[ONOS-6230] SONA - Reimplements SNAT features using OVS CT & NAT features.
Change-Id: I84fcf66b39d38d74aedd498ae5c8af31ad8615ae
diff --git a/apps/openstacknetworking/src/main/java/org/onosproject/openstacknetworking/api/Constants.java b/apps/openstacknetworking/src/main/java/org/onosproject/openstacknetworking/api/Constants.java
index daedcc2..bcd31d0 100644
--- a/apps/openstacknetworking/src/main/java/org/onosproject/openstacknetworking/api/Constants.java
+++ b/apps/openstacknetworking/src/main/java/org/onosproject/openstacknetworking/api/Constants.java
@@ -34,6 +34,7 @@
public static final int PRIORITY_TUNNEL_TAG_RULE = 30000;
public static final int PRIORITY_FLOATING_INTERNAL = 42000;
public static final int PRIORITY_FLOATING_EXTERNAL = 41000;
+ public static final int PRIORITY_OVS_SNAT_RULE = 40500;
public static final int PRIORITY_ICMP_RULE = 43000;
public static final int PRIORITY_INTERNAL_ROUTING_RULE = 28000;
public static final int PRIORITY_EXTERNAL_ROUTING_RULE = 25000;
diff --git a/apps/openstacknetworking/src/main/java/org/onosproject/openstacknetworking/impl/OpenstackRoutingHandler.java b/apps/openstacknetworking/src/main/java/org/onosproject/openstacknetworking/impl/OpenstackRoutingHandler.java
index 084f1b8..fafd667 100644
--- a/apps/openstacknetworking/src/main/java/org/onosproject/openstacknetworking/impl/OpenstackRoutingHandler.java
+++ b/apps/openstacknetworking/src/main/java/org/onosproject/openstacknetworking/impl/OpenstackRoutingHandler.java
@@ -26,6 +26,7 @@
import org.onlab.packet.IPv4;
import org.onlab.packet.IpAddress;
import org.onlab.packet.IpPrefix;
+import org.onlab.packet.MacAddress;
import org.onlab.packet.VlanId;
import org.onosproject.cluster.ClusterService;
import org.onosproject.cluster.LeadershipService;
@@ -33,13 +34,21 @@
import org.onosproject.core.ApplicationId;
import org.onosproject.core.CoreService;
import org.onosproject.core.GroupId;
+import org.onosproject.mastership.MastershipService;
import org.onosproject.net.DeviceId;
import org.onosproject.net.PortNumber;
+import org.onosproject.net.device.DeviceService;
+import org.onosproject.net.driver.DriverService;
import org.onosproject.net.flow.DefaultTrafficSelector;
import org.onosproject.net.flow.DefaultTrafficTreatment;
import org.onosproject.net.flow.TrafficSelector;
import org.onosproject.net.flow.TrafficTreatment;
+import org.onosproject.net.flow.instructions.ExtensionTreatment;
import org.onosproject.openstacknetworking.api.Constants;
+import org.onosproject.openstacknetworking.api.InstancePort;
+import org.onosproject.openstacknetworking.api.InstancePortEvent;
+import org.onosproject.openstacknetworking.api.InstancePortListener;
+import org.onosproject.openstacknetworking.api.InstancePortService;
import org.onosproject.openstacknetworking.api.OpenstackFlowRuleService;
import org.onosproject.openstacknetworking.api.OpenstackNetworkService;
import org.onosproject.openstacknetworking.api.OpenstackRouterEvent;
@@ -60,13 +69,25 @@
import org.slf4j.LoggerFactory;
import java.util.Objects;
+import java.util.Optional;
import java.util.Set;
import java.util.concurrent.ExecutorService;
import java.util.stream.Collectors;
import static java.util.concurrent.Executors.newSingleThreadScheduledExecutor;
import static org.onlab.util.Tools.groupedThreads;
-import static org.onosproject.openstacknetworking.api.Constants.*;
+import static org.onosproject.openstacknetworking.api.Constants.DEFAULT_EXTERNAL_ROUTER_MAC;
+import static org.onosproject.openstacknetworking.api.Constants.DEFAULT_GATEWAY_MAC;
+import static org.onosproject.openstacknetworking.api.Constants.FORWARDING_TABLE;
+import static org.onosproject.openstacknetworking.api.Constants.GW_COMMON_TABLE;
+import static org.onosproject.openstacknetworking.api.Constants.OPENSTACK_NETWORKING_APP_ID;
+import static org.onosproject.openstacknetworking.api.Constants.PRIORITY_EXTERNAL_ROUTING_RULE;
+import static org.onosproject.openstacknetworking.api.Constants.PRIORITY_ICMP_RULE;
