-/**
- * Copyright (C) 2013 Red Hat, Inc.
+/*
+ * Copyright (c) 2013, 2015 Red Hat, Inc. and others. All rights reserved.
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Public License v1.0 which accompanies this distribution,
* and is available at http://www.eclipse.org/legal/epl-v10.html
*/
+
package org.opendaylight.ovsdb.openstack.netvirt.providers.openflow13;
+import java.net.InetAddress;
+import java.util.List;
+import java.util.Map;
+import java.util.concurrent.ExecutionException;
+
import org.opendaylight.controller.md.sal.binding.api.DataBroker;
import org.opendaylight.controller.md.sal.binding.api.ReadOnlyTransaction;
import org.opendaylight.controller.md.sal.binding.api.ReadWriteTransaction;
import org.opendaylight.controller.md.sal.binding.api.WriteTransaction;
import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
import org.opendaylight.controller.md.sal.common.api.data.TransactionCommitFailedException;
-import org.opendaylight.neutron.spi.NeutronNetwork;
-import org.opendaylight.neutron.spi.NeutronPort;
-import org.opendaylight.neutron.spi.Neutron_IPs;
+import org.opendaylight.ovsdb.openstack.netvirt.translator.NeutronNetwork;
+import org.opendaylight.ovsdb.openstack.netvirt.translator.NeutronPort;
+import org.opendaylight.ovsdb.openstack.netvirt.translator.NeutronSecurityGroup;
+import org.opendaylight.ovsdb.openstack.netvirt.translator.Neutron_IPs;
import org.opendaylight.ovsdb.openstack.netvirt.MdsalHelper;
import org.opendaylight.ovsdb.openstack.netvirt.NetworkHandler;
import org.opendaylight.ovsdb.openstack.netvirt.api.BridgeConfigurationManager;
import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.NodeConnectorId;
import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.NodeId;
import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.Nodes;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.ovsdb.rev150105.OvsdbTerminationPointAugmentation;
-import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.network.topology.topology.Node;
import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.nodes.NodeBuilder;
import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.nodes.NodeKey;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.ovsdb.rev150105.OvsdbTerminationPointAugmentation;
+import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.network.topology.topology.Node;
import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
import org.osgi.framework.BundleContext;
import org.osgi.framework.ServiceReference;
import com.google.common.collect.Maps;
import com.google.common.util.concurrent.CheckedFuture;
-import java.net.InetAddress;
-import java.util.List;
-import java.util.Map;
-import java.util.concurrent.ExecutionException;
-
/**
* Open vSwitch OpenFlow 1.3 Networking Provider for OpenStack Neutron
return networkType.equalsIgnoreCase(NetworkHandler.NETWORK_TYPE_VLAN);
}
- private void programLocalRules (String networkType, String segmentationId, Node node,
+ private void programLocalRules(String networkType, String segmentationId, Node node,
OvsdbTerminationPointAugmentation intf) {
LOG.debug("programLocalRules: node: {}, intf: {}, networkType: {}, segmentationId: {}",
node.getNodeId(), intf.getName(), networkType, segmentationId);
long localPort = southbound.getOFPort(intf);
if (localPort == 0) {
- LOG.info("programLocalRules: could not find ofPort for Port {} on Node {}", intf.getName(), node.getNodeId());
+ LOG.info("programLocalRules: could not find ofPort for Port {} on Node {}",
+ intf.getName(), node.getNodeId());
return;
}
LOG.debug("Program local vlan rules for interface {}", intf.getName());
programLocalVlanRules(node, dpid, segmentationId, attachedMac, localPort);
}
- if ((isTunnel(networkType)|| isVlan(networkType))) {
- LOG.debug("programLocalRules: Program fixed security group rules for interface {}", intf.getName());
- // Get the DHCP port for the subnet to which the interface belongs to.
