import org.opendaylight.netvirt.utils.mdsal.openflow.FlowUtils;
import org.opendaylight.netvirt.utils.mdsal.openflow.InstructionUtils;
import org.opendaylight.netvirt.utils.servicehelper.ServiceHelper;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev100924.Uri;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Uri;
import org.opendaylight.yang.gen.v1.urn.opendaylight.action.types.rev131112.action.action.GroupActionCase;
import org.opendaylight.yang.gen.v1.urn.opendaylight.action.types.rev131112.action.action.GroupActionCaseBuilder;
import org.opendaylight.yang.gen.v1.urn.opendaylight.action.types.rev131112.action.action.OutputActionCase;
private boolean addTunnelPort (Node node, String tunnelType, InetAddress src, InetAddress dst) {
String tunnelBridgeName = configurationService.getIntegrationBridgeName();
String portName = getTunnelName(tunnelType, dst);
- LOG.info("addTunnelPort enter: portName: {}", portName);
+ LOG.info("Added TunnelPort : portName: {}", portName);
if (southbound.extractTerminationPointAugmentation(node, portName) != null
|| southbound.isTunnelTerminationPointExist(node, tunnelBridgeName, portName)) {
LOG.info("Tunnel {} is present in {} of {}", portName, tunnelBridgeName, node.getNodeId().getValue());
}
private void programLocalSecurityGroupRules(String attachedMac, Node node, OvsdbTerminationPointAugmentation intf,
- Long dpid,long localPort, String segmentationId,
- boolean write) {
+ Long dpid,long localPort, String segmentationId,
+ boolean write) {
LOG.debug("programLocalRules: Program fixed security group rules for interface {}", intf.getName());
+ boolean isPortSecurityEnabled = securityServicesManager.isPortSecurityEnabled(intf);
+ if (!isPortSecurityEnabled) {
+ LOG.info("Port security is not enabled" + intf);
+ return;
+ }
NeutronPort dhcpPort = securityServicesManager.getDhcpServerPort(intf);
- boolean isComputePort = false;
- boolean isLastPortinBridge = false;
- boolean isLastPortinSubnet = false;
List<Neutron_IPs> srcAddressList = null;
if (null != dhcpPort) {
- isComputePort = securityServicesManager.isComputePort(intf);
- isLastPortinBridge = securityServicesManager.isLastPortinBridge(node, intf);
- isLastPortinSubnet = false;
- if (isComputePort) {
- isLastPortinSubnet = securityServicesManager.isLastPortinSubnet(node, intf);
- srcAddressList = securityServicesManager.getIpAddressList(intf);
- if (null == srcAddressList) {
- LOG.warn("programLocalRules: No Ip address assigned {}", intf);
- return;
- }
+ srcAddressList = securityServicesManager.getIpAddressList(intf);
+ if (null == srcAddressList) {
+ LOG.warn("programLocalRules: No Ip address assigned {}", intf);
+ return;
}
ingressAclProvider.programFixedSecurityGroup(dpid, segmentationId, dhcpPort.getMacAddress(), localPort,
- isLastPortinSubnet, isComputePort, attachedMac, write);
+ attachedMac, write);
egressAclProvider.programFixedSecurityGroup(dpid, segmentationId, attachedMac, localPort,
- srcAddressList, isLastPortinBridge, isComputePort,write);
+ srcAddressList, write);
/* If the network type is tunnel based (VXLAN/GRRE/etc) with Neutron Port Security ACLs */
/* TODO SB_MIGRATION */
LOG.debug("Neutron port has a Port Security Group");
// Retrieve the security group from the Neutron Port and apply the rules
- if (securityServicesManager.isPortSecurityReady(intf)) {
- //Associate the security group flows.
- List<NeutronSecurityGroup> securityGroupListInPort = securityServicesManager
- .getSecurityGroupInPortList(intf);
- String neutronPortId = southbound.getInterfaceExternalIdsValue(intf,
- Constants.EXTERNAL_ID_INTERFACE_ID);
- for (NeutronSecurityGroup securityGroupInPort:securityGroupListInPort) {
- ingressAclProvider.programPortSecurityGroup(dpid, segmentationId, attachedMac, localPort,
- securityGroupInPort, neutronPortId, write);
- egressAclProvider.programPortSecurityGroup(dpid, segmentationId, attachedMac, localPort,
- securityGroupInPort, neutronPortId, write);
- }
+ List<NeutronSecurityGroup> securityGroupListInPort = securityServicesManager
+ .getSecurityGroupInPortList(intf);
+ String neutronPortId = southbound.getInterfaceExternalIdsValue(intf,
+ Constants.EXTERNAL_ID_INTERFACE_ID);
+ for (NeutronSecurityGroup securityGroupInPort:securityGroupListInPort) {
+ ingressAclProvider.programPortSecurityGroup(dpid, segmentationId, attachedMac, localPort,
+ securityGroupInPort, neutronPortId, write);
+ egressAclProvider.programPortSecurityGroup(dpid, segmentationId, attachedMac, localPort,
+ securityGroupInPort, neutronPortId, write);
}
+
} else {
LOG.warn("programLocalRules: No DCHP port seen in network of {}", intf);
}
boolean sourceTunnelStatus = false;
boolean destTunnelStatus = false;
+ boolean isSrcinNw = tenantNetworkManager.isTenantNetworkPresentInNode(srcBridgeNode, segmentationId);
for (Node dstNode : nodes.values()) {
InetAddress src = configurationService.getTunnelEndPoint(srcNode);
InetAddress dst = configurationService.getTunnelEndPoint(dstNode);
