From: Tomas Cechvala <tcechval@cisco.com>
Date: Mon, 22 Feb 2016 09:39:21 +0000 (+0100)
Subject: Bug 5409 - setting orders in single rule contract
X-Git-Tag: release/boron~223
X-Git-Url: https://git.opendaylight.org/gerrit/gitweb?a=commitdiff_plain;h=7ff1b9fd2bff8f37d2b0b34b14cf94d7083d3a88;p=groupbasedpolicy.git

Bug 5409 - setting orders in single rule contract

Rules and subjects are prioritized by order parameter.
More specific rules have lower order.

Change-Id: Ieb9948b2e9281e378341775509dd09a144dda3f8
Signed-off-by: Tomas Cechvala <tcechval@cisco.com>
---

diff --git a/neutron-mapper/src/main/java/org/opendaylight/groupbasedpolicy/neutron/mapper/infrastructure/NetworkService.java b/neutron-mapper/src/main/java/org/opendaylight/groupbasedpolicy/neutron/mapper/infrastructure/NetworkService.java
index 1a6a633ae..d2c6e8b5e 100755
--- a/neutron-mapper/src/main/java/org/opendaylight/groupbasedpolicy/neutron/mapper/infrastructure/NetworkService.java
+++ b/neutron-mapper/src/main/java/org/opendaylight/groupbasedpolicy/neutron/mapper/infrastructure/NetworkService.java
@@ -36,6 +36,7 @@ import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev
 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.SubjectName;
 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.TenantId;
 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.HasDirection.Direction;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.action.refs.ActionRef;
 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.classifier.refs.ClassifierRef;
 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.classifier.refs.ClassifierRefBuilder;
 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.endpoint.identification.constraints.EndpointIdentificationConstraintsBuilder;
@@ -287,7 +288,7 @@ public class NetworkService {
             .setDirection(direction)
             .build();
         return new RuleBuilder().setName(new RuleName(name))
-            .setActionRef(MappingUtils.ACTION_REF_ALLOW)
+            .setActionRef(ImmutableList.<ActionRef>of(MappingUtils.ACTION_REF_ALLOW))
             .setClassifierRef(ImmutableList.of(classifierRef))
             .build();
     }
diff --git a/neutron-mapper/src/main/java/org/opendaylight/groupbasedpolicy/neutron/mapper/mapping/rule/NeutronSecurityRuleAware.java b/neutron-mapper/src/main/java/org/opendaylight/groupbasedpolicy/neutron/mapper/mapping/rule/NeutronSecurityRuleAware.java
index 37bf60571..4e7201480 100644
--- a/neutron-mapper/src/main/java/org/opendaylight/groupbasedpolicy/neutron/mapper/mapping/rule/NeutronSecurityRuleAware.java
+++ b/neutron-mapper/src/main/java/org/opendaylight/groupbasedpolicy/neutron/mapper/mapping/rule/NeutronSecurityRuleAware.java
@@ -10,7 +10,6 @@ package org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.rule;
 
 import static com.google.common.base.Preconditions.checkNotNull;
 
-import java.util.List;
 import java.util.Set;
 
 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
@@ -38,8 +37,6 @@ import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev
 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.neutron.gbp.mapper.rev150513.change.action.of.security.group.rules.input.action.ActionChoice;
 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.neutron.gbp.mapper.rev150513.change.action.of.security.group.rules.input.action.action.choice.SfcActionCase;
 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.HasDirection.Direction;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.action.refs.ActionRef;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.action.refs.ActionRefBuilder;
 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.subject.feature.instance.ParameterValueBuilder;
 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.Contract;
 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.endpoint.group.ConsumerNamedSelector;
@@ -109,37 +106,33 @@ public class NeutronSecurityRuleAware implements INeutronSecurityRuleAware {
 
     public boolean changeActionOfNeutronSecurityRule(Uuid secRuleId, ActionChoice action, ReadWriteTransaction rwTx) {
         NeutronSecurityRule secRule = secRuleDao.getSecRuleByUuid(secRuleId);
-        List<ActionRef> actions = createActions(action, SecRuleEntityDecoder.getTenantId(secRule), rwTx);
+        addSfcChainActionInstance(action, SecRuleEntityDecoder.getTenantId(secRule), rwTx);
         LOG.trace("Changing to action {} for secuirity group rule {}", action, secRule);
-        return addNeutronSecurityRuleWithAction(secRule, actions, rwTx);
+        return addNeutronSecurityRuleWithAction(secRule, action, rwTx);
     }
 
