import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.inventory.rev130819.tables.table.FlowBuilder;
import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.types.rev131026.flow.Match;
import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.types.rev131026.flow.MatchBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.types.rev131026.instruction.instruction.go.to.table._case.GoToTable;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.ofoverlay.rev140528.OfOverlayContext;
import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.NodeConnectorId;
import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.NodeId;
import com.google.common.annotations.VisibleForTesting;
+/**
+ * <h1>Creation of flows related to service chain</h1>
+ *
+ * These flows are built across most of gbp of tables and have higher priority than basic flows. It ensures, that
+ * packet redirected to chain will be sent to tunnel output
+ * <p>
+ *
+ * Flow that allows ALL traffic incoming from chain last hop
+ * <p>
+ * <i>Allow from chain flow</i><br>
+ * Table = 0<br>
+ * Priority = 1200<br>
+ * Matches:<br>
+ * - Nshc1<br>
+ * - Nsp<br>
+ * - Nsi<br>
+ * - in_port (tunnel port) {@link NodeConnectorId}<br>
+ * Actions:<br>
+ * - {@link GoToTable} SOURCE MAPPER table
+ * <p>
+ * TODO: looks like duplicity, the same flow is created in policy enforcer
+ * <i>Allow from chain tunnel</i>
+ * Table = 4<br>
+ * Priority = 65000<br>
+ * Matches:<br>
+ * - in_port (tunnel port) {@link NodeConnectorId}<br>
+ * - Reg7 (fixed value 0xffffff) {@link NxmNxReg7}
+ * Actions:<br>
+ * - {@link GoToTable} SOURCE MAPPER table
+ * <p>
+ * <i>Create external flow</i>
+ * Table = 6<br>
+ * Priority = 1000 (if dst node == src node, priority = 1500)<br>
+ * Matches:<br>
+ * - Reg6 {@link NxmNxReg6}<br>
+ * - tunnel ID<br>
+ * - nsp<br>
+ * - nsi<br>
+ * - tun_dst (only if dst node == src node)<br>
+ * Actions:<br>
+ * - set nshc1<br>
+ * - set nshc2<br>
+ * - load tunnel ID<br>
+ * - load tunnel ipv4<br>
+ * - output:(tunnel port)<br>
+ * <p>
+ * <i>Chain tunnel flow</i><br>
+ * Table = 2<br>
+ * Priority = 150<br>
+ * Matches:<br>
+ * - in_port (tunnel port) {@link NodeConnectorId}<br>
+ * - tunnel ID<br>
+ * - nsp<br>
+ * - nsi<br>
+ * Actions:<br>
+ * - Reg0 {@link NxmNxReg0}<br>
+ * - Reg1 {@link NxmNxReg1}<br>
+ * - Reg4 {@link NxmNxReg4}<br>
+ * - Reg5 {@link NxmNxReg5}<br>
+ * - Reg6 {@link NxmNxReg6}<br>
+ * - {@link GoToTable} DESTINATION MAPPER table<br>
+ * <p>
+ * <i>Chain broadcast flow</i><br>
+ * Table = 2<br>
+ * Priority = 150<br>
+ * Matches:<br>
+ * - in_port (tunnel port) {@link NodeConnectorId}<br>
+ * - tunnel ID<br>
+ * - nsp<br>
+ * - nsi<br>
+ * Actions:<br>
+ * - load Reg5 {@link NxmNxReg5}<br>
+ * - {@link GoToTable} DESTINATION MAPPER table<br>
+ */
public class ChainActionFlows {
private static final Logger LOG = LoggerFactory.getLogger(ChainAction.class);
import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.types.rev131026.flow.InstructionsBuilder;
import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.types.rev131026.flow.Match;
import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.types.rev131026.flow.MatchBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.types.rev131026.instruction.instruction.go.to.table._case.GoToTable;
import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.types.rev131026.instruction.list.Instruction;
import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.types.rev131026.instruction.list.InstructionBuilder;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.EndpointGroupId;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.ofoverlay.rev140528.OfOverlayContext;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.Tenant;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.ForwardingContext;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.forwarding.context.L2FloodDomain;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.forwarding.context.L3Context;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.forwarding.context.Subnet;
import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.NodeConnectorId;
import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.layer._3.match.ArpMatchBuilder;
import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.layer._3.match.Ipv4MatchBuilder;
import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.layer._3.match.Ipv6MatchBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.action.types.rev131112.action.action.dec.nw.ttl._case.DecNwTtl;
import org.opendaylight.yang.gen.v1.urn.opendaylight.openflowjava.nx.match.rev140421.NxmNxReg2;
import org.opendaylight.yang.gen.v1.urn.opendaylight.openflowjava.nx.match.rev140421.NxmNxReg3;
import org.opendaylight.yang.gen.v1.urn.opendaylight.openflowjava.nx.match.rev140421.NxmNxReg4;
import com.google.common.collect.Sets;
/**
- * Manage the table that maps the destination address to the next hop for the
- * path as well as applies any relevant routing transformations.
