Fix: do not install unnecessary rules for stateful SNAT case
Change-Id: I4493db87193982e5d02f77711bca96ba4f7daa69
diff --git a/apps/openstacknetworking/app/src/main/java/org/onosproject/openstacknetworking/impl/OpenstackRoutingHandler.java b/apps/openstacknetworking/app/src/main/java/org/onosproject/openstacknetworking/impl/OpenstackRoutingHandler.java
index 96a2c5b..0e2b46b 100644
--- a/apps/openstacknetworking/app/src/main/java/org/onosproject/openstacknetworking/impl/OpenstackRoutingHandler.java
+++ b/apps/openstacknetworking/app/src/main/java/org/onosproject/openstacknetworking/impl/OpenstackRoutingHandler.java
@@ -22,6 +22,8 @@
import org.onlab.packet.IpAddress;
import org.onlab.packet.IpPrefix;
import org.onlab.packet.VlanId;
+import org.onosproject.cfg.ComponentConfigService;
+import org.onosproject.cfg.ConfigProperty;
import org.onosproject.cluster.ClusterService;
import org.onosproject.cluster.LeadershipService;
import org.onosproject.cluster.NodeId;
@@ -65,6 +67,7 @@
import static java.util.concurrent.Executors.newSingleThreadScheduledExecutor;
import static org.onlab.util.Tools.groupedThreads;
+import static org.onosproject.openstacknetworking.api.Constants.ARP_BROADCAST_MODE;
import static org.onosproject.openstacknetworking.api.Constants.OPENSTACK_NETWORKING_APP_ID;
import static org.onosproject.openstacknetworking.api.Constants.PRIORITY_ADMIN_RULE;
import static org.onosproject.openstacknetworking.api.Constants.PRIORITY_ICMP_RULE;
@@ -72,10 +75,10 @@
import static org.onosproject.openstacknetworking.api.Constants.PRIORITY_SWITCHING_RULE;
import static org.onosproject.openstacknetworking.api.Constants.ROUTING_TABLE;
import static org.onosproject.openstacknetworking.api.Constants.STAT_OUTBOUND_TABLE;
-import static org.onosproject.openstacknetworking.api.OpenstackNetwork.Type.GENEVE;
-import static org.onosproject.openstacknetworking.api.OpenstackNetwork.Type.GRE;
-import static org.onosproject.openstacknetworking.api.OpenstackNetwork.Type.VLAN;
-import static org.onosproject.openstacknetworking.api.OpenstackNetwork.Type.VXLAN;
+import static org.onosproject.openstacknetworking.impl.OsgiPropertyConstants.ARP_MODE;
+import static org.onosproject.openstacknetworking.impl.OsgiPropertyConstants.USE_STATEFUL_SNAT;
+import static org.onosproject.openstacknetworking.util.OpenstackNetworkingUtil.getPropertyValue;
+import static org.onosproject.openstacknetworking.util.OpenstackNetworkingUtil.getPropertyValueAsBoolean;
import static org.onosproject.openstacknetworking.util.OpenstackNetworkingUtil.tunnelPortNumByNetType;
import static org.onosproject.openstacknetworking.util.RulePopulatorUtil.buildExtension;
import static org.onosproject.openstacknode.api.OpenstackNode.NodeType.COMPUTE;
@@ -103,6 +106,9 @@
protected ClusterService clusterService;
@Reference(cardinality = ReferenceCardinality.MANDATORY)
+ protected ComponentConfigService configService;
+
+ @Reference(cardinality = ReferenceCardinality.MANDATORY)
protected OpenstackNodeService osNodeService;
@Reference(cardinality = ReferenceCardinality.MANDATORY)
@@ -191,7 +197,7 @@
}
setInternalRoutes(osRouter, osSubnet, true);
- setGatewayIcmp(osSubnet, osRouter, true);
+ setGatewayRules(osSubnet, osRouter, true);
log.info("Connected subnet({}) to {}", osSubnet.getCidr(), osRouter.getName());
}
@@ -212,11 +218,11 @@
}
setInternalRoutes(osRouter, osSubnet, false);
- setGatewayIcmp(osSubnet, osRouter, false);
+ setGatewayRules(osSubnet, osRouter, false);
log.info("Disconnected subnet({}) from {}", osSubnet.getCidr(), osRouter.getName());
}
- private void setGatewayIcmp(Subnet osSubnet, Router osRouter, boolean install) {
+ private void setGatewayRules(Subnet osSubnet, Router osRouter, boolean install) {
OpenstackNode srcNatGw = osNodeService.completeNodes(GATEWAY)
.stream().findFirst().orElse(null);
@@ -229,107 +235,33 @@
return;
}
- // take ICMP request to a subnet gateway through gateway node group
Network net = osNetworkAdminService.network(osSubnet.getNetworkId());