-    private List<ActionRef> createActions(ActionChoice action, TenantId tenantId, ReadWriteTransaction rwTx) {
+    private void addSfcChainActionInstance(ActionChoice action, TenantId tenantId, ReadWriteTransaction rwTx) {
         if (action instanceof SfcActionCase) {
             String sfcChainName = ((SfcActionCase) action).getSfcChainName();
-            ActionName actionName = addSfcChainActionInstance(sfcChainName, tenantId, rwTx);
-            return ImmutableList.of(new ActionRefBuilder().setName(actionName).setOrder(0).build());
+            ActionName actionName = new ActionName(sfcChainName);
+            ActionInstance sfcActionInstance = new ActionInstanceBuilder().setName(actionName)
+                .setActionDefinitionId(ChainActionDefinition.ID)
+                .setParameterValue(
+                        ImmutableList.of(new ParameterValueBuilder().setName(
+                                new ParameterName(ChainActionDefinition.SFC_CHAIN_NAME))
+                            .setStringValue(sfcChainName)
+                            .build()))
+                .build();
+            rwTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.actionInstanceIid(tenantId, actionName),
+                    sfcActionInstance, true);
         }
-        return MappingUtils.ACTION_REF_ALLOW;
-    }
-
-    private ActionName addSfcChainActionInstance(String sfcChainName, TenantId tenantId, ReadWriteTransaction rwTx) {
-        ActionName actionName = new ActionName(sfcChainName);
-        ActionInstance sfcActionInstance = new ActionInstanceBuilder().setName(actionName)
-            .setActionDefinitionId(ChainActionDefinition.ID)
-            .setParameterValue(ImmutableList.of(new ParameterValueBuilder()
-                .setName(new ParameterName(ChainActionDefinition.SFC_CHAIN_NAME)).setStringValue(sfcChainName).build()))
-            .build();
-        rwTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.actionInstanceIid(tenantId, actionName),
-                sfcActionInstance, true);
-        return actionName;
     }
 
     public boolean addNeutronSecurityRule(NeutronSecurityRule secRule, ReadWriteTransaction rwTx) {
-        return addNeutronSecurityRuleWithAction(secRule, MappingUtils.ACTION_REF_ALLOW, rwTx);
+        return addNeutronSecurityRuleWithAction(secRule, MappingUtils.ALLOW_ACTION_CHOICE, rwTx);
     }
 
-    public boolean addNeutronSecurityRuleWithAction(NeutronSecurityRule secRule, List<ActionRef> actions,
+    public boolean addNeutronSecurityRuleWithAction(NeutronSecurityRule secRule, ActionChoice action,
             ReadWriteTransaction rwTx) {
         TenantId tenantId = SecRuleEntityDecoder.getTenantId(secRule);
         EndpointGroupId providerEpgId = SecRuleEntityDecoder.getProviderEpgId(secRule);
@@ -147,7 +140,7 @@ public class NeutronSecurityRuleAware implements INeutronSecurityRuleAware {
 
         Description contractDescription = new Description(CONTRACT_PROVIDER
                 + secGroupDao.getNameOrIdOfSecGroup(providerEpgId));
-        SingleRuleContract singleRuleContract = createSingleRuleContract(secRule, contractDescription, actions);
+        SingleRuleContract singleRuleContract = createSingleRuleContract(secRule, contractDescription, action);
         Contract contract = singleRuleContract.getContract();
         rwTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.contractIid(tenantId, contract.getId()), contract, true);
         SelectorName providerSelector = getSelectorNameWithConsumer(secRule);
@@ -172,11 +165,11 @@ public class NeutronSecurityRuleAware implements INeutronSecurityRuleAware {
 
     @VisibleForTesting
     static SingleRuleContract createSingleRuleContract(NeutronSecurityRule secRule, Description contractDescription,
-            List<ActionRef> actions) {
-        if (Strings.isNullOrEmpty(secRule.getSecurityRuleRemoteIpPrefix())) {
-            return new SingleRuleContract(secRule, 0, contractDescription, actions);
+            ActionChoice action) {
+        if (!Strings.isNullOrEmpty(secRule.getSecurityRuleRemoteIpPrefix())) {
+            return new SingleRuleContract(secRule, 0, contractDescription, action);
         }
-        return new SingleRuleContract(secRule, 1, contractDescription, actions);
+        return new SingleRuleContract(secRule, 400, contractDescription, action);
     }
 