+import static org.onosproject.openstacknetworking.api.Constants.PRIORITY_INTERNAL_ROUTING_RULE;
+import static org.onosproject.openstacknetworking.api.Constants.PRIORITY_OVS_SNAT_RULE;
+import static org.onosproject.openstacknetworking.api.Constants.PRIORITY_SWITCHING_RULE;
+import static org.onosproject.openstacknetworking.api.Constants.ROUTING_TABLE;
+import static org.onosproject.openstacknetworking.impl.RulePopulatorUtil.buildExtension;
import static org.onosproject.openstacknode.api.OpenstackNode.NodeType.COMPUTE;
import static org.onosproject.openstacknode.api.OpenstackNode.NodeType.GATEWAY;
@@ -102,12 +123,25 @@
protected OpenstackRouterService osRouterService;
@Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
+ protected InstancePortService instancePortService;
+
+ @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
+ protected DeviceService deviceService;
+
+ @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
protected OpenstackFlowRuleService osFlowRuleService;
+ @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
+ protected MastershipService mastershipService;
+
+ @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
+ protected DriverService driverService;
+
private final ExecutorService eventExecutor = newSingleThreadScheduledExecutor(
groupedThreads(this.getClass().getSimpleName(), "event-handler", log));
private final OpenstackNodeListener osNodeListener = new InternalNodeEventListener();
private final OpenstackRouterListener osRouterListener = new InternalRouterEventListener();
+ private final InstancePortListener instancePortListener = new InternalInstancePortListener();
private ApplicationId appId;
private NodeId localNodeId;
@@ -119,6 +153,7 @@
leadershipService.runForLeadership(appId.name());
osNodeService.addListener(osNodeListener);
osRouterService.addListener(osRouterListener);
+ instancePortService.addListener(instancePortListener);
log.info("Started");
}
@@ -127,6 +162,7 @@
protected void deactivate() {
osRouterService.removeListener(osRouterListener);
osNodeService.removeListener(osNodeListener);
+ instancePortService.removeListener(instancePortListener);
leadershipService.withdraw(appId.name());
eventExecutor.shutdown();
@@ -137,11 +173,11 @@
ExternalGateway exGateway = osRouter.getExternalGatewayInfo();
if (exGateway == null) {
osRouterService.routerInterfaces(osRouter.getId()).forEach(iface -> {
- setSourceNat(iface, false);
+ setSourceNat(osRouter, iface, false);
});
} else {
osRouterService.routerInterfaces(osRouter.getId()).forEach(iface -> {
- setSourceNat(iface, exGateway.isEnableSnat());
+ setSourceNat(osRouter, iface, exGateway.isEnableSnat());
});
}
}
@@ -159,7 +195,7 @@
setGatewayIcmp(osSubnet, true);
ExternalGateway exGateway = osRouter.getExternalGatewayInfo();
if (exGateway != null && exGateway.isEnableSnat()) {
- setSourceNat(osRouterIface, true);
+ setSourceNat(osRouter, osRouterIface, true);
}
log.info("Connected subnet({}) to {}", osSubnet.getCidr(), osRouter.getName());
}
@@ -178,12 +214,12 @@
setGatewayIcmp(osSubnet, false);
ExternalGateway exGateway = osRouter.getExternalGatewayInfo();
if (exGateway != null && exGateway.isEnableSnat()) {
- setSourceNat(osRouterIface, false);
+ setSourceNat(osRouter, osRouterIface, false);
}
log.info("Disconnected subnet({}) from {}", osSubnet.getCidr(), osRouter.getName());
}
- private void setSourceNat(RouterInterface routerIface, boolean install) {
+ private void setSourceNat(Router osRouter, RouterInterface routerIface, boolean install) {
Subnet osSubnet = osNetworkService.subnet(routerIface.getSubnetId());
Network osNet = osNetworkService.network(osSubnet.getNetworkId());
@@ -193,20 +229,48 @@
install);
});
- // take the first outgoing packet to controller for source NAT
- osNodeService.completeNodes(GATEWAY).forEach(gNode -> {
- setRulesToController(
- gNode,
- osNet.getProviderSegID(),
- IpPrefix.valueOf(osSubnet.getCidr()),
- osNet.getNetworkType(),