Type netType = osNetworkAdminService.networkType(osSubnet.getNetworkId());
Set<Subnet> routableSubnets = routableSubnets(osRouter, osSubnet.getId());
- switch (netType) {
- case VXLAN:
- setGatewayIcmpForVxlan(osSubnet, srcNatGw, net, routableSubnets, install);
- break;
- case GRE:
- setGatewayIcmpForGre(osSubnet, srcNatGw, net, routableSubnets, install);
- break;
- case GENEVE:
- setGatewayIcmpForGeneve(osSubnet, srcNatGw, net, routableSubnets, install);
- break;
- case VLAN:
- setGatewayIcmpForVlan(osSubnet, srcNatGw, net, routableSubnets, install);
- break;
- default:
- final String error = String.format("%s %s", ERR_UNSUPPORTED_NET_TYPE,
- netType.toString());
- throw new IllegalStateException(error);
+ // install rules to each compute node for routing IP packets to gateways
+ osNodeService.completeNodes(COMPUTE).stream()
+ .filter(cNode -> cNode.dataIp() != null)
+ .forEach(cNode -> setRulesToGatewayWithRoutableSubnets(
+ cNode,
+ srcNatGw,
+ net.getProviderSegID(),
+ osSubnet,
+ routableSubnets,
+ netType,
+ install));
+
+ if (!getStatefulSnatFlag()) {
+ // install rules to punt ICMP packets to controller at gateway node
+ // this rule is only valid for stateless ICMP SNAT case
+ osNodeService.completeNodes(GATEWAY).forEach(gNode ->
+ setReactiveGatewayIcmpRule(
+ IpAddress.valueOf(osSubnet.getGateway()),
+ gNode.intgBridge(), install));
}
- IpAddress gatewayIp = IpAddress.valueOf(osSubnet.getGateway());
- osNodeService.completeNodes(GATEWAY).forEach(gNode ->
- setGatewayIcmpRule(
- gatewayIp,
- gNode.intgBridge(),
- install));
-
final String updateStr = install ? MSG_ENABLED : MSG_DISABLED;
- log.debug(updateStr + "ICMP to {}", osSubnet.getGateway());
- }
-
- private void setGatewayIcmpForVxlan(Subnet osSubnet,
- OpenstackNode srcNatGw,
- Network network,
- Set<Subnet> routableSubnets,
- boolean install) {
- osNodeService.completeNodes(COMPUTE).stream()
- .filter(cNode -> cNode.dataIp() != null)
- .forEach(cNode -> setRulesToGatewayWithRoutableSubnets(
- cNode,
- srcNatGw,
- network.getProviderSegID(),
- osSubnet,
- routableSubnets,
- VXLAN,
- install));
- }
-
- private void setGatewayIcmpForGre(Subnet osSubnet,
- OpenstackNode srcNatGw,
- Network network,
- Set<Subnet> routableSubnets,
- boolean install) {
- osNodeService.completeNodes(COMPUTE).stream()
- .filter(cNode -> cNode.dataIp() != null)
- .forEach(cNode -> setRulesToGatewayWithRoutableSubnets(
- cNode,
- srcNatGw,
- network.getProviderSegID(),
- osSubnet,
- routableSubnets,
- GRE,
- install));
- }
-
- private void setGatewayIcmpForGeneve(Subnet osSubnet,
- OpenstackNode srcNatGw,
- Network network,
- Set<Subnet> routableSubnets,
- boolean install) {
- osNodeService.completeNodes(COMPUTE).stream()
- .filter(cNode -> cNode.dataIp() != null)
- .forEach(cNode -> setRulesToGatewayWithRoutableSubnets(
- cNode,
- srcNatGw,
- network.getProviderSegID(),
- osSubnet,
- routableSubnets,
- GENEVE,
- install));
- }
-
- private void setGatewayIcmpForVlan(Subnet osSubnet,
- OpenstackNode srcNatGw,
- Network network,
- Set<Subnet> routableSubnets,
- boolean install) {
- osNodeService.completeNodes(COMPUTE).stream()
- .filter(cNode -> cNode.vlanPortNum() != null)
- .forEach(cNode -> setRulesToGatewayWithRoutableSubnets(
- cNode,
- srcNatGw,
- network.getProviderSegID(),
- osSubnet,
- routableSubnets,
- VLAN,
- install));
+ log.debug(updateStr + "IP to {}", osSubnet.getGateway());
}
private void setInternalRoutes(Router osRouter, Subnet updatedSubnet, boolean install) {
@@ -393,7 +325,17 @@
return osNetworkAdminService.network(osSubnet.getNetworkId()).getProviderSegID();
}
- private void setGatewayIcmpRule(IpAddress gatewayIp, DeviceId deviceId, boolean install) {
+ private boolean getStatefulSnatFlag() {
+ Set<ConfigProperty> properties = configService.getProperties(OpenstackRoutingSnatHandler.class.getName());
+ return getPropertyValueAsBoolean(properties, USE_STATEFUL_SNAT);
+ }
+
+ private String getArpMode() {