     @VisibleForTesting
diff --git a/neutron-mapper/src/main/java/org/opendaylight/groupbasedpolicy/neutron/mapper/mapping/rule/SecRuleEntityDecoder.java b/neutron-mapper/src/main/java/org/opendaylight/groupbasedpolicy/neutron/mapper/mapping/rule/SecRuleEntityDecoder.java
index e9d42f469..c924191fb 100755
--- a/neutron-mapper/src/main/java/org/opendaylight/groupbasedpolicy/neutron/mapper/mapping/rule/SecRuleEntityDecoder.java
+++ b/neutron-mapper/src/main/java/org/opendaylight/groupbasedpolicy/neutron/mapper/mapping/rule/SecRuleEntityDecoder.java
@@ -18,6 +18,7 @@ import javax.annotation.Nullable;
 import org.opendaylight.groupbasedpolicy.api.sf.EtherTypeClassifierDefinition;
 import org.opendaylight.groupbasedpolicy.api.sf.IpProtoClassifierDefinition;
 import org.opendaylight.groupbasedpolicy.api.sf.L4ClassifierDefinition;
+import org.opendaylight.groupbasedpolicy.neutron.mapper.util.MappingUtils;
 import org.opendaylight.groupbasedpolicy.neutron.mapper.util.NeutronUtils;
 import org.opendaylight.groupbasedpolicy.neutron.mapper.util.Utils;
 import org.opendaylight.neutron.spi.NeutronSecurityRule;
@@ -28,7 +29,11 @@ import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev
 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ParameterName;
 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.SubjectName;
 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.TenantId;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.neutron.gbp.mapper.rev150513.change.action.of.security.group.rules.input.action.ActionChoice;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.neutron.gbp.mapper.rev150513.change.action.of.security.group.rules.input.action.action.choice.AllowActionCase;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.neutron.gbp.mapper.rev150513.change.action.of.security.group.rules.input.action.action.choice.SfcActionCase;
 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.HasDirection.Direction;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.action.refs.ActionRef;
 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.classifier.refs.ClassifierRef;
 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.classifier.refs.ClassifierRef.ConnectionTracking;
 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.classifier.refs.ClassifierRefBuilder;
@@ -115,6 +120,15 @@ public class SecRuleEntityDecoder {
         return classifierBuilder.setParameterValue(params).setName(new ClassifierName(classifierName)).build();
     }
 
+    public static ActionRef createActionRefFromActionChoice(ActionChoice action) {
+        if(action instanceof SfcActionCase){
+            return MappingUtils.createSfcActionRef(((SfcActionCase) action).getSfcChainName());
+        } else if (action instanceof AllowActionCase) {
+            return MappingUtils.ACTION_REF_ALLOW;
+        }
+        return null;
+    }
+
     public static ClassifierRef getClassifierRef(NeutronSecurityRule secRule) {
         checkNotNull(secRule);
         ClassifierName classifierInstanceName = SecRuleNameDecoder.getClassifierInstanceName(secRule);
diff --git a/neutron-mapper/src/main/java/org/opendaylight/groupbasedpolicy/neutron/mapper/mapping/rule/SingleClassifierRule.java b/neutron-mapper/src/main/java/org/opendaylight/groupbasedpolicy/neutron/mapper/mapping/rule/SingleClassifierRule.java
index ffe0b9d73..703cec440 100644
--- a/neutron-mapper/src/main/java/org/opendaylight/groupbasedpolicy/neutron/mapper/mapping/rule/SingleClassifierRule.java
+++ b/neutron-mapper/src/main/java/org/opendaylight/groupbasedpolicy/neutron/mapper/mapping/rule/SingleClassifierRule.java
@@ -8,18 +8,23 @@
 
 package org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.rule;
 
-
 import java.util.List;
 
 import javax.annotation.concurrent.Immutable;
 
+import org.opendaylight.groupbasedpolicy.api.sf.EtherTypeClassifierDefinition;
+import org.opendaylight.groupbasedpolicy.api.sf.IpProtoClassifierDefinition;
+import org.opendaylight.groupbasedpolicy.api.sf.L4ClassifierDefinition;
 import org.opendaylight.neutron.spi.NeutronSecurityRule;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.action.refs.ActionRef;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.neutron.gbp.mapper.rev150513.change.action.of.security.group.rules.input.action.ActionChoice;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.neutron.gbp.mapper.rev150513.change.action.of.security.group.rules.input.action.action.choice.SfcActionCase;
 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.classifier.refs.ClassifierRef;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.subject.feature.instance.ParameterValue;
 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.contract.subject.Rule;
 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.contract.subject.RuleBuilder;
 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.subject.feature.instances.ClassifierInstance;
 