- NeutronPort dhcpPort = securityServicesManager.getDHCPServerPort(intf);
- if (null != dhcpPort) {
- boolean isComputePort =securityServicesManager.isComputePort(intf);
- boolean isLastPortinBridge = securityServicesManager.isLastPortinBridge(node, intf);
- boolean isLastPortinSubnet =false;
- List<Neutron_IPs> srcAddressList = null;
- if(isComputePort) {
- isLastPortinSubnet = securityServicesManager.isLastPortinSubnet(node, intf);
- srcAddressList = securityServicesManager.getIpAddress(node, intf);
- if (null == srcAddressList) {
- LOG.warn("programLocalRules: No Ip address assigned {}", intf);
- return;
- }
- }
- ingressAclProvider.programFixedSecurityACL(dpid,segmentationId, dhcpPort.getMacAddress(), localPort,
- isLastPortinSubnet,isComputePort, true);
- egressAclProvider.programFixedSecurityACL(dpid, segmentationId, attachedMac, localPort,
- srcAddressList, isLastPortinBridge, isComputePort,true);
- } else {
- LOG.warn("programLocalRules: No DCHP port seen in network of {}", intf);
- }
+ if ((isTunnel(networkType) || isVlan(networkType))) {
+ programLocalSecurityGroupRules(attachedMac, node, intf, dpid, localPort, segmentationId, true);
}
- /* If the network type is tunnel based (VXLAN/GRRE/etc) with Neutron Port Security ACLs */
- /* TODO SB_MIGRATION */
- /*if ((networkType.equalsIgnoreCase(NetworkHandler.NETWORK_TYPE_GRE) || networkType.equalsIgnoreCase
- (NetworkHandler.NETWORK_TYPE_VXLAN)) && securityServicesManager.isPortSecurityReady(intf)) {
- LOG.debug("Neutron port has a Port Security Group");
- // Retrieve the security group UUID from the Neutron Port
- NeutronSecurityGroup securityGroupInPort = securityServicesManager.getSecurityGroupInPort(intf);
- LOG.debug("Program Local rules for networkType: {} does contain a Port Security Group: {} " +
- "to be installed on DPID: {}", networkType, securityGroupInPort, dpid);
- ingressAclProvider.programPortSecurityACL(dpid, segmentationId, attachedMac, localPort,
- securityGroupInPort);
- egressAclProvider.programPortSecurityACL(dpid, segmentationId, attachedMac, localPort,
- securityGroupInPort);
- }*/
if (isTunnel(networkType)) {
LOG.debug("Program local bridge rules for interface {}, "
+ "dpid: {}, segmentationId: {}, attachedMac: {}, localPort: {}",
}
}
- private void removeLocalRules (String networkType, String segmentationId, Node node,
+ private void removeLocalRules(String networkType, String segmentationId, Node node,
OvsdbTerminationPointAugmentation intf) {
LOG.debug("removeLocalRules: node: {}, intf: {}, networkType: {}, segmentationId: {}",
node.getNodeId(), intf.getName(), networkType, segmentationId);
LOG.debug("Remove local bridge rules for interface {}", intf.getName());
removeLocalBridgeRules(node, dpid, segmentationId, attachedMac, localPort);
}
- if (isTunnel(networkType)|| isVlan(networkType)) {
- LOG.debug("removeLocalRules: Remove fixed security group rules for interface {}", intf.getName());
- NeutronPort dhcpPort = securityServicesManager.getDHCPServerPort(intf);
- if (null != dhcpPort) {
- List<Neutron_IPs> srcAddressList = securityServicesManager.getIpAddress(node, intf);
- if (null == srcAddressList) {
- LOG.warn("removeLocalRules: No Ip address assigned {}", intf);
- return;
- }
- boolean isLastPortinBridge = securityServicesManager.isLastPortinBridge(node, intf);
- boolean isComputePort =securityServicesManager.isComputePort(intf);
- boolean isLastPortinSubnet =false;
- if (isComputePort)
- {
- isLastPortinSubnet = securityServicesManager.isLastPortinSubnet(node, intf);
- }
- ingressAclProvider.programFixedSecurityACL(dpid, segmentationId, dhcpPort.getMacAddress(), localPort,
- isLastPortinSubnet, isComputePort, false);
- egressAclProvider.programFixedSecurityACL(dpid, segmentationId, attachedMac, localPort,
- srcAddressList, isLastPortinBridge, isComputePort, false);
- }else{
- LOG.warn("removeLocalRules: No DCHP port seen in network of {}", intf);
- }
+ if (isTunnel(networkType) || isVlan(networkType)) {
+ programLocalSecurityGroupRules(attachedMac, node, intf, dpid, localPort, segmentationId, false);