- install);
- });
+ IpAddress natAddress = getGatewayIpAddress(osRouter);
+ if (natAddress == null) {
+ return;
+ }
+ String netId = osNetworkService.subnet(routerIface.getSubnetId()).getNetworkId();
+
+ osNodeService.completeNodes(OpenstackNode.NodeType.GATEWAY)
+ .forEach(gwNode -> {
+ instancePortService.instancePorts(netId).stream()
+ .forEach(port -> setRulesForSnatIngressRule(gwNode.intgBridge(),
+ Long.parseLong(osNet.getProviderSegID()),
+ IpPrefix.valueOf(port.ipAddress(), 32),
+ port.deviceId(),
+ install));
+
+ setOvsNatIngressRule(gwNode.intgBridge(),
+ IpPrefix.valueOf(natAddress, 32),
+ Constants.DEFAULT_EXTERNAL_ROUTER_MAC, install);
+ setOvsNatEgressRule(gwNode.intgBridge(),
+ natAddress, Long.parseLong(osNet.getProviderSegID()),
+ gwNode.patchPortNum(), install);
+ });
final String updateStr = install ? MSG_ENABLED : MSG_DISABLED;
log.info(updateStr + "external access for subnet({})", osSubnet.getCidr());
}
+ private IpAddress getGatewayIpAddress(Router osRouter) {
+
+ String extNetId = osNetworkService.network(osRouter.getExternalGatewayInfo().getNetworkId()).getId();
+ Optional<Subnet> extSubnet = osNetworkService.subnets().stream()
+ .filter(subnet -> subnet.getNetworkId().equals(extNetId))
+ .findAny();
+
+ if (!extSubnet.isPresent()) {
+ log.error("Cannot find externel subnet for the router");
+ return null;
+ }
+
+ return IpAddress.valueOf(extSubnet.get().getGateway());
+ }
+
private void setGatewayIcmp(Subnet osSubnet, boolean install) {
if (Strings.isNullOrEmpty(osSubnet.getGateway())) {
// do nothing if no gateway is set
@@ -481,38 +545,29 @@
install);
}
- private void setRulesToController(OpenstackNode osNode, String segmentId,
- IpPrefix srcSubnet,
- NetworkType networkType, boolean install) {
- TrafficSelector.Builder sBuilder = DefaultTrafficSelector.builder()
+ private void setRulesForSnatIngressRule(DeviceId deviceId, Long vni, IpPrefix destVmIp,
+ DeviceId dstDeviceId, boolean install) {
+
+ TrafficSelector selector = DefaultTrafficSelector.builder()
.matchEthType(Ethernet.TYPE_IPV4)
- .matchIPSrc(srcSubnet.getIp4Prefix());
+ .matchIPDst(destVmIp)
+ .build();
- TrafficTreatment.Builder tBuilder = DefaultTrafficTreatment.builder()
- .setEthDst(Constants.DEFAULT_GATEWAY_MAC)
- .setOutput(PortNumber.CONTROLLER);
-
- switch (networkType) {
- case VXLAN:
- sBuilder.matchTunnelId(Long.parseLong(segmentId))
- .matchEthDst(Constants.DEFAULT_GATEWAY_MAC);
- break;
- case VLAN:
- sBuilder.matchVlanId(VlanId.vlanId(segmentId))
- .matchEthDst(osNode.vlanPortMac());
- tBuilder.popVlan();
- break;
- default:
- final String error = String.format(ERR_UNSUPPORTED_NET_TYPE + "%s",
- networkType.toString());
- throw new IllegalStateException(error);
- }
+ TrafficTreatment treatment = DefaultTrafficTreatment.builder()
+ .setTunnelId(vni)
+ .extension(buildExtension(
+ deviceService,
+ deviceId,
+ osNodeService.node(dstDeviceId).dataIp().getIp4Address()),
+ deviceId)
+ .setOutput(osNodeService.node(deviceId).tunnelPortNum())
+ .build();
osFlowRuleService.setRule(
appId,
- osNode.intgBridge(),
- sBuilder.build(),
- tBuilder.build(),
+ deviceId,
+ selector,
+ treatment,
PRIORITY_EXTERNAL_ROUTING_RULE,
Constants.GW_COMMON_TABLE,
install);
@@ -550,6 +605,67 @@
install);
}
+ private void setOvsNatIngressRule(DeviceId deviceId, IpPrefix cidr, MacAddress dstMac, boolean install) {
+
+ TrafficSelector selector = DefaultTrafficSelector.builder()
+ .matchEthType(Ethernet.TYPE_IPV4)
+ .matchIPDst(cidr)
+ .build();
+
+ ExtensionTreatment natTreatment = RulePopulatorUtil.niciraConnTrackTreatmentBuilder(driverService, deviceId)
+ .commit(false)
+ .natAction(true)
+ .table((short) 0)
+ .build();
+
+ TrafficTreatment treatment = DefaultTrafficTreatment.builder()
+ .setEthDst(dstMac)
+ .extension(natTreatment, deviceId)
+ .build();
+
+ osFlowRuleService.setRule(
+ appId,
+ deviceId,
+ selector,
+ treatment,
+ PRIORITY_OVS_SNAT_RULE,
+ GW_COMMON_TABLE,
+ install);
+ }
+