+import com.google.common.annotations.VisibleForTesting;
 import com.google.common.collect.ImmutableList;
 
 @Immutable
@@ -29,18 +34,13 @@ public class SingleClassifierRule {
     private final ClassifierRef classifierRef;
     private final Rule rule;
 
-    public SingleClassifierRule(NeutronSecurityRule secRule, int ruleOrder, List<ActionRef> actions) {
+    public SingleClassifierRule(NeutronSecurityRule secRule, int ruleBaseOrder, ActionChoice action) {
         classifierInstance = SecRuleEntityDecoder.getClassifierInstance(secRule);
         classifierRef = SecRuleEntityDecoder.getClassifierRef(secRule);
-        rule = createRule(ruleOrder, secRule, actions);
-    }
-
-    private Rule createRule(int order, NeutronSecurityRule secRule, List<ActionRef> actions) {
-        return new RuleBuilder().setName(SecRuleNameDecoder.getRuleName(secRule))
-            .setOrder(order)
-            .setActionRef(actions)
-            .setClassifierRef(ImmutableList.of(classifierRef))
-            .build();
+        rule = createRule(
+                updateOrderBasedOn(classifierInstance, action, ruleBaseOrder),
+                secRule,
+                action);
     }
 
     public ClassifierInstance getClassifierInstance() {
@@ -55,4 +55,69 @@ public class SingleClassifierRule {
         return rule;
     }
 
+    private Rule createRule(int order, NeutronSecurityRule secRule, ActionChoice action) {
+        return new RuleBuilder().setName(SecRuleNameDecoder.getRuleName(secRule))
+            .setOrder(order)
+            .setActionRef(ImmutableList.of(SecRuleEntityDecoder.createActionRefFromActionChoice(action)))
+            .setClassifierRef(ImmutableList.<ClassifierRef>of(classifierRef))
+            .build();
+    }
+
+    /**
+     * Increases initial order of potential {@link Rule} containing single
+     * {@link ClassifierInstance} based on parameter values of the instance.
+     * <br>
+     * The following section describes how L4 port specification is prioritized
+     * from most specific to least specific:<br>
+     * 1) src port AND dst port<br>
+     * 2) (src port range AND dst port) OR (src port AND dst port range)<br>
+     * 3) src port range AND dst port range<br>
+     * 4) src port OR dst port<br>
+     * 5) src port range OR dst port range<br>
+     *
+     * @param ci instance object of {@link ClassifierInstance}
+     * @param baseOrder initial order value calculated for the {@link Rule}
+     * @return value of incremented order based on parameter values.
+     *
+     * @see ParameterValue
+     */
+    @VisibleForTesting
+    static int updateOrderBasedOn(ClassifierInstance ci, ActionChoice action, Integer baseOrder) {
+        int delta = 0;
+        if (ci.getClassifierDefinitionId().equals(EtherTypeClassifierDefinition.ID)) {
+            delta = 350;
+        } else if (ci.getClassifierDefinitionId().equals(IpProtoClassifierDefinition.ID)) {
+            delta = 300;
+        } else if (ci.getClassifierDefinitionId().equals(L4ClassifierDefinition.ID)) {
+            delta = 200;
+            List<ParameterValue> parameterValue = ci.getParameterValue();
+            for (ParameterValue pv : parameterValue) {
+                // SRC/DST_PORT_PARAM is considered to be more
+                // specific than SRC/DST_PORT_RANGE_PARAM.
+                if (isSrcOrDstPortParam(pv)) {
+                    delta -= 30;
+                } else if (isRangePortParam(pv)) {
+                    delta -= pv.getRangeValue().getMin().equals(pv.getRangeValue().getMax()) ? 30 : 20;
+                }
+            }
+        }
+        if (action instanceof SfcActionCase) {
+            delta -= 5;
+        }
+        // more specific CIs should have lower order calculated.
+        return baseOrder + delta;
+    }
+
+    private static boolean isRangePortParam(ParameterValue pv) {
+        String pvName = pv.getName().getValue();
+        return pv.getRangeValue() != null
+                && (pvName.equals(L4ClassifierDefinition.SRC_PORT_RANGE_PARAM) || pvName.equals(L4ClassifierDefinition.DST_PORT_RANGE_PARAM));
+    }
+
+    private static boolean isSrcOrDstPortParam(ParameterValue pv) {
+        String pvName = pv.getName().getValue();
+        return pv.getIntValue() != null
+                && (pvName.equals(L4ClassifierDefinition.SRC_PORT_PARAM) || pvName.equals(L4ClassifierDefinition.DST_PORT_PARAM));
+    }
+
 }
diff --git a/neutron-mapper/src/main/java/org/opendaylight/groupbasedpolicy/neutron/mapper/mapping/rule/SingleRuleContract.java b/neutron-mapper/src/main/java/org/opendaylight/groupbasedpolicy/neutron/mapper/mapping/rule/SingleRuleContract.java
index d81876493..61082c0cf 100644
--- a/neutron-mapper/src/main/java/org/opendaylight/groupbasedpolicy/neutron/mapper/mapping/rule/SingleRuleContract.java
+++ b/neutron-mapper/src/main/java/org/opendaylight/groupbasedpolicy/neutron/mapper/mapping/rule/SingleRuleContract.java
@@ -10,15 +10,12 @@ package org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.rule;
 