}
} catch (Exception e) {
LOG.error("Exception in removing Local Rules for " + intf + " on " + node, e);
}
}
+ private void programLocalSecurityGroupRules(String attachedMac, Node node, OvsdbTerminationPointAugmentation intf,
+ Long dpid,long localPort, String segmentationId,
+ boolean write) {
+
+ LOG.debug("programLocalRules: Program fixed security group rules for interface {}", intf.getName());
+ NeutronPort dhcpPort = securityServicesManager.getDhcpServerPort(intf);
+ boolean isComputePort = false;
+ boolean isLastPortinBridge = false;
+ boolean isLastPortinSubnet = false;
+ List<Neutron_IPs> srcAddressList = null;
+ if (null != dhcpPort) {
+ isComputePort = securityServicesManager.isComputePort(intf);
+ isLastPortinBridge = securityServicesManager.isLastPortinBridge(node, intf);
+ isLastPortinSubnet = false;
+ if (isComputePort) {
+ isLastPortinSubnet = securityServicesManager.isLastPortinSubnet(node, intf);
+ srcAddressList = securityServicesManager.getIpAddressList(node, intf);
+ if (null == srcAddressList) {
+ LOG.warn("programLocalRules: No Ip address assigned {}", intf);
+ return;
+ }
+ }
+ ingressAclProvider.programFixedSecurityAcl(dpid, segmentationId, dhcpPort.getMacAddress(), localPort,
+ isLastPortinSubnet, isComputePort, write);
+ egressAclProvider.programFixedSecurityAcl(dpid, segmentationId, attachedMac, localPort,
+ srcAddressList, isLastPortinBridge, isComputePort,write);
+ /* If the network type is tunnel based (VXLAN/GRRE/etc) with Neutron Port Security ACLs */
+ /* TODO SB_MIGRATION */
+
+ LOG.debug("Neutron port has a Port Security Group");
+ // Retrieve the security group from the Neutron Port and apply the rules
+ if (securityServicesManager.isPortSecurityReady(intf)) {
+ //Associate the security group flows.
+ List<NeutronSecurityGroup> securityGroupListInPort = securityServicesManager
+ .getSecurityGroupInPortList(intf);
+ for (NeutronSecurityGroup securityGroupInPort:securityGroupListInPort) {
+ ingressAclProvider.programPortSecurityAcl(dpid, segmentationId, attachedMac, localPort,
+ securityGroupInPort,srcAddressList, write);
+ egressAclProvider.programPortSecurityAcl(dpid, segmentationId, attachedMac, localPort,
+ securityGroupInPort,srcAddressList, write);
+ }
+ }
+ } else {
+ LOG.warn("programLocalRules: No DCHP port seen in network of {}", intf);
+ }
+ }
+
+ /*
+ * The function is for the new compute node joining the existing network.
+ * When a new VM is instantiated in the new compute node, neutron port add
+ * event is generated. This event is processed only for that node. So,
+ * loop through all the ports of the same network and install unicast mac
+ * flow for the VM's created on the TEP of the destination node in src node.
+ * This function will be executed even for any new VM creation in an existing
+ * network. If a cache is maintained to optimize the below flow addition, it will
+ * work only for one unstack and restack. For the next unstack and restack,
+ * it will not work since the cache would have been already deleted.
+ */
+ private void programTunnelRulesInNewNode(NeutronNetwork network,
+ String networkType, String segmentationId,
+ InetAddress src, InetAddress dst,
+ Node srcBridgeNode, Node dstBridgeNode,
+ OvsdbTerminationPointAugmentation intf){
+ try {
+ long localPort = southbound.getOFPort(intf);
+ if(localPort != 0)
+ {
+ LOG.debug("Interface update details {}", intf);
+
+ /*
+ * When a network is added and the TEP destination is not present in a
+ * node C1, tunnelin and broadcast rules will not be programmed, since
+ * OF port is not created. So, when a new node C2 joins and create a new
+ * VM, the tunnelin and broadcast rule will not be present in C1.
+ * So, handling it in the case below to make ping work.
+ */
+ if(securityServicesManager.getNeutronPortFromDhcpIntf(intf) == null){
+ programTunnelRules(networkType, segmentationId, src, dstBridgeNode, intf, true);
+ }
+
+ /*
+ * FIX for 4208 - loop through all the ports and add the VM's
+ * unicast mac rule of the destination node in the source node.