Node dstBridgeNode = southbound.getBridgeNode(dstNode,
configurationService.getIntegrationBridgeName());
- if (dstBridgeNode != null){
+ if (dstBridgeNode != null) {
destTunnelStatus = addTunnelPort(dstBridgeNode, networkType, dst, src);
}
-
+ if (sourceTunnelStatus && destTunnelStatus) {
+ LOG.debug("Created Source and destination TunnelPorts :{}, {}", src, dst);
+ } else {
+ LOG.debug("Source and destination TunnelPort status :{}, {}", sourceTunnelStatus, destTunnelStatus);
+ }
if (sourceTunnelStatus) {
- programTunnelRules(networkType, segmentationId, dst, srcBridgeNode, intf, true);
+ boolean isDestinNw = tenantNetworkManager.isTenantNetworkPresentInNode(dstBridgeNode, segmentationId);
+ //Check whether the network is present in src & dst node
+ //If only present , add vxlan ports in TunnelRules for both nodes (bug# 5614)
+ if (isSrcinNw && isDestinNw) {
+ programTunnelRules(networkType, segmentationId, dst, srcBridgeNode, intf, true);
+ programTunnelRules(networkType, segmentationId, src, dstBridgeNode, intf, true);
+ }
}
if (destTunnelStatus) {
programTunnelRules(networkType, segmentationId, src, dstBridgeNode, intf, false);
}
private void triggerInterfaceUpdates(Node node) {
- LOG.debug("enter triggerInterfaceUpdates for {}", node.getNodeId());
+ LOG.debug("enter triggerInterfaceUpdates for : {}", node.getNodeId());
List<OvsdbTerminationPointAugmentation> ports = southbound.extractTerminationPointAugmentations(node);
if (ports != null && !ports.isEmpty()) {
for (OvsdbTerminationPointAugmentation port : ports) {
nodes.remove(southbound.extractBridgeOvsdbNodeId(srcNode));
LOG.info("Delete intf " + intf.getName() + " isLastInstanceOnNode " + isLastInstanceOnNode);
+ String segmentationId = network.getProviderSegmentationID();
List<String> phyIfName = bridgeConfigurationManager.getAllPhysicalInterfaceNames(srcNode);
if (southbound.isTunnel(intf)) {
// Delete tunnel port
deletePhysicalPort(srcNode, intf.getName());
} else {
// delete all other interfaces
- removeLocalRules(network.getProviderNetworkType(), network.getProviderSegmentationID(),
+ removeLocalRules(network.getProviderNetworkType(), segmentationId,
srcNode, intf);
if (isVlan(network.getProviderNetworkType())) {
removeVlanRules(network, srcNode, intf, isLastInstanceOnNode);
} else if (isTunnel(network.getProviderNetworkType())) {
+ Node srcBridgeNode = southbound.getBridgeNode(srcNode, configurationService.getIntegrationBridgeName());
for (Node dstNode : nodes.values()) {
InetAddress src = configurationService.getTunnelEndPoint(srcNode);
InetAddress dst = configurationService.getTunnelEndPoint(dstNode);
if ((src != null) && (dst != null)) {
LOG.info("Remove tunnel rules for interface "
+ intf.getName() + " on srcNode " + srcNode.getNodeId().getValue());
- removeTunnelRules(tunnelType, network.getProviderSegmentationID(),
+ removeTunnelRules(tunnelType, segmentationId,
dst, srcNode, intf, true, isLastInstanceOnNode);
Node dstBridgeNode = southbound.getBridgeNode(dstNode, Constants.INTEGRATION_BRIDGE);
- if (dstBridgeNode != null){
+ //While removing last instance , check whether the network present in src node
+ //If network is not present in src node , remove the vxlan port of src from dst node in TunnelRules(Bug# 5614)
+ boolean isSrcinNw = tenantNetworkManager.isTenantNetworkPresentInNode(srcBridgeNode, segmentationId);
+ if (dstBridgeNode != null) {
+ if (!isSrcinNw) {
+ removeTunnelRules(tunnelType, segmentationId,
+ src, dstBridgeNode, intf, true, isLastInstanceOnNode);
+ }
LOG.info("Remove tunnel rules for interface "
+ intf.getName() + " on dstNode " + dstNode.getNodeId().getValue());
- removeTunnelRules(tunnelType, network.getProviderSegmentationID(),
- src, dstBridgeNode, intf, false, isLastInstanceOnNode);
+ removeTunnelRules(tunnelType, segmentationId, src,
+ dstBridgeNode, intf, false, isLastInstanceOnNode);
}
} else {
LOG.warn("Tunnel end-point configuration missing. Please configure it in "
private void initializeFlowRules(Node node, String bridgeName) {
Long dpid = southbound.getDataPathId(node);
String datapathId = southbound.getDatapathId(node);
- LOG.info("initializeFlowRules: bridgeName: {}, dpid: {} - {}",
- bridgeName, dpid, datapathId);
+ LOG.trace("initializeFlowRules: bridgeName: {}, datapathId: {} ",
+ bridgeName, datapathId);
if (dpid == 0L) {
LOG.debug("Openflow Datapath-ID not set for the integration bridge in {}", node);
initializeFlowRules(openflowNode, configurationService.getIntegrationBridgeName());
triggerInterfaceUpdates(openflowNode);
} else if (bridgeName.equals(configurationService.getExternalBridgeName())) {
- initializeFlowRules(openflowNode, configurationService.getExternalBridgeName());
- LOG.info("initializeOFFlowRules after writeFlow: bridgeName: {}", bridgeName);
+ initializeFlowRules(openflowNode, configurationService.getExternalBridgeName());
triggerInterfaceUpdates(openflowNode);
- LOG.info("initializeOFFlowRules after triggerUpdates: bridgeName: {}", bridgeName);
}
}