getSwitchStatus : Querying switch with dpnId {} is up/down", nodeId);
- InstanceIdentifier<Node> nodeInstanceId = InstanceIdentifier.builder(Nodes.class)
- .child(Node.class, new NodeKey(nodeId)).build();
- Optional<Node> nodeOptional =
- SingleTransactionDataBroker.syncReadOptionalAndTreatReadFailedExceptionAsAbsentOptional(dataBroker,
- LogicalDatastoreType.OPERATIONAL, nodeInstanceId);
- if (nodeOptional.isPresent()) {
- LOG.debug("getSwitchStatus : Switch {} is up", nodeId);
- return true;
- }
- LOG.debug("getSwitchStatus : Switch {} is down", nodeId);
- return false;
+ return Long.valueOf(NatConstants.INVALID_ID);
}
- public List<BucketInfo> handleGroupInPrimarySwitch() {
- List<BucketInfo> listBucketInfo = new ArrayList<>();
- List<ActionInfo> listActionInfoPrimary = new ArrayList<>();
- listActionInfoPrimary.add(new ActionNxResubmit(NwConstants.INTERNAL_TUNNEL_TABLE));
- BucketInfo bucketPrimary = new BucketInfo(listActionInfoPrimary);
- listBucketInfo.add(bucketPrimary);
- return listBucketInfo;
- }
-
- @Nonnull
+ @NonNull
public List<BucketInfo> handleGroupInNeighborSwitches(BigInteger dpnId, String routerName, long routerId,
BigInteger naptSwitch) {
List<BucketInfo> listBucketInfo = new ArrayList<>();
LOG.debug("handleGroupInNeighborSwitches : TunnelInterface {} between ordinary switch {} and naptSwitch {}",
ifNamePrimary, dpnId, naptSwitch);
List<ActionInfo> listActionInfoPrimary =
- NatUtil.getEgressActionsForInterface(interfaceManager, ifNamePrimary, routerId);
+ NatUtil.getEgressActionsForInterface(odlInterfaceRpcService, itmManager, interfaceManager,
+ ifNamePrimary, routerId, true);
BucketInfo bucketPrimary = new BucketInfo(listActionInfoPrimary);
listBucketInfo.add(bucketPrimary);
} else {
protected void installSnatGroupEntry(BigInteger dpnId, List<BucketInfo> bucketInfo, String routerName) {
GroupEntity groupEntity = null;
try {
- long groupId = NatUtil.createGroupId(NatUtil.getGroupIdKey(routerName), idManager);
- LOG.debug("installSnatGroupEntry : install SnatMissEntry for groupId {} for dpnId {} for router {}",
+ long groupId = NatUtil.getUniqueId(idManager, NatConstants.SNAT_IDPOOL_NAME,
+ NatUtil.getGroupIdKey(routerName));
+ if (groupId != NatConstants.INVALID_ID) {
+ LOG.debug(
+ "installSnatGroupEntry : install SnatMissEntry for groupId {} for dpnId {} for router {}",
groupId, dpnId, routerName);
- groupEntity = MDSALUtil.buildGroupEntity(dpnId, groupId, routerName,
- GroupTypes.GroupAll, bucketInfo);
- mdsalManager.syncInstallGroup(groupEntity);
- LOG.debug("installSnatGroupEntry : installed the SNAT to NAPT GroupEntity:{}", groupEntity);
+ groupEntity = MDSALUtil.buildGroupEntity(dpnId, groupId, routerName,
+ GroupTypes.GroupAll, bucketInfo);
+ mdsalManager.syncInstallGroup(groupEntity);
+ LOG.debug("installSnatGroupEntry : installed the SNAT to NAPT GroupEntity:{}",
+ groupEntity);
+ } else {
+ LOG.error("installSnatGroupEntry: Unable to obtain groupId for router:{}", routerName);
+ }
} catch (Exception ex) {
LOG.error("installSnatGroupEntry : Failed to install group for groupEntity {}", groupEntity, ex);
}
LOG.debug("modifySnatGroupEntry : modified SnatMissEntry for dpnId {} of router {}", dpnId, routerName);
}
+ @Nullable