+ Set<ConfigProperty> properties = configService.getProperties(OpenstackRoutingArpHandler.class.getName());
+ return getPropertyValue(properties, ARP_MODE);
+ }
+
+ private void setReactiveGatewayIcmpRule(IpAddress gatewayIp, DeviceId deviceId, boolean install) {
TrafficSelector selector = DefaultTrafficSelector.builder()
.matchEthType(Ethernet.TYPE_IPV4)
.matchIPProtocol(IPv4.PROTOCOL_ICMP)
@@ -546,7 +488,12 @@
Set<Subnet> routableSubnets,
Type networkType,
boolean install) {
- //At first we install flow rules to gateway with segId and gatewayIp of updated subnet
+
+ if (getStatefulSnatFlag() && ARP_BROADCAST_MODE.equals(getArpMode())) {
+ return;
+ }
+
+ // at first we install flow rules to gateway with segId and gatewayIp of updated subnet
setRulesToGatewayWithDstIp(osNode, sourceNatGateway, segmentId,
IpAddress.valueOf(updatedSubnet.getGateway()), networkType, install);
diff --git a/apps/openstacknetworking/app/src/main/java/org/onosproject/openstacknetworking/impl/OpenstackRoutingSnatHandler.java b/apps/openstacknetworking/app/src/main/java/org/onosproject/openstacknetworking/impl/OpenstackRoutingSnatHandler.java
index 212db1a..081c9bd 100644
--- a/apps/openstacknetworking/app/src/main/java/org/onosproject/openstacknetworking/impl/OpenstackRoutingSnatHandler.java
+++ b/apps/openstacknetworking/app/src/main/java/org/onosproject/openstacknetworking/impl/OpenstackRoutingSnatHandler.java
@@ -271,6 +271,11 @@
}
private void processSnatPacket(PacketContext context, Ethernet eth) {
+
+ if (useStatefulSnat) {
+ return;
+ }
+
IPv4 iPacket = (IPv4) eth.getPayload();
InboundPacket packetIn = context.inPacket();
@@ -822,7 +827,7 @@
String netId = osNetworkAdminService.subnet(routerIface.getSubnetId()).getNetworkId();
Map<OpenstackNode, PortRange> gwPortRangeMap = getAssignedPortsForGateway(
- ImmutableList.copyOf(osNodeService.completeNodes(GATEWAY)));
+ ImmutableList.copyOf(osNodeService.nodes(GATEWAY)));
osNodeService.completeNodes(GATEWAY)
.forEach(gwNode -> {
diff --git a/apps/openstacknetworking/app/src/main/java/org/onosproject/openstacknetworking/impl/OpenstackRoutingIcmpHandler.java b/apps/openstacknetworking/app/src/main/java/org/onosproject/openstacknetworking/impl/OpenstackRoutingSnatIcmpHandler.java
similarity index 95%
rename from apps/openstacknetworking/app/src/main/java/org/onosproject/openstacknetworking/impl/OpenstackRoutingIcmpHandler.java
rename to apps/openstacknetworking/app/src/main/java/org/onosproject/openstacknetworking/impl/OpenstackRoutingSnatIcmpHandler.java
index 977fe36..1e4d002 100644
--- a/apps/openstacknetworking/app/src/main/java/org/onosproject/openstacknetworking/impl/OpenstackRoutingIcmpHandler.java
+++ b/apps/openstacknetworking/app/src/main/java/org/onosproject/openstacknetworking/impl/OpenstackRoutingSnatIcmpHandler.java
@@ -24,6 +24,8 @@
import org.onlab.packet.MacAddress;
import org.onlab.packet.VlanId;
import org.onlab.util.KryoNamespace;
+import org.onosproject.cfg.ComponentConfigService;
+import org.onosproject.cfg.ConfigProperty;
import org.onosproject.cluster.ClusterService;
import org.onosproject.cluster.LeadershipService;
import org.onosproject.cluster.NodeId;
@@ -82,8 +84,10 @@
import static org.onosproject.openstacknetworking.api.Constants.GW_COMMON_TABLE;
import static org.onosproject.openstacknetworking.api.Constants.OPENSTACK_NETWORKING_APP_ID;
import static org.onosproject.openstacknetworking.api.Constants.PRIORITY_INTERNAL_ROUTING_RULE;
+import static org.onosproject.openstacknetworking.impl.OsgiPropertyConstants.USE_STATEFUL_SNAT;
import static org.onosproject.openstacknetworking.util.OpenstackNetworkingUtil.externalIpFromSubnet;
import static org.onosproject.openstacknetworking.util.OpenstackNetworkingUtil.externalPeerRouterFromSubnet;
+import static org.onosproject.openstacknetworking.util.OpenstackNetworkingUtil.getPropertyValueAsBoolean;
import static org.onosproject.openstacknode.api.OpenstackNode.NodeType.GATEWAY;
import static org.slf4j.LoggerFactory.getLogger;
@@ -95,7 +99,7 @@
* external connectivity.