 import static com.google.common.base.Preconditions.checkNotNull;
 
-import java.util.List;
-
 import javax.annotation.Nullable;
 import javax.annotation.concurrent.Immutable;
 
 import org.opendaylight.neutron.spi.NeutronSecurityRule;
 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.Description;
 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.neutron.gbp.mapper.rev150513.change.action.of.security.group.rules.input.action.ActionChoice;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.action.refs.ActionRef;
 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.Contract;
 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.ContractBuilder;
 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.contract.Clause;
@@ -37,17 +34,17 @@ public class SingleRuleContract {
     private final Clause clause;
     private final Contract contract;
 
-    public SingleRuleContract(NeutronSecurityRule secRule, int subjectAndRuleOrder, @Nullable Description contractDescription, List<ActionRef> actions) {
-        this(secRule, new SingleClassifierRule(secRule, subjectAndRuleOrder, actions), subjectAndRuleOrder, contractDescription);
+    public SingleRuleContract(NeutronSecurityRule secRule, int subjectAndRuleOrder, @Nullable Description contractDescription, ActionChoice action) {
+        this(secRule, new SingleClassifierRule(secRule, subjectAndRuleOrder, action), contractDescription);
     }
 
     public SingleRuleContract(NeutronSecurityRule secRule, SingleClassifierRule singleClassifierRule,
-            int subjectOrder, @Nullable Description contractDescription) {
+            @Nullable Description contractDescription) {
         checkNotNull(secRule);
         this.singleClassifierRule = checkNotNull(singleClassifierRule);
         this.rule = singleClassifierRule.getRule();
         this.subject = new SubjectBuilder().setName(SecRuleNameDecoder.getSubjectName(secRule))
-            .setOrder(subjectOrder)
+            .setOrder(singleClassifierRule.getRule().getOrder())
             .setRule(ImmutableList.of(rule))
             .build();
         this.clause = SecRuleEntityDecoder.getClause(secRule);
diff --git a/neutron-mapper/src/main/java/org/opendaylight/groupbasedpolicy/neutron/mapper/util/MappingUtils.java b/neutron-mapper/src/main/java/org/opendaylight/groupbasedpolicy/neutron/mapper/util/MappingUtils.java
index 9ce5f647c..fb8df5151 100644
--- a/neutron-mapper/src/main/java/org/opendaylight/groupbasedpolicy/neutron/mapper/util/MappingUtils.java
+++ b/neutron-mapper/src/main/java/org/opendaylight/groupbasedpolicy/neutron/mapper/util/MappingUtils.java
@@ -23,6 +23,10 @@ import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev
 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.L2FloodDomainId;
 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.L3ContextId;
 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.TenantId;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.neutron.gbp.mapper.rev150513.change.action.of.security.group.rules.input.action.ActionChoice;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.neutron.gbp.mapper.rev150513.change.action.of.security.group.rules.input.action.action.choice.AllowActionCaseBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.neutron.gbp.mapper.rev150513.change.action.of.security.group.rules.input.action.action.choice.SfcActionCaseBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.neutron.gbp.mapper.rev150513.change.action.of.security.group.rules.input.action.action.choice.allow.action._case.AllowBuilder;
 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.action.refs.ActionRef;
 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.action.refs.ActionRefBuilder;
 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.forwarding.context.L2BridgeDomain;
@@ -32,7 +36,6 @@ import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev
 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.subject.feature.instances.ActionInstanceBuilder;
 