+ private void setOvsNatEgressRule(DeviceId deviceId, IpAddress natAddress, long vni, PortNumber output,
+ boolean install) {
+
+ TrafficSelector selector = DefaultTrafficSelector.builder()
+ .matchEthType(Ethernet.TYPE_IPV4)
+ .matchEthDst(DEFAULT_GATEWAY_MAC)
+ .matchTunnelId(vni)
+ .build();
+
+ ExtensionTreatment natTreatment = RulePopulatorUtil.niciraConnTrackTreatmentBuilder(driverService, deviceId)
+ .commit(true)
+ .natAction(true)
+ .natIp(natAddress)
+ .build();
+
+ TrafficTreatment treatment = DefaultTrafficTreatment.builder()
+ .extension(natTreatment, deviceId)
+ .setEthDst(DEFAULT_EXTERNAL_ROUTER_MAC)
+ .setEthSrc(DEFAULT_GATEWAY_MAC)
+ .setOutput(output)
+ .build();
+
+ osFlowRuleService.setRule(
+ appId,
+ deviceId,
+ selector,
+ treatment,
+ PRIORITY_OVS_SNAT_RULE,
+ GW_COMMON_TABLE,
+ install);
+ }
+
+
private class InternalRouterEventListener implements OpenstackRouterListener {
@Override
@@ -653,4 +769,57 @@
});
}
}
+
+ private class InternalInstancePortListener implements InstancePortListener {
+
+ @Override
+ public boolean isRelevant(InstancePortEvent event) {
+ InstancePort instPort = event.subject();
+ return mastershipService.isLocalMaster(instPort.deviceId());
+ }
+
+ @Override
+ public void event(InstancePortEvent event) {
+ InstancePort instPort = event.subject();
+ switch (event.type()) {
+ case OPENSTACK_INSTANCE_PORT_UPDATED:
+ case OPENSTACK_INSTANCE_PORT_DETECTED:
+ eventExecutor.execute(() -> {
+ log.info("RoutingHandler: Instance port detected MAC:{} IP:{}",
+ instPort.macAddress(),
+ instPort.ipAddress());
+ instPortDetected(event.subject());
+ });
+ break;
+ case OPENSTACK_INSTANCE_PORT_VANISHED:
+ eventExecutor.execute(() -> {
+ log.info("RoutingHandler: Instance port vanished MAC:{} IP:{}",
+ instPort.macAddress(),
+ instPort.ipAddress());
+ instPortRemoved(event.subject());
+ });
+ break;
+ default:
+ break;
+ }
+ }
+
+ private void instPortDetected(InstancePort instPort) {
+ osNodeService.completeNodes(GATEWAY)
+ .forEach(gwNode -> setRulesForSnatIngressRule(gwNode.intgBridge(),
+ Long.parseLong(osNetworkService.network(instPort.networkId()).getProviderSegID()),
+ IpPrefix.valueOf(instPort.ipAddress(), 32),
+ instPort.deviceId(),
+ true));
+ }
+
+ private void instPortRemoved(InstancePort instPort) {
+ osNodeService.completeNodes(GATEWAY)
+ .forEach(gwNode -> setRulesForSnatIngressRule(gwNode.intgBridge(),
+ Long.parseLong(osNetworkService.network(instPort.networkId()).getProviderSegID()),
+ IpPrefix.valueOf(instPort.ipAddress(), 32),
+ instPort.deviceId(),
+ false));
+ }
+ }
}
diff --git a/apps/openstacknetworking/src/main/java/org/onosproject/openstacknetworking/impl/OpenstackRoutingIcmpHandler.java b/apps/openstacknetworking/src/main/java/org/onosproject/openstacknetworking/impl/OpenstackRoutingIcmpHandler.java
index a6f0a39..5005700 100644
--- a/apps/openstacknetworking/src/main/java/org/onosproject/openstacknetworking/impl/OpenstackRoutingIcmpHandler.java
+++ b/apps/openstacknetworking/src/main/java/org/onosproject/openstacknetworking/impl/OpenstackRoutingIcmpHandler.java
@@ -29,28 +29,22 @@
import org.onlab.packet.MacAddress;
import org.onosproject.core.ApplicationId;
import org.onosproject.core.CoreService;
-import org.onosproject.mastership.MastershipService;
import org.onosproject.net.DeviceId;
-import org.onosproject.net.flow.DefaultTrafficSelector;
import org.onosproject.net.flow.DefaultTrafficTreatment;
-import org.onosproject.net.flow.TrafficSelector;
import org.onosproject.net.flow.TrafficTreatment;
import org.onosproject.net.packet.DefaultOutboundPacket;
import org.onosproject.net.packet.InboundPacket;
import org.onosproject.net.packet.OutboundPacket;
import org.onosproject.net.packet.PacketContext;
-import org.onosproject.net.packet.PacketPriority;
import org.onosproject.net.packet.PacketProcessor;
import org.onosproject.net.packet.PacketService;
import org.onosproject.openstacknetworking.api.Constants;