*/
@Component(immediate = true)
-public class OpenstackRoutingIcmpHandler {
+public class OpenstackRoutingSnatIcmpHandler {
protected final Logger log = getLogger(getClass());
@@ -118,6 +122,9 @@
protected InstancePortService instancePortService;
@Reference(cardinality = ReferenceCardinality.MANDATORY)
+ protected ComponentConfigService configService;
+
+ @Reference(cardinality = ReferenceCardinality.MANDATORY)
protected OpenstackNetworkService osNetworkService;
@Reference(cardinality = ReferenceCardinality.MANDATORY)
@@ -175,10 +182,15 @@
log.info("Stopped");
}
+ private boolean getStatefulSnatFlag() {
+ Set<ConfigProperty> properties = configService.getProperties(OpenstackRoutingSnatHandler.class.getName());
+ return getPropertyValueAsBoolean(properties, USE_STATEFUL_SNAT);
+ }
+
private class InternalNodeEventListener implements OpenstackNodeListener {
@Override
public boolean isRelevant(OpenstackNodeEvent event) {
- return event.subject().type() == GATEWAY;
+ return event.subject().type() == GATEWAY && !getStatefulSnatFlag();
}
private boolean isRelevantHelper() {
@@ -253,6 +265,10 @@
return;
}
+ if (getStatefulSnatFlag()) {
+ return;
+ }
+
InboundPacket pkt = context.inPacket();
Ethernet ethernet = pkt.parsed();
if (ethernet == null || ethernet.getEtherType() != Ethernet.TYPE_IPV4) {
@@ -515,6 +531,7 @@
switch (osNetworkService.networkType(netId)) {
case VXLAN:
case GRE:
+ case GENEVE:
tBuilder.setTunnelId(Long.valueOf(segId));
break;
case VLAN:
@@ -536,5 +553,4 @@
return ((ICMPEcho) icmp.getPayload()).getIdentifier();
}
}
-
}
diff --git a/apps/openstacknetworking/app/src/main/java/org/onosproject/openstacknetworking/impl/OpenstackSwitchingHandler.java b/apps/openstacknetworking/app/src/main/java/org/onosproject/openstacknetworking/impl/OpenstackSwitchingHandler.java
index 71dbe5a..b1d69bf 100644
--- a/apps/openstacknetworking/app/src/main/java/org/onosproject/openstacknetworking/impl/OpenstackSwitchingHandler.java
+++ b/apps/openstacknetworking/app/src/main/java/org/onosproject/openstacknetworking/impl/OpenstackSwitchingHandler.java
@@ -117,7 +117,6 @@
protected ComponentConfigService configService;
@Reference(cardinality = ReferenceCardinality.MANDATORY)
-
protected LeadershipService leadershipService;
@Reference(cardinality = ReferenceCardinality.MANDATORY)
diff --git a/apps/openstacknetworking/app/src/main/java/org/onosproject/openstacknetworking/impl/OpenstackSwitchingIcmpHandler.java b/apps/openstacknetworking/app/src/main/java/org/onosproject/openstacknetworking/impl/OpenstackSwitchingIcmpHandler.java
new file mode 100644
index 0000000..3f8a362
--- /dev/null
+++ b/apps/openstacknetworking/app/src