+ * <h1>Manage the table that maps the destination address to the next hop for the
+ * path as well as applies any relevant routing transformations (table=3)</h1>
+ *
+ * Sync Ep flows, every endpoint pair creates L2 and L3 flow<br>
+ * <ul><li>Flow is external, when any {@link Endpoint} is external</li>
+ * <li>Flow is local, when src and dst endpoint {@link EndpointFwdCtxOrdinals} are the same</li>
+ * <li>Flow is local, when src and dst endpoint ordinals are not the same and {@link OfOverlayContext} is missing</li></ul>
+ * Also applies to L3
+ * <p>
+ * L2 Flows:
+ * <p>
+ * <i>External, local and remote L2 flows</i><br>
+ * Priority = 50<br>
+ * Matches:<br>
+ * - dl_dst mac address {@link MacAddress}<br>
+ * - loadReg4 {@link NxmNxReg4}<br>
+ * Actions:<br>
+ * - load tunnel Ipv4 (local and remote only)<br>
+ * - loadReg2 {@link NxmNxReg2}<br>
+ * - loadReg3 {@link NxmNxReg3}<br>
+ * - loadReg7 (next hop) {@link NxmNxReg7}<br>
+ * - {@link GoToTable} POLICY ENFORCER table<br>
+ * <p>
+ * L3 flows:
+ * <p>
+ * <i>External, local and remote L3 routed flows:</i><br>
+ * Priority = 50<br>
+ * Matches:<br>
+ * - ip (ethertype)
+ * - dl_dst mac address {@link MacAddress}<br>
+ * - setReg6 {@link NxmNxReg6}<br>
+ * Actions:<br>
+ * - loadReg2 {@link NxmNxReg2}<br>
+ * - loadReg3 {@link NxmNxReg3}<br>
+ * - loadReg4 (tunnel destination) {@link NxmNxReg4} (remote only)<br>
+ * - loadReg7 (next hop) {@link NxmNxReg7}<br>
+ * - set dst mac to eth_dst {@link MacAddress}<br>
+ * - dec_ttl {@link DecNwTtl} (local only)<br>
+ * - {@link GoToTable} POLICY ENFORCER table
+ * <p>
+ * If virtual router ip is present in subnet, and subnet contains L3 context, arp flow is created<br>
+ * <p>
+ * <i>Router Arp flow</i><br>
+ * Priority = 150<br>
+ * Matches:<br>
+ * - arp (ethertype)<br>
+ * - arp target transport address<br>
+ * - setReg6 {@link NxmNxReg6}<br>
+ * Actions:<br>
+ * - move eth_src = eth_dst<br>
+ * - set dl_src {@link MacAddress}<br>
+ * - load arp_op<br>
+ * - move arp_sha = arp_tha<br>
+ * - load arp_sha<br>
+ * - move arp_spa = arp_tpa<br>
+ * - load arp_spa<br>
+ * - output:port {@link NodeConnectorId}<br>
+ * <p>
+ * <i>Broadcast flow (per flood domain)</i>
+ * Priority = 140<br>
+ * Matches:<br>
+ * - ethernet destination {@link MacAddress}
+ * - setReg5 {@link NxmNxReg5}<br>
+ * Actions:<br>
+ * - load tunnel ID<br>
+ * - group action<br>
+ * <p>
+ * <i>L3 Prefix flow</i><br>
+ * Priority = 140<br>
+ * Matches:<br>
+ * - ethernet destination {@link MacAddress}
+ * - setReg5 {@link NxmNxReg5}<br>
+ * Actions:<br>
+ * - dl_dst {@link MacAddress}<br>
+ * - dec_ttl<br>
+ * - loadReg2 {@link NxmNxReg2}<br>
+ * - loadReg3 {@link NxmNxReg3}<br>
+ * - loadReg4 (next hop) {@link NxmNxReg4}<br>
+ * - loadReg7 (if internal, port_num == {@link NodeConnectorId of L2 EP} ) {@link NxmNxReg7}<br>
+ * - loadReg7 (if external, port_num = external port) {@link NxmNxReg7}<br>
+ * - {@link GoToTable} POLICY ENFORCER table
*/
public class DestinationMapper extends FlowTable {
import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.inventory.rev130819.tables.table.Flow;
import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.inventory.rev130819.tables.table.FlowBuilder;
import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.types.rev131026.flow.MatchBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.types.rev131026.instruction.instruction.go.to.table._case.GoToTable;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.L3ContextId;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.TenantId;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.endpoint.rev140421.endpoints.EndpointL3;
import org.slf4j.LoggerFactory;
/**
- * Manage the table that assigns source endpoint group, bridge domain, and
- * router domain to registers to be used by other tables.
+ * <h1>Manage the table that assigns source endpoint group, bridge domain, and