import org.onosproject.openstacknetworking.api.InstancePort;
import org.onosproject.openstacknetworking.api.InstancePortService;
-import org.onosproject.openstacknetworking.api.OpenstackRouterService;
import org.onosproject.openstacknetworking.api.OpenstackNetworkService;
import org.onosproject.openstacknode.api.OpenstackNode;
-import org.onosproject.openstacknode.api.OpenstackNodeEvent;
-import org.onosproject.openstacknode.api.OpenstackNodeListener;
import org.onosproject.openstacknode.api.OpenstackNodeService;
+import org.onosproject.openstacknetworking.api.OpenstackRouterService;
import org.openstack4j.model.network.ExternalGateway;
import org.openstack4j.model.network.IP;
import org.openstack4j.model.network.Port;
@@ -62,7 +56,6 @@
import java.nio.ByteBuffer;
import java.util.Map;
import java.util.Objects;
-import java.util.Optional;
import java.util.Set;
import java.util.concurrent.ExecutorService;
import java.util.stream.Collectors;
@@ -95,9 +88,6 @@
protected PacketService packetService;
@Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
- protected MastershipService mastershipService;
-
- @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
protected OpenstackNodeService osNodeService;
@Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
@@ -111,8 +101,7 @@
private final ExecutorService eventExecutor = newSingleThreadExecutor(
groupedThreads(this.getClass().getSimpleName(), "event-handler", log));
- private final PacketProcessor packetProcessor = new InternalPacketProcessor();
- private final OpenstackNodeListener osNodeListener = new InternalNodeListener();
+ private final InternalPacketProcessor packetProcessor = new InternalPacketProcessor();
private final Map<String, InstancePort> icmpInfoMap = Maps.newHashMap();
private ApplicationId appId;
@@ -121,8 +110,6 @@
protected void activate() {
appId = coreService.registerApplication(OPENSTACK_NETWORKING_APP_ID);
packetService.addProcessor(packetProcessor, PacketProcessor.director(1));
- osNodeService.addListener(osNodeListener);
- requestPacket(appId);
log.info("Started");
}
@@ -130,28 +117,11 @@
@Deactivate
protected void deactivate() {
packetService.removeProcessor(packetProcessor);
- osNodeService.removeListener(osNodeListener);
eventExecutor.shutdown();
log.info("Stopped");
}
- private void requestPacket(ApplicationId appId) {
- TrafficSelector icmpSelector = DefaultTrafficSelector.builder()
- .matchEthType(Ethernet.TYPE_IPV4)
- .matchIPProtocol(IPv4.PROTOCOL_ICMP)
- .build();
-
- osNodeService.completeNodes(GATEWAY).forEach(gNode -> {
- packetService.requestPackets(
- icmpSelector,
- PacketPriority.CONTROL,
- appId,
- Optional.of(gNode.intgBridge()));
- log.debug("Requested ICMP packet to {}", gNode.intgBridge());
- });
- }
-
private void processIcmpPacket(PacketContext context, Ethernet ethernet) {
IPv4 ipPacket = (IPv4) ethernet.getPayload();
ICMP icmp = (ICMP) ipPacket.getPayload();
@@ -406,37 +376,4 @@
}
}
}
-
- private class InternalNodeListener implements OpenstackNodeListener {
-
- @Override
- public boolean isRelevant(OpenstackNodeEvent event) {
- // do not proceed without mastership
- OpenstackNode osNode = event.subject();
- return mastershipService.isLocalMaster(osNode.intgBridge());
- }
-
- @Override
- public void event(OpenstackNodeEvent event) {
- OpenstackNode osNode = event.subject();
-
- switch (event.type()) {
- case OPENSTACK_NODE_COMPLETE:
- if (osNode.type() == GATEWAY) {
- log.info("GATEWAY node {} detected", osNode.hostname());
- eventExecutor.execute(() -> {
- requestPacket(appId);
- });
- }
- break;
- case OPENSTACK_NODE_CREATED:
- case OPENSTACK_NODE_UPDATED:
- case OPENSTACK_NODE_REMOVED:
- case OPENSTACK_NODE_INCOMPLETE:
- default:
- // do nothing
- break;
- }
- }
- }
}
diff --git a/apps/openstacknetworking/src/main/java/org/onosproject/openstacknetworking/impl/RulePopulatorUtil.java b/apps/openstacknetworking/src/main/java/org/onosproject/openstacknetworking/impl/RulePopulatorUtil.java
index 8e27762..fb42dfb 100644