protected String getTunnelInterfaceName(BigInteger srcDpId, BigInteger dstDpId) {
Class<? extends TunnelTypeBase> tunType = TunnelTypeVxlan.class;
RpcResult<GetTunnelInterfaceNameOutput> rpcResult;
// TODO Clean up the exception handling
@SuppressWarnings("checkstyle:IllegalCatch")
public boolean updateNaptSwitch(String routerName, BigInteger naptSwitchId) {
- RouterToNaptSwitch naptSwitch = new RouterToNaptSwitchBuilder().setKey(new RouterToNaptSwitchKey(routerName))
+ RouterToNaptSwitch naptSwitch = new RouterToNaptSwitchBuilder().withKey(new RouterToNaptSwitchKey(routerName))
.setPrimarySwitchId(naptSwitchId).build();
try {
MDSALUtil.syncWrite(dataBroker, LogicalDatastoreType.CONFIGURATION,
if (addordel == NatConstants.ADD_FLOW) {
List<ActionInfo> actionsInfo = new ArrayList<>();
- long tunnelId = NatUtil.getTunnelIdForNonNaptToNaptFlow(dataBroker, elanManager, idManager, routerVpnId,
- routerName);
+ long tunnelId = NatUtil.getTunnelIdForNonNaptToNaptFlow(dataBroker, natOverVxlanUtil, elanManager,
+ idManager, routerVpnId, routerName);
actionsInfo.add(new ActionSetFieldTunnelId(BigInteger.valueOf(tunnelId)));
LOG.debug("buildSnatFlowEntity : Setting the tunnel to the list of action infos {}", actionsInfo);
actionsInfo.add(new ActionGroup(groupId));
}
protected void installSnatFlows(String routerName, Long routerId, BigInteger naptSwitch, Long routerVpnId,
- WriteTransaction writeFlowInvTx) {
+ Uuid networkId, String vpnName, TypedReadWriteTransaction<Configuration> confTx) {
if (routerId.equals(routerVpnId)) {
LOG.debug("installSnatFlows : Installing flows for router with internalvpnId");
//36 -> 46 ..Install flow forwarding packet to table46 from table36
LOG.debug("installSnatFlows : installTerminatingServiceTblEntry in naptswitch with dpnId {} for "
+ "routerName {} with routerId {}", naptSwitch, routerName, routerId);
- externalRouterListener.installTerminatingServiceTblEntry(naptSwitch, routerName, routerId, writeFlowInvTx);
+ externalRouterListener.installTerminatingServiceTblEntry(naptSwitch, routerName, routerId, confTx);
//Install default flows punting to controller in table 46(OutBoundNapt table)
LOG.debug("installSnatFlows : installOutboundMissEntry in naptswitch with dpnId {} for "
+ "routerName {} with routerId {}", naptSwitch, routerName, routerId);
- externalRouterListener.createOutboundTblEntry(naptSwitch, routerId, writeFlowInvTx);
+ externalRouterListener.createOutboundTblEntry(naptSwitch, routerId, confTx);
//Table 47 point to table 21 for inbound traffic
LOG.debug("installSnatFlows : installNaptPfibEntry in naptswitch with dpnId {} for router {}",
naptSwitch, routerId);
- externalRouterListener.installNaptPfibEntry(naptSwitch, routerId, writeFlowInvTx);
+ externalRouterListener.installNaptPfibEntry(naptSwitch, routerId, confTx);
//Table 47 point to group
LOG.debug("installSnatFlows : installNaptPfibExternalOutputFlow in naptswitch with dpnId {} for router {}",
naptSwitch, routerId);
- externalRouterListener.installNaptPfibExternalOutputFlow(routerName, routerId, naptSwitch, writeFlowInvTx);
+ externalRouterListener.installNaptPfibExternalOutputFlow(routerName, routerId, naptSwitch, confTx);
} else {
Uuid extNetworkUuid = NatUtil.getNetworkIdFromRouterName(dataBroker, routerName);
if (extNetworkUuid == null) {