 import com.google.common.base.Optional;
-import com.google.common.collect.ImmutableList;
 
 public final class MappingUtils {
 
@@ -43,8 +46,10 @@ public final class MappingUtils {
             new ActionName("Allow"))
         .setActionDefinitionId(AllowActionDefinition.DEFINITION.getId())
         .build();
-    public static final List<ActionRef> ACTION_REF_ALLOW =
-            ImmutableList.of(new ActionRefBuilder().setName(ACTION_ALLOW.getName()).setOrder(0).build());
+    public static final ActionChoice ALLOW_ACTION_CHOICE = new AllowActionCaseBuilder().setAllow(
+            new AllowBuilder().build()).build();
+    public static final ActionRef ACTION_REF_ALLOW =
+            new ActionRefBuilder().setName(ACTION_ALLOW.getName()).setOrder(0).build();
     public static final EndpointGroupId EPG_EXTERNAL_ID = new EndpointGroupId("eeeaa3a2-e9ba-44e0-a462-bea923d30e38");
 
     public static final String NAME_VALUE_DELIMETER = "-";
@@ -55,6 +60,14 @@ public final class MappingUtils {
         throw new UnsupportedOperationException("Cannot create an instance.");
     }
 
+    public static ActionRef createSfcActionRef(String sfcChainName) {
+        return new ActionRefBuilder().setName(new ActionName(sfcChainName)).setOrder(0).build();
+    }
+
+    public static ActionChoice createSfcActionChoice(String chainName) {
+        return new SfcActionCaseBuilder().setSfcChainName(chainName).build();
+    }
+
     public static ForwardingCtx createForwardingContext(TenantId tenantId, L2FloodDomainId l2FdId, ReadTransaction rTx) {
         Optional<L2FloodDomain> potentialL2Fd = DataStoreHelper.readFromDs(LogicalDatastoreType.CONFIGURATION,
                 IidFactory.l2FloodDomainIid(tenantId, l2FdId), rTx);
diff --git a/neutron-mapper/src/test/java/org/opendaylight/groupbasedpolicy/neutron/mapper/mapping/rule/SingleClassifierRuleTest.java b/neutron-mapper/src/test/java/org/opendaylight/groupbasedpolicy/neutron/mapper/mapping/rule/SingleClassifierRuleTest.java
index d883f46d8..b5f016a25 100644
--- a/neutron-mapper/src/test/java/org/opendaylight/groupbasedpolicy/neutron/mapper/mapping/rule/SingleClassifierRuleTest.java
+++ b/neutron-mapper/src/test/java/org/opendaylight/groupbasedpolicy/neutron/mapper/mapping/rule/SingleClassifierRuleTest.java
@@ -3,25 +3,45 @@ package org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.rule;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertNotNull;
 
+import java.lang.reflect.Method;
+import java.util.Arrays;
+
 import org.junit.Test;
+import org.opendaylight.groupbasedpolicy.api.sf.EtherTypeClassifierDefinition;
+import org.opendaylight.groupbasedpolicy.api.sf.IpProtoClassifierDefinition;
+import org.opendaylight.groupbasedpolicy.api.sf.L4ClassifierDefinition;
 import org.opendaylight.groupbasedpolicy.neutron.mapper.test.NeutronEntityFactory;
 import org.opendaylight.groupbasedpolicy.neutron.mapper.test.PolicyAssert;
 import org.opendaylight.groupbasedpolicy.neutron.mapper.util.MappingUtils;
 import org.opendaylight.groupbasedpolicy.neutron.mapper.util.NeutronUtils;
 import org.opendaylight.neutron.spi.NeutronSecurityRule;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ClassifierDefinitionId;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ParameterName;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.neutron.gbp.mapper.rev150513.change.action.of.security.group.rules.input.action.ActionChoice;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.neutron.gbp.mapper.rev150513.change.action.of.security.group.rules.input.action.action.choice.AllowActionCaseBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.neutron.gbp.mapper.rev150513.change.action.of.security.group.rules.input.action.action.choice.SfcActionCaseBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.neutron.gbp.mapper.rev150513.change.action.of.security.group.rules.input.action.action.choice.allow.action._case.AllowBuilder;
 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.classifier.refs.ClassifierRef;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.subject.feature.instance.ParameterValue;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.subject.feature.instance.ParameterValueBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.subject.feature.instance.parameter.value.RangeValueBuilder;
 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.contract.subject.Rule;
 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.subject.feature.instances.ClassifierInstance;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.subject.feature.instances.ClassifierInstanceBuilder;
 