--- a/apps/openstacknetworking/src/main/java/org/onosproject/openstacknetworking/impl/RulePopulatorUtil.java
+++ b/apps/openstacknetworking/src/main/java/org/onosproject/openstacknetworking/impl/RulePopulatorUtil.java
@@ -16,14 +16,30 @@
package org.onosproject.openstacknetworking.impl;
import org.onlab.packet.Ip4Address;
+import org.onlab.packet.IpAddress;
+import org.onosproject.core.ApplicationId;
import org.onosproject.net.Device;
import org.onosproject.net.DeviceId;
+import org.onosproject.net.behaviour.ExtensionSelectorResolver;
import org.onosproject.net.behaviour.ExtensionTreatmentResolver;
import org.onosproject.net.device.DeviceService;
import org.onosproject.net.flow.instructions.ExtensionPropertyException;
import org.onosproject.net.flow.instructions.ExtensionTreatment;
+import org.onosproject.net.driver.DriverHandler;
+import org.onosproject.net.driver.DriverService;
+import org.onosproject.net.flow.TrafficSelector;
+import org.onosproject.net.flow.TrafficTreatment;
+import org.onosproject.net.flow.criteria.ExtensionSelector;
+import org.onosproject.net.flow.criteria.ExtensionSelectorType;
+import org.onosproject.net.flow.instructions.ExtensionTreatmentType;
+import org.onosproject.net.flowobjective.DefaultForwardingObjective;
+import org.onosproject.net.flowobjective.FlowObjectiveService;
+import org.onosproject.net.flowobjective.ForwardingObjective;
import org.slf4j.Logger;
+import java.util.ArrayList;
+import java.util.List;
+
import static org.onosproject.net.flow.instructions.ExtensionTreatmentType.ExtensionTreatmentTypes.NICIRA_SET_TUNNEL_DST;
import static org.slf4j.LoggerFactory.getLogger;
@@ -35,11 +51,43 @@
protected static final Logger log = getLogger(RulePopulatorUtil.class);
private static final String TUNNEL_DST = "tunnelDst";
+ private static final String CT_FLAGS = "flags";
+ private static final String CT_ZONE = "zone";
+ private static final String CT_TABLE = "recircTable";
+ private static final String CT = "niciraCt";
+ private static final String CT_STATE = "ctState";
+ private static final String CT_STATE_MASK = "ctStateMask";
+ private static final String CT_PRESENT_FLAGS = "presentFlags";
+ private static final String CT_IPADDRESS_MIN = "ipAddressMin";
+ private static final String CT_IPADDRESS_MAX = "ipAddressMax";
+
+ private static final int ADDRESS_MIN_FLAG = 0;
+ private static final int ADDRESS_MAX_FLAG = 1;
+ private static final int PORT_MIN_FLAG = 2;
+ private static final int PORT_MAX_FLAG = 3;
+
+ // Refer to http://openvswitch.org/support/dist-docs/ovs-fields.7.txt for the values
+ public static final long CT_STATE_NONE = 0;
+ public static final long CT_STATE_NEW = 0x01;
+ public static final long CT_STATE_EST = 0x02;
+ public static final long CT_STATE_NOT_TRK = 0x20;
+ public static final long CT_STATE_TRK = 0x20;
private RulePopulatorUtil() {
}
/**
+ * Returns a builder for OVS Connection Tracking feature actions.
+ *
+ * @param ds DriverService
+ * @param id DeviceId
+ * @return a builder for OVS Connection Tracking feature actions
+ */
+ public static NiriraConnTrackTreatmentBuilder niciraConnTrackTreatmentBuilder(DriverService ds, DeviceId id) {
+ return new NiriraConnTrackTreatmentBuilder(ds, id);
+ }
+
+ /**
* Returns tunnel destination extension treatment object.
*
* @param deviceService driver service
@@ -51,13 +99,11 @@
DeviceId deviceId,
Ip4Address remoteIp) {
Device device = deviceService.getDevice(deviceId);
- if (device == null) {
- return null;
- }
- if (!device.is(ExtensionTreatmentResolver.class)) {
+ if (device != null && !device.is(ExtensionTreatmentResolver.class)) {
log.error("The extension treatment is not supported");
return null;
}
+
ExtensionTreatmentResolver resolver = device.as(ExtensionTreatmentResolver.class);
ExtensionTreatment treatment = resolver.getExtensionInstruction(NICIRA_SET_TUNNEL_DST.type());
try {
@@ -68,4 +114,256 @@
return null;
}
}
+
+ /**
+ * Builds OVS ConnTrack matches.