+ "routerName {} with BgpVpnId {}", naptSwitch, routerName, routerVpnId);
externalRouterListener
.installTerminatingServiceTblEntryWithUpdatedVpnId(naptSwitch, routerName, routerId,
- routerVpnId, writeFlowInvTx, extNwProvType);
+ routerVpnId, confTx, extNwProvType);
//Install default flows punting to controller in table 46(OutBoundNapt table)
LOG.debug("installSnatFlows : installOutboundMissEntry in naptswitch with dpnId {} for "
+ "routerName {} with BgpVpnId {}", naptSwitch, routerName, routerVpnId);
- externalRouterListener.createOutboundTblEntryWithBgpVpn(naptSwitch, routerId, routerVpnId, writeFlowInvTx);
+ externalRouterListener.createOutboundTblEntryWithBgpVpn(naptSwitch, routerId, routerVpnId, confTx);
//Table 47 point to table 21 for inbound traffic
LOG.debug("installSnatFlows : installNaptPfibEntry in naptswitch with dpnId {} for router {} "
+ "with BgpVpnId {}", naptSwitch, routerId, routerVpnId);
- externalRouterListener.installNaptPfibEntryWithBgpVpn(naptSwitch, routerId, routerVpnId, writeFlowInvTx);
+ externalRouterListener.installNaptPfibEntryWithBgpVpn(naptSwitch, routerId, routerVpnId, confTx);
}
- Uuid networkId = NatUtil.getNetworkIdFromRouterName(dataBroker, routerName);
- String vpnName = getExtNetworkVpnName(routerName, networkId);
if (vpnName != null) {
//NAPT PFIB point to FIB table for outbound traffic
long vpnId = NatUtil.getVpnId(dataBroker, vpnName);
- boolean shouldInstallNaptPfibWithExtNetworkVpnId = true;
- Collection<Uuid> externalSubnetIds = NatUtil.getExternalSubnetIdsForRouter(dataBroker, routerName);
- if (!externalSubnetIds.isEmpty()) {
- //NAPT PFIB point to FIB table for outbound traffic - using external subnetID as vpnID.
- for (Uuid externalSubnetId : externalSubnetIds) {
- long externalSubnetVpnId = NatUtil.getExternalSubnetVpnId(dataBroker, externalSubnetId);
- if (externalSubnetVpnId != NatConstants.INVALID_ID) {
- shouldInstallNaptPfibWithExtNetworkVpnId = false;
- LOG.debug("installSnatFlows : installNaptPfibEntry fin naptswitch with dpnId {} for "
- + "BgpVpnId {}", naptSwitch, externalSubnetVpnId);
- externalRouterListener.installNaptPfibEntry(naptSwitch, externalSubnetVpnId, writeFlowInvTx);
+ if (vpnName.equals(networkId.getValue())) {
+ // below condition valid only for flat/vlan use-case
+ boolean shouldInstallNaptPfibWithExtNetworkVpnId = true;
+ Collection<Uuid> externalSubnetIds = NatUtil
+ .getExternalSubnetIdsForRouter(dataBroker, routerName);
+ if (!externalSubnetIds.isEmpty()) {
+ //NAPT PFIB point to FIB table for outbound traffic - using external subnetID as vpnID.
+ for (Uuid externalSubnetId : externalSubnetIds) {
+ long externalSubnetVpnId = NatUtil
+ .getExternalSubnetVpnId(dataBroker, externalSubnetId);
+ if (externalSubnetVpnId != NatConstants.INVALID_ID) {
+ shouldInstallNaptPfibWithExtNetworkVpnId = false;
+ LOG.debug(
+ "installSnatFlows : installNaptPfibEntry fin naptswitch with dpnId {} for "
+ + "BgpVpnId {}", naptSwitch, externalSubnetVpnId);
+ externalRouterListener
+ .installNaptPfibEntry(naptSwitch, externalSubnetVpnId, confTx);
+ }
}
}
+ if (vpnId != NatConstants.INVALID_ID && shouldInstallNaptPfibWithExtNetworkVpnId) {
+ //NAPT PFIB table point to FIB table for outbound traffic - using external networkID as vpnID.