+ * router domain to registers to be used by other tables</h1>
+ *
+ * <i>NAT flow</i><br>
+ * Priority = 100<br>
+ * Matches:<br>
+ * - ipv4/ipv6 inside address<br>
+ * - ethernet type<br>
+ * - Reg6 {@link NxmNxReg6}<br>
+ * Actions:<br>
+ * - set_src ip address<br>
+ * - {@link GoToTable} EXTERNAL MAPPER table<br>
*/
public class EgressNatMapper extends FlowTable {
import com.google.common.base.Preconditions;
/**
- * Manage the table that assigns source endpoint group, bridge domain, and
- * router domain to registers to be used by other tables.
+ * <h1>Manage the table that assigns source endpoint group, bridge domain, and
+ * router domain to registers to be used by other tables</h1>
+ *
+ * <i>Push VLAN flow</i><br>
+ * Priority = 222<br>
+ * see {@link #buildPushVlanFlow(Ipv4Address, Integer, int)}<br>
+ * Matches:<br>
+ * - ethernet type<br>
+ * - L3 match<br>
+ * - VLAN match<br>
+ * Actions:<br>
+ * - set_ethertype (VLAN)<br>
+ * - output:port (Reg7) {@link NxmNxReg7}<br>
+ * <p>
+ * <i>Push VLAN flow - external domain</i><br>
+ * Priority = 220<br>
+ * see {@link #buildPushVlanFlow(NodeId, int, Integer, int)}<br>
+ * Matches:<br>
+ * - ethernet type<br>
+ * - Reg7 {@link NxmNxReg7}<br>
+ * - Reg5 {@link NxmNxReg5}<br>
+ * - VLAN match<br>
+ * Actions:<br>
+ * - set_ethertype (VLAN)<br>
+ * - output:port (Reg7) {@link NxmNxReg7}<br>
+ * <p>
+ * <i>Default flow</i><br>
+ * Priority = 100<br>
+ * Matches:<br>
+ * - none<br>
+ * Actions:<br>
+ * - output:port (Reg7) {@link NxmNxReg7}<br>
*/
public class ExternalMapper extends FlowTable {
import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.inventory.rev130819.tables.table.Flow;
import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.inventory.rev130819.tables.table.FlowBuilder;
import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.types.rev131026.flow.MatchBuilder;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.types.rev131026.instruction.Instruction;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.types.rev131026.instruction.instruction.go.to.table._case.GoToTable;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.TenantId;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.endpoint.rev140421.endpoint.fields.L3Address;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.endpoint.rev140421.endpoints.Endpoint;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.forwarding.context.Subnet;
import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.NodeConnectorId;
import org.opendaylight.yang.gen.v1.urn.opendaylight.inventory.rev130819.NodeId;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.l2.types.rev130827.EtherType;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.ethernet.match.fields.EthernetTypeBuilder;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.EthernetMatchBuilder;
import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.Layer3Match;
import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.layer._3.match.ArpMatchBuilder;
import org.opendaylight.yang.gen.v1.urn.opendaylight.model.match.types.rev131026.match.layer._3.match.Ipv4MatchBuilder;
import org.opendaylight.yang.gen.v1.urn.opendaylight.openflowjava.nx.match.rev140421.NxmNxReg4;
import org.opendaylight.yang.gen.v1.urn.opendaylight.openflowjava.nx.match.rev140421.NxmNxReg5;
import org.opendaylight.yang.gen.v1.urn.opendaylight.openflowjava.nx.match.rev140421.NxmNxReg6;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.openflowplugin.extension.nicira.action.rev140714.nx.action.reg.load.grouping.NxRegLoad;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.openflowplugin.extension.nicira.action.rev140714.nx.action.reg.move.grouping.NxRegMove;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import com.google.common.base.Preconditions;
import com.google.common.collect.Sets;
/**
- * Manage the table that assigns source endpoint group, bridge domain, and
- * router domain to registers to be used by other tables.