+ * When a new node is added, it needs to configure the VM unicast mac
+ * flow rules which were created before it was joined to an existing
+ * network.
+ */
+ List<OvsdbTerminationPointAugmentation> ports = southbound.getTerminationPointsOfBridge(dstBridgeNode);
+ for (OvsdbTerminationPointAugmentation port : ports) {
+ if(network == tenantNetworkManager.getTenantNetwork(port)){
+ programTunnelRules(networkType, segmentationId, dst, srcBridgeNode, port, false);
+ }
+ else{
+ LOG.trace("Port {} is not part of network {}", port, network);
+ }
+ }
+ }
+ } catch (Exception e) {
+ LOG.error("Exception during handlingNeutron network add", e);
+ }
+ }
+
@Override
public boolean handleInterfaceUpdate(NeutronNetwork network, Node srcNode,
OvsdbTerminationPointAugmentation intf) {
programVlanRules(network, srcNode, intf);
} else if (isTunnel(networkType)){
- boolean sourceTunnelStatus;
+ boolean sourceTunnelStatus = false;
boolean destTunnelStatus = false;
for (Node dstNode : nodes.values()) {
InetAddress src = configurationService.getTunnelEndPoint(srcNode);
}
if (destTunnelStatus) {
programTunnelRules(networkType, segmentationId, src, dstBridgeNode, intf, false);
+ programTunnelRulesInNewNode(network, networkType, segmentationId, src, dst,
+ srcBridgeNode, dstBridgeNode, intf);
}
} else {
LOG.warn("Tunnel end-point configuration missing. Please configure it in OpenVSwitch Table. "
}
}
LOG.debug("createOutputGroupInstructions: addNew {}", addNew);
- if (addNew) {
+ if (addNew && !buckets.getBucket().isEmpty()) {
/* the new output action is not in the bucket, add to bucket */
- if (!buckets.getBucket().isEmpty()) {
- Bucket bucket = buckets.getBucket().get(0);
- List<Action> bucketActionList = Lists.newArrayList();
- bucketActionList.addAll(bucket.getAction());
- /* set order for new action and add to action list */
- ab.setOrder(bucketActionList.size());
- ab.setKey(new ActionKey(bucketActionList.size()));
- bucketActionList.add(ab.build());
-
- /* set bucket and buckets list. Reset groupBuilder with new buckets.*/
- BucketsBuilder bucketsBuilder = new BucketsBuilder();
- List<Bucket> bucketList = Lists.newArrayList();
- BucketBuilder bucketBuilder = new BucketBuilder();
- bucketBuilder.setBucketId(new BucketId((long) 1));
- bucketBuilder.setKey(new BucketKey(new BucketId((long) 1)));
- bucketBuilder.setAction(bucketActionList);
- bucketList.add(bucketBuilder.build());
- bucketsBuilder.setBucket(bucketList);
- groupBuilder.setBuckets(bucketsBuilder.build());
- LOG.debug("createOutputGroupInstructions: bucketList {}", bucketList);
- }
+ Bucket bucket = buckets.getBucket().get(0);
+ List<Action> bucketActionList = Lists.newArrayList();
+ bucketActionList.addAll(bucket.getAction());
+ /* set order for new action and add to action list */
+ ab.setOrder(bucketActionList.size());
+ ab.setKey(new ActionKey(bucketActionList.size()));
+ bucketActionList.add(ab.build());
+
+ /* set bucket and buckets list. Reset groupBuilder with new buckets.*/
+ BucketsBuilder bucketsBuilder = new BucketsBuilder();
+ List<Bucket> bucketList = Lists.newArrayList();
+ BucketBuilder bucketBuilder = new BucketBuilder();
+ bucketBuilder.setBucketId(new BucketId((long) 1));
+ bucketBuilder.setKey(new BucketKey(new BucketId((long) 1)));
+ bucketBuilder.setAction(bucketActionList);
+ bucketList.add(bucketBuilder.build());
+ bucketsBuilder.setBucket(bucketList);
+ groupBuilder.setBuckets(bucketsBuilder.build());
+ LOG.debug("createOutputGroupInstructions: bucketList {}", bucketList);
}
} else {
/* create group */