+ LOG.debug(
+ "installSnatFlows : installNaptPfibEntry fin naptswitch with dpnId {} for "
+ + "BgpVpnId {}", naptSwitch, vpnId);
+ externalRouterListener.installNaptPfibEntry(naptSwitch, vpnId, confTx);
+ } else if (vpnId != NatConstants.INVALID_ID) {
+ LOG.debug("installSnatFlows : Associated BgpvpnId not found for router {}",
+ routerId);
+ }
}
- if (vpnId != NatConstants.INVALID_ID && shouldInstallNaptPfibWithExtNetworkVpnId) {
- //NAPT PFIB table point to FIB table for outbound traffic - using external networkID as vpnID.
- LOG.debug("installSnatFlows : installNaptPfibEntry fin naptswitch with dpnId {} for "
- + "BgpVpnId {}", naptSwitch, vpnId);
- externalRouterListener.installNaptPfibEntry(naptSwitch, vpnId, writeFlowInvTx);
- } else if (vpnId != NatConstants.INVALID_ID) {
- LOG.debug("installSnatFlows : Associated BgpvpnId not found for router {}", routerId);
- }
-
//Install Fib entries for ExternalIps & program 36 -> 44
Collection<String> externalIps = NatUtil.getExternalIpsForRouter(dataBroker, routerId);
String rd = NatUtil.getVpnRd(dataBroker, vpnName);
LOG.debug("installSnatFlows : advToBgpAndInstallFibAndTsFlows in naptswitch id {} "
+ "with vpnName {} and externalIp {}", naptSwitch, vpnName, externalIp);
externalRouterListener.advToBgpAndInstallFibAndTsFlows(naptSwitch, NwConstants.INBOUND_NAPT_TABLE,
- vpnName, routerId, routerName, externalIp, networkId, null /* external-router */,
- writeFlowInvTx);
+ vpnName, routerId, routerName, externalIp, networkId, null /* external-router */, confTx);
LOG.debug("installSnatFlows : Successfully added fib entries in naptswitch {} for "
+ "router {} with external IP {}", naptSwitch, routerId, externalIp);
}
}
protected void bestEffortDeletion(long routerId, String routerName, Map<String, Long> externalIpLabel,
- WriteTransaction removeFlowInvTx) {
+ TypedReadWriteTransaction<Configuration> confTx)
+ throws ExecutionException, InterruptedException {
Collection<String> newExternalIps = NatUtil.getExternalIpsForRouter(dataBroker, routerId);
if (externalIpsCache != null) {
Set<String> removedExternalIps = new HashSet<>(externalIpsCache);
if (extNwProvType == ProviderTypes.VXLAN) {
for (String externalIp : removedExternalIps) {
externalRouterListener.clearBgpRoutes(externalIp, vpnName);
- externalRouterListener.delFibTsAndReverseTraffic(naptSwitch, routerId, externalIp, vpnName,
- networkId, NatConstants.DEFAULT_LABEL_VALUE, gwMacAddress, true, removeFlowInvTx);
+ externalRouterListener.delFibTsAndReverseTraffic(naptSwitch, routerName, routerId, externalIp,
+ vpnName, networkId, NatConstants.DEFAULT_LABEL_VALUE, gwMacAddress, true, confTx);
LOG.debug("bestEffortDeletion : Successfully removed fib entry for externalIp {} for routerId {} "
+ "on NAPT switch {} ", externalIp, routerId, naptSwitch);
}
continue;
}
externalRouterListener.clearBgpRoutes(externalIp, vpnName);
- externalRouterListener.delFibTsAndReverseTraffic(naptSwitch, routerId, externalIp, vpnName,
- networkId, label, gwMacAddress, true, removeFlowInvTx);
+ externalRouterListener.delFibTsAndReverseTraffic(naptSwitch, routerName, routerId, externalIp,
+ vpnName, networkId, label, gwMacAddress, true, confTx);
LOG.debug("bestEffortDeletion : Successfully removed fib entries in switch {} for router {} "
+ "and externalIps {}", naptSwitch, routerId, externalIp);
}
Code Review / netvirt.git / blobdiff