+ * <h1>Manage the table processing NAT translation (table=1)</h1>
+ *
+ * Ingress NAT translation flows, created for every L3 endpoints with NAT which also contain L2 context
+ * <p>
+ * <i>Nat flow:</i><br>
+ * Priority = 100<br>
+ * Matches:<br>
+ * - nw_dst (destination ip address)<br>
+ * Actions:<br>
+ * - loadReg0 {@link NxmNxReg0}<br>
+ * - loadReg1 {@link NxmNxReg1}<br>
+ * - loadReg4 {@link NxmNxReg4}<br>
+ * - loadReg5 {@link NxmNxReg5}<br>
+ * - loadReg6 {@link NxmNxReg6}<br>
+ * - loadTunnelId<br>
+ * - {@link GoToTable} DESTINATION MAPPER table
+ * <p>
+ * <i>Outside Arp flow:</i><br>
+ * Priority = 150<br>
+ * Matches:<br>
+ * - arp, (ethertype)<br>
+ * - set arp target transport address<br>
+ * Actions:<br>
+ * - move eth_src = eth_dst {@link NxRegMove}<br>
+ * - set dl src_mac {@link MacAddress}<br>
+ * - load arp_op {@link NxRegLoad}<br>
+ * - move arp_sha = arp_tha {@link NxRegMove}<br>
+ * - load arp_sha {@link NxRegLoad}<br>
+ * - move arp_spa = arp_tpa {@link NxRegMove}<br>
+ * - load arp_spa {@link NxRegLoad}<br>
+ * - output:port {@link NodeConnectorId}
+ * <p>
+ * Flows for ingress traffic. Created for every external endpoint without location<br>
+ * <p>
+ * <i>Ingress external IP flow</i><br>
+ * Priority = 90<br>
+ * Matches:<br>
+ * - nw_src (source ip address)<br>
+ * Actions:<br>
+ * - loadReg0 {@link NxmNxReg0}<br>
+ * - loadReg1 {@link NxmNxReg1}<br>
+ * - loadReg4 {@link NxmNxReg4}<br>
+ * - loadReg5 {@link NxmNxReg5}<br>
+ * - loadReg6 {@link NxmNxReg6}<br>
+ * - loadTunnelId<br>
+ * - {@link GoToTable} DESTINATION MAPPER table
+ * <p>
+ * <i>Ingress external Arp flow</i><br>
+ * Priority = 80<br>
+ * Matches:<br>
+ * - arp_spa (source arp address)<br>
+ * Actions:<br>
+ * - loadReg0 {@link NxmNxReg0}<br>
+ * - loadReg1 {@link NxmNxReg1}<br>
+ * - loadReg4 {@link NxmNxReg4}<br>
+ * - loadReg5 {@link NxmNxReg5}<br>
+ * - loadReg6 {@link NxmNxReg6}<br>
+ * - loadTunnelId<br>
+ * - {@link GoToTable} DESTINATION MAPPER table
+ *
*/
public class IngressNatMapper extends FlowTable {
@Override
public void sync(NodeId nodeId, OfWriter ofWriter) throws Exception {
- /**
+ /*
* To support provider networks, all external ingress traffic is currently passed here and
* if no match is foud - no NAT is performed and processing continues in DestinationMapper.