+ *
+ * @param driverService driver service
+ * @param deviceId device ID
+ * @param ctState connection tracking sate masking value
+ * @param ctSateMask connection tracking sate masking value
+ * @return OVS ConnTrack extension match
+ */
+ public static ExtensionSelector buildCtExtensionSelector(DriverService driverService, DeviceId deviceId,
+ long ctState, long ctSateMask) {
+ DriverHandler handler = driverService.createHandler(deviceId);
+ ExtensionSelectorResolver esr = handler.behaviour(ExtensionSelectorResolver.class);
+
+ ExtensionSelector extensionSelector = esr.getExtensionSelector(
+ ExtensionSelectorType.ExtensionSelectorTypes.NICIRA_MATCH_CONNTRACK_STATE.type());
+ try {
+ extensionSelector.setPropertyValue(CT_STATE, ctState);
+ extensionSelector.setPropertyValue(CT_STATE_MASK, ctSateMask);
+ } catch (Exception e) {
+ log.error("Failed to set nicira match CT state");
+ return null;
+ }
+
+ return extensionSelector;
+ }
+
+ /**
+ * Adds flow rules with the supplied information.
+ *
+ * @param flowObjectiveService flow objective service
+ * @param appId application id
+ * @param deviceId device id to remove this flow rule
+ * @param selector traffic selector
+ * @param treatment traffic treatment
+ * @param flag flag
+ * @param priority priority
+ * @param install populate flows if true, remove them otherwise
+ */
+ public static void setRule(FlowObjectiveService flowObjectiveService,
+ ApplicationId appId,
+ DeviceId deviceId,
+ TrafficSelector selector,
+ TrafficTreatment treatment,
+ ForwardingObjective.Flag flag,
+ int priority,
+ boolean install) {
+ ForwardingObjective.Builder foBuilder = DefaultForwardingObjective.builder()
+ .withSelector(selector)
+ .withTreatment(treatment)
+ .withFlag(flag)
+ .withPriority(priority)
+ .fromApp(appId);
+
+ if (install) {
+ flowObjectiveService.forward(deviceId, foBuilder.add());
+ } else {
+ flowObjectiveService.forward(deviceId, foBuilder.remove());
+ }
+ }
+
+ /**
+ * Computes ConnTack State flag values.
+ *
+ * @param isTracking true for +trk, false for -trk
+ * @param isNew true for +new, false for nothing
+ * @param isEstablished true for +est, false for nothing
+ * @return ConnTrack State flags
+ */
+ public static long computeCtStateFlag(boolean isTracking, boolean isNew, boolean isEstablished) {
+ long ctMaskFlag = 0x00;
+
+ if (isTracking) {
+ ctMaskFlag = ctMaskFlag | CT_STATE_TRK;
+ }
+
+ if (isNew) {
+ ctMaskFlag = ctMaskFlag | CT_STATE_TRK;
+ ctMaskFlag = ctMaskFlag | CT_STATE_NEW;
+ }
+
+ if (isEstablished) {
+ ctMaskFlag = ctMaskFlag | CT_STATE_TRK;
+ ctMaskFlag = ctMaskFlag | CT_STATE_EST;
+ }
+
+ return ctMaskFlag;
+ }
+
+ /**
+ * Computes ConnTrack State mask values.
+ *
+ * @param isTracking true for setting +trk/-trk value, false for otherwise
+ * @param isNew true for setting +new value, false for otherwise
+ * @param isEstablished true for setting +est value, false for otherwise
+ * @return ConnTrack State Mask value
+ */
+ public static long computeCtMaskFlag(boolean isTracking, boolean isNew, boolean isEstablished) {
+ long ctMaskFlag = 0x00;
+
+ if (isTracking) {
+ ctMaskFlag = ctMaskFlag | CT_STATE_TRK;
+ }
+
+ if (isNew) {
+ ctMaskFlag = ctMaskFlag | CT_STATE_TRK;
+ ctMaskFlag = ctMaskFlag | CT_STATE_NEW;
+ }
+
+ if (isEstablished) {
+ ctMaskFlag = ctMaskFlag | CT_STATE_TRK;
+ ctMaskFlag = ctMaskFlag | CT_STATE_EST;
+ }
+
+ return ctMaskFlag;
+ }
+
+ /**
+ * Builder class for OVS Connection Tracking feature actions.