 public class SingleClassifierRuleTest {
 
+    private ActionChoice allow = new AllowActionCaseBuilder().setAllow(new AllowBuilder().build()).build();
+    private ActionChoice sfc = new SfcActionCaseBuilder().setSfcChainName("orange_chain").build();
+    private SingleClassifierRule singleClsfRule;
+
     @Test
     public void testConstructorAndGetters() {
         NeutronSecurityRule secRule = NeutronEntityFactory.securityRuleWithoutGroupIds(
                 "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa", "bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb", NeutronUtils.IPv4,
                 NeutronUtils.INGRESS, NeutronUtils.TCP, 8010, 8020);
         final int ruleOrder = 1;
-        SingleClassifierRule singleClsfRule = new SingleClassifierRule(secRule, ruleOrder, MappingUtils.ACTION_REF_ALLOW);
+        singleClsfRule = new SingleClassifierRule(secRule, ruleOrder, MappingUtils.ALLOW_ACTION_CHOICE);
 
         ClassifierInstance clsfInstance = singleClsfRule.getClassifierInstance();
         assertNotNull(clsfInstance);
@@ -33,6 +53,75 @@ public class SingleClassifierRuleTest {
 
         Rule rule = singleClsfRule.getRule();
         assertNotNull(rule);
-        PolicyAssert.assertRule(rule, secRule, ruleOrder);
+        PolicyAssert.assertRule(rule, secRule, ruleOrder + 180);
+    }
+
+    @Test
+    public final void updateOrderBasedOnEthTypeClassifTest() throws Exception {
+        ClassifierInstance ci = createClassifierInstance(EtherTypeClassifierDefinition.ID);
+        SingleClassifierRule.updateOrderBasedOn(ci, allow, 0);
+        assertEquals(SingleClassifierRule.updateOrderBasedOn(ci, allow, 0), 350);
+        assertEquals(SingleClassifierRule.updateOrderBasedOn(ci, sfc, 0), 345);
+    }
+
+    @Test
+    public final void updateOrderBasedOnProtoClassifTest() throws Exception {
+        ClassifierInstance ci = createClassifierInstance(IpProtoClassifierDefinition.ID);
+        assertEquals(SingleClassifierRule.updateOrderBasedOn(ci, allow, 0), 300);
+        assertEquals(SingleClassifierRule.updateOrderBasedOn(ci, sfc, 0), 295);
+    }
+
+    @Test
+    public final void updateOrderBasedOnL4ClassifTest() throws Exception {
+        ParameterValue sPort = createIntParameterValue(L4ClassifierDefinition.SRC_PORT_PARAM, Long.valueOf(4999));
+        ParameterValue dPort = createIntParameterValue(L4ClassifierDefinition.DST_PORT_PARAM, Long.valueOf(8080));
+        ParameterValue sMiniRange = createRangeParameterValue(L4ClassifierDefinition.SRC_PORT_RANGE_PARAM, 1000, 1000);
+        ParameterValue dMiniRange = createRangeParameterValue(L4ClassifierDefinition.DST_PORT_RANGE_PARAM, 2000, 2000);
+        ParameterValue sPortRange = createRangeParameterValue(L4ClassifierDefinition.SRC_PORT_RANGE_PARAM, 3335, 3336);
+        ParameterValue dPortRange = createRangeParameterValue(L4ClassifierDefinition.DST_PORT_RANGE_PARAM, 9998, 9999);
+        ClassifierInstance ci;
+        ci = createClassifierInstance(L4ClassifierDefinition.ID, dPortRange);
+        assertEquals(SingleClassifierRule.updateOrderBasedOn(ci, allow, 0), 180);
+        ci = createClassifierInstance(L4ClassifierDefinition.ID, sPortRange);
+        assertEquals(SingleClassifierRule.updateOrderBasedOn(ci, allow, 0), 180);
+        ci = createClassifierInstance(L4ClassifierDefinition.ID, sPort);
+        assertEquals(SingleClassifierRule.updateOrderBasedOn(ci, allow, 0), 170);
+        ci = createClassifierInstance(L4ClassifierDefinition.ID, sMiniRange);
+        assertEquals(SingleClassifierRule.updateOrderBasedOn(ci, allow, 0), 170);