*/
}
MatchBuilder mb = createMatchOnDstIpAddress(outsideDestAddress);
Action[] dstIpMacAction = {setDestIp, setDestMac};
- FlowBuilder flowb = base().setPriority(Integer.valueOf(100))
+ FlowBuilder flowb = base().setPriority(100)
.setId(flowid)
.setMatch(mb.build())
.setInstructions(
String ikey = outsideDestAddress.getIpv4Address().getValue();
BigInteger intMac = new BigInteger(1, bytesFromHexString(toMac.getValue()));
MatchBuilder mb = new MatchBuilder().setEthernetMatch(ethernetMatch(null, null, ARP)).setLayer3Match(
- new ArpMatchBuilder().setArpOp(Integer.valueOf(1))
+ new ArpMatchBuilder().setArpOp(1)
.setArpTargetTransportAddress(new Ipv4Prefix(ikey + "/32"))
.build());
Action[] outsideArpActions = {
if (mb == null) {
return null;
}
- FlowBuilder flowb = base().setPriority(Integer.valueOf(90))
+ FlowBuilder flowb = base().setPriority(90)
.setId(FlowIdUtils.newFlowId(TABLE_ID, "inbound-external-ip", mb.build()))
.setMatch(mb.build())
.setInstructions(
Action fdReg = nxLoadRegAction(NxmNxReg5.class, BigInteger.valueOf(fdId));
Action vrfReg = nxLoadRegAction(NxmNxReg6.class, BigInteger.valueOf(l3Id));
Action tunIdAction = nxLoadTunIdAction(BigInteger.valueOf(tunnelId), false);
- Action[] outsideArpActions = {segReg, scgReg, bdReg, fdReg, vrfReg, tunIdAction};
- return outsideArpActions;
+ return new Action[]{segReg, scgReg, bdReg, fdReg, vrfReg, tunIdAction};
}
static byte[] bytesFromHexString(String values) {
import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.types.rev131026.flow.Instructions;
import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.types.rev131026.flow.Match;
import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.types.rev131026.flow.MatchBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.types.rev131026.instruction.instruction.go.to.table._case.GoToTable;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ClassifierDefinitionId;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ConditionName;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.TenantId;
import com.google.common.collect.Table.Cell;
/**
- * Manage the table that enforces policy on the traffic. Traffic is denied
- * unless specifically allowed by policy
+ * <h1>Manage the table that enforces policy on the traffic. Traffic is denied
+ * unless specifically allowed by policy (table=4)</h1>
+ *
+ * In policy enforcer, according to current {@link Policy} specific traffic is sent to SFC (nsp and nsi is set), or from SFC
+ * to some {@link Endpoint} or to another classifier.
+ * <p>
+ * <i>Tunnel/overlay flows</i><br>
+ * Priority = 65000 (if more flows, decrements)<br>
+ * Matches:<br>
+ * - ethertype (tcp, tcp6, ipv6, icmp or missing)<br>
+ * - Reg0 {@link NxmNxReg0}<br>
+ * - Reg1 {@link NxmNxReg1}<br>
+ * - Reg2 {@link NxmNxReg2}<br>
+ * - Reg3 {@link NxmNxReg3}<br>
+ * - L3 for src_ip_prefix (if exists)<br>
+ * - L3 for dst_ip_prefix (if exists)<br>
+ * Actions:<br>
+ * - set nsi (only chain action)<br>
+ * - set nsp (only chain action)<br>
+ * - {@link GoToTable} EXTERNAL MAPPER table<br>
+ *<p>
+ * <i>Allow from tunnel flow</i><br>
+ * Priority = 65000<br>
+ * Matches:<br>
+ * - Reg1 (set to 0xffffff) {@link NxmNxReg1}<br>
+ * - in_port (should be tunnel port) {@link NodeConnectorId}<br>
+ * Actions:<br>
+ * - output:port (Reg7) {@link NxmNxReg7}<br>
+ * <p>
+ * Traffic is sent from one {@link EndpointGroup} to the same EPG
+ * <p>
+ * <i>Allow from same EPG flow</i><br>
+ * Priority = 65000<br>
+ * Matches:<br>
+ * - Reg0 {@link NxmNxReg0}<br>
+ * - Reg2 {@link NxmNxReg2}<br>
+ * Actions:<br>
+ * - output:port (Reg7) {@link NxmNxReg7}
+ * <p>
+ * <i>Arp flow</i><br>
+ * Priority = 20000<br>
+ * Matches:<br>
+ * - ethernet match (arp)<br>
+ * - Reg5 {@link NxmNxReg5}<br>
+ * Actions:<br>
+ * - output:port (Reg7) {@link NxmNxReg7}
+ *
*/
public class PolicyEnforcer extends FlowTable {
import org.slf4j.LoggerFactory;
/**
- * Manage the table that enforces port security
+ * <h1>Manage the table that enforces port security. Initial flows in group-based policy pipeline (table=0)</h1>
+ *
+ * Lower-priority flows are leading flows for all traffic incoming from endpoints associated to gbp classifier.<br>
+ * Created when an {@link Endpoint} is internal and contains {@link OfOverlayContext} augmentation. Several flows of
+ * this kind are produced.