+ */
+ public static final class NiriraConnTrackTreatmentBuilder {
+
+ private DriverService driverService;
+ private DeviceId deviceId;
+ private IpAddress natAddress = null;
+ private int zone;
+ private boolean commit;
+ private short table = -1;
+ private boolean natAction;
+
+
+ private NiriraConnTrackTreatmentBuilder(DriverService driverService, DeviceId deviceId) {
+ this.driverService = driverService;
+ this.deviceId = deviceId;
+ }
+
+ /**
+ * Sets commit flag.
+ *
+ * @param c true if commit, false if not.
+ * @return NiriraConnTrackTreatmentBuilder object
+ */
+ public NiriraConnTrackTreatmentBuilder commit(boolean c) {
+ this.commit = c;
+ return this;
+ }
+
+ /**
+ * Sets zone number.
+ *
+ * @param z zone number
+ * @return NiriraConnTrackTreatmentBuilder object
+ */
+ public NiriraConnTrackTreatmentBuilder zone(int z) {
+ this.zone = z;
+ return this;
+ }
+
+ /**
+ * Sets recirculation table number.
+ *
+ * @param t table number to restart
+ * @return NiriraConnTrackTreatmentBuilder object
+ */
+ public NiriraConnTrackTreatmentBuilder table(short t) {
+ this.table = t;
+ return this;
+ }
+
+ /**
+ * Sets IP address for NAT.
+ *
+ * @param ip NAT IP address
+ * @return NiriraConnTrackTreatmentBuilder object
+ */
+ public NiriraConnTrackTreatmentBuilder natIp(IpAddress ip) {
+ this.natAddress = ip;
+ return this;
+ }
+
+ /**
+ * Sets the flag for NAT action.
+ *
+ * @param nat nat action is included if true, no nat action otherwise
+ * @return NiriraConnTrackTreatmentBuilder object
+ */
+ public NiriraConnTrackTreatmentBuilder natAction(boolean nat) {
+ this.natAction = nat;
+ return this;
+ }
+
+ /**
+ * Builds extension treatment for OVS ConnTack and NAT feature.
+ *
+ * @return ExtensionTreatment object
+ */
+ public ExtensionTreatment build() {
+ DriverHandler handler = driverService.createHandler(deviceId);
+ ExtensionTreatmentResolver etr = handler.behaviour(ExtensionTreatmentResolver.class);
+
+ ExtensionTreatment natTreatment
+ = etr.getExtensionInstruction(ExtensionTreatmentType.ExtensionTreatmentTypes.NICIRA_NAT.type());
+ try {
+ if (natAddress != null) {
+ natTreatment.setPropertyValue(CT_FLAGS, 1);
+ natTreatment.setPropertyValue(CT_PRESENT_FLAGS, buildPresentFlag(false, true));
+ natTreatment.setPropertyValue(CT_IPADDRESS_MIN, natAddress);
+ natTreatment.setPropertyValue(CT_IPADDRESS_MAX, natAddress);
+ } else {
+ natTreatment.setPropertyValue(CT_FLAGS, 0);
+ natTreatment.setPropertyValue(CT_PRESENT_FLAGS, 0);
+ }
+ } catch (Exception e) {
+ log.error("Failed to set NAT due to error : {}", e.getMessage());
+ return null;
+ }
+
+ ExtensionTreatment ctTreatment
+ = etr.getExtensionInstruction(ExtensionTreatmentType.ExtensionTreatmentTypes.NICIRA_CT.type());
+ try {
+ List<ExtensionTreatment> nat = new ArrayList<>();
+ if (natAction) {
+ nat.add(natTreatment);
+ }
+ ctTreatment.setPropertyValue(CT_FLAGS, commit ? 1 : 0);
+ ctTreatment.setPropertyValue(CT_ZONE, zone);
+ ctTreatment.setPropertyValue(CT_TABLE, table > -1 ? table : 0xff);
+ ctTreatment.setPropertyValue("nestedActions", nat);
+ } catch (Exception e) {
+ log.error("Failed to set CT due to error : {}", e.getMessage());
+ return null;
+ }
+
+ return ctTreatment;
+ }
+
+ private int buildPresentFlag(boolean isPortPresent, boolean isAddressPresent) {
+
+ int presentFlag = 0;
+
+ if (isPortPresent) {
+ presentFlag = presentFlag | 1 << PORT_MIN_FLAG | 1 << PORT_MAX_FLAG;
+ }
+
+ if (isAddressPresent) {
+ presentFlag = 1 << ADDRESS_MIN_FLAG | 1 << ADDRESS_MAX_FLAG;
+ }
+
+ return presentFlag;
+ }
+ }
}