+        ci = createClassifierInstance(L4ClassifierDefinition.ID, dPort);
+        assertEquals(SingleClassifierRule.updateOrderBasedOn(ci, allow, 0), 170);
+        ci = createClassifierInstance(L4ClassifierDefinition.ID, dMiniRange);
+        assertEquals(SingleClassifierRule.updateOrderBasedOn(ci, allow, 0), 170);
+        ci = createClassifierInstance(L4ClassifierDefinition.ID, sPortRange, dPortRange);
+        assertEquals(SingleClassifierRule.updateOrderBasedOn(ci, allow, 0), 160);
+        ci = createClassifierInstance(L4ClassifierDefinition.ID, sPortRange, dPort);
+        assertEquals(SingleClassifierRule.updateOrderBasedOn(ci, allow, 0), 150);
+        ci = createClassifierInstance(L4ClassifierDefinition.ID, sPortRange, dMiniRange);
+        assertEquals(SingleClassifierRule.updateOrderBasedOn(ci, allow, 0), 150);
+        ci = createClassifierInstance(L4ClassifierDefinition.ID, dPortRange, sPort);
+        assertEquals(SingleClassifierRule.updateOrderBasedOn(ci, allow, 0), 150);
+        ci = createClassifierInstance(L4ClassifierDefinition.ID, dPortRange, sMiniRange);
+        assertEquals(SingleClassifierRule.updateOrderBasedOn(ci, allow, 0), 150);
+    }
+
+    private ParameterValue createIntParameterValue(String paramName, Long value) {
+        return new ParameterValueBuilder().setName(new ParameterName(paramName)).setIntValue(value).build();
+    }
+
+    private ParameterValue createRangeParameterValue(String paramName, int min, int max) {
+        return new ParameterValueBuilder()
+            .setName(new ParameterName(paramName))
+            .setRangeValue(new RangeValueBuilder()
+                .setMin(Long.valueOf(min))
+                .setMax(Long.valueOf(max))
+                .build())
+            .build();
+    }
+
+    private ClassifierInstance createClassifierInstance(ClassifierDefinitionId id, ParameterValue... pv) {
+        return new ClassifierInstanceBuilder()
+            .setClassifierDefinitionId(id)
+            .setParameterValue(Arrays.asList(pv))
+            .build();
     }
 }
diff --git a/neutron-mapper/src/test/java/org/opendaylight/groupbasedpolicy/neutron/mapper/mapping/rule/SingleRuleContractTest.java b/neutron-mapper/src/test/java/org/opendaylight/groupbasedpolicy/neutron/mapper/mapping/rule/SingleRuleContractTest.java
index dc97dd1c1..c3c513da6 100644
--- a/neutron-mapper/src/test/java/org/opendaylight/groupbasedpolicy/neutron/mapper/mapping/rule/SingleRuleContractTest.java
+++ b/neutron-mapper/src/test/java/org/opendaylight/groupbasedpolicy/neutron/mapper/mapping/rule/SingleRuleContractTest.java
@@ -26,7 +26,7 @@ public class SingleRuleContractTest {
                 NeutronUtils.INGRESS, NeutronUtils.TCP, 8010, 8020);
         int subjectAndRuleOrder = 1;
         SingleRuleContract singleRuleContract = new SingleRuleContract(secRule, subjectAndRuleOrder, new Description(
-                "contractDescription"), MappingUtils.ACTION_REF_ALLOW);
+                "contractDescription"), MappingUtils.ALLOW_ACTION_CHOICE);
 
         SingleClassifierRule singleClsfRule = singleRuleContract.getSingleClassifierRule();
         assertNotNull(singleClsfRule);
@@ -41,7 +41,7 @@ public class SingleRuleContractTest {
 
         Rule rule = singleClsfRule.getRule();
         assertNotNull(rule);
-        PolicyAssert.assertRule(rule, secRule, subjectAndRuleOrder);
+        PolicyAssert.assertRule(rule, secRule, subjectAndRuleOrder + 180);
 
         assertEquals(rule, singleRuleContract.getRule());