+ *<p>
+ * <i>L2 flow:</i><br>
+ * Priority = 100<br>
+ * Matches:<br>
+ * - in_port, {@link NodeConnectorId}
+ * - dl_src {@link org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev100924.MacAddress}<br>
+ * Actions:<br>
+ * - {@link GoToTable} SOURCE MAPPER table
+ *<p>
+ * <i>L3 flow:</i><br>
+ * Priority = 120<br>
+ * Matches:<br>
+ * - ip, (ethertype)<br>
+ * - in_port, {@link NodeConnectorId}<br>
+ * - dl_src {@link org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev100924.MacAddress}<br>
+ * - nw_src (source ip address)<br>
+ * Actions:<br>
+ * - {@link GoToTable} SOURCE MAPPER table
+ *<p>
+ * <i>L3 Arp flow:</i><br>
+ * Priority = 121<br>
+ * Matches:<br>
+ * - arp, (ethertype)<br>
+ * - in_port, {@link NodeConnectorId}<br>
+ * - dl_src {@link org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev100924.MacAddress}<br>
+ * - arp_spa (arp source transport address)<br>
+ * Actions:<br>
+ * - {@link GoToTable} SOURCE MAPPER table
+ *<p>
+ * <i>L3 Dhcp dora flow:</i><br>
+ * Priority = 115<br>
+ * Matches:<br>
+ * - ip, (ethertype)<br>
+ * - in_port, {@link NodeConnectorId}<br>
+ * - dl_src {@link org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev100924.MacAddress}<br>
+ * - nw_dst (destination ip address)<br>
+ * Actions:<br>
+ * - {@link GoToTable} SOURCE MAPPER table
+ *<p>
+ * Higher-priority flows providing VLAN support for external networks. Created when node contains external ports
+ *<p>
+ * <i>Allow from external:</i><br>
+ * Priority = 200<br>
+ * Matches:<br>
+ * - in_port, {@link NodeConnectorId}<br>
+ * Actions:<br>
+ * - {@link GoToTable} INGRESS NAT table
+ *<p>
+ * <i>Flow that pops VLAN tag for inbound traffic:</i><br>
+ * Priority = 210<br>
+ * See {@link #popVlanTagsOnExternalPort}
+ *<p>
+ * Highest priority flows used to direct traffic coming from tunnel (SFC). These flows are created always
+ *<p>
+ * <i>Allow from tunnel:</i><br>
+ * Priority = 300<br>
+ * Matches:<br>
+ * - in_port (has to be tunnel port), {@link NodeConnectorId}<br>
+ * Actions:<br>
+ * - {@link GoToTable} SOURCE MAPPER table
*
*/
public class PortSecurity extends FlowTable {
public PortSecurity(OfContext ctx, short tableId) {
super(ctx);
- TABLE_ID=tableId;
+ TABLE_ID = tableId;
}
@Override
for (NodeConnectorId nc : ctx.getSwitchManager().getExternalPorts(nodeId)) {
// TODO Bug 3546 - Difficult: External port is unrelated to Tenant, L3C, L2BD..
for (Flow flow : popVlanTagsOnExternalPort(nc, tenantId, 210)) {
- // tagged frames have to be untagged when entering policy domain
+ // Tagged frames have to be untagged when entering policy domain
ofWriter.writeFlow(nodeId, TABLE_ID, flow);
}
- // allowing untagged frames entering policy domain
+ // Allowing untagged frames entering policy domain
ofWriter.writeFlow(nodeId, TABLE_ID, allowFromExternalPort(nc, 200));
}
}
import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.inventory.rev130819.tables.table.FlowBuilder;
import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.types.rev131026.flow.Match;
import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.types.rev131026.flow.MatchBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.flow.types.rev131026.instruction.instruction.go.to.table._case.GoToTable;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.EndpointGroupId;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.endpoint.rev140421.endpoints.Endpoint;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.ofoverlay.rev140528.OfOverlayContext;
import com.google.common.collect.Sets;
/**
- * Manage the table that assigns source endpoint group, bridge domain, and
- * router domain to registers to be used by other tables.
+ * <h1>Manage the table that assigns source endpoint group, bridge domain, and
+ * router domain to registers to be used by other tables</h1>
+ *
+ * <i>Remote tunnel flow:</i><br>
+ * Priority = 150<br>
+ * Matches:<br>
+ * - in_port (should be tunnel port), {@link NodeConnectorId}
+ * - tunnel ID match {@link org.opendaylight.yang.gen.v1.urn.opendaylight.openflowjava.nx.match.rev140421.NxmNxTunId}<br>
+ * Actions:<br>
+ * - loadReg1 fixed value 0xffffff {@link NxmNxReg1}<br>
+ * - loadReg4 {@link NxmNxReg4}<br>
+ * - loadReg5 {@link NxmNxReg5}<br>
+ * - loadReg6 {@link NxmNxReg6}<br>
+ * - {@link GoToTable} DESTINATION MAPPER table
+ * <p>
+ * <i>Remote broadcast flow:</i><br>
+ * Priority = 150<br>
+ * Matches:<br>
+ * - in_port (should be tunnel port), {@link NodeConnectorId}
+ * - tunnel ID match {@link org.opendaylight.yang.gen.v1.urn.opendaylight.openflowjava.nx.match.rev140421.NxmNxTunId}<br>
+ * Actions:<br>
+ * - loadReg5 {@link NxmNxReg5}<br>
+ * - {@link GoToTable} DESTINATION MAPPER table
+ * <p>
+ * <i>Local EP flow:</i><br>
+ * Priority = 100<br>
+ * Matches:<br>
+ * - dl_src (source mac address) {@link org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev100924.MacAddress}<br>
+ * - in_port (node connector ID) {@link NodeConnectorId}<br>
+ * Actions:<br>
+ * - loadReg0 {@link NxmNxReg0}<br>
+ * - loadReg1 {@link NxmNxReg1}<br>
+ * - loadReg4 {@link NxmNxReg4}<br>
+ * - loadReg5 {@link NxmNxReg5}<br>
+ * - loadReg6 {@link NxmNxReg6}<br>
+ * - loadTunnelId<br>
+ * - {@link GoToTable} DESTINATION MAPPER table
*/
public class SourceMapper extends FlowTable {
OfOverlayContext ofc = ep.getAugmentation(OfOverlayContext.class);
if (ofc != null && ofc.getNodeConnectorId() != null
&& (EndpointManager.isInternal(ep, ctx.getTenant(ep.getTenant()).getExternalImplicitGroups()))) {
- /**
- * Sync the local EP information.
- */
+
+ // Sync the local EP information
syncEP(ofWriter, nodeId, ep, ofc.getNodeConnectorId(), epFwdCtxOrds);
}
}
import com.google.common.collect.Iterables;
/**
- * Chain action for the OpenFlow Overlay renderer
- * TODO: separate the generic definition from the concrete
+ * <h1>Chain action for the OpenFlow Overlay renderer</h1>
+ * TODO: separate the generic definition from the concrete<br>
* implementation for the OpenFlow Overlay renderer
+ * <p>
+ *
+ * see {@link org.opendaylight.groupbasedpolicy.renderer.ofoverlay.flow.ChainActionFlows}
+ *
*/
public class ChainAction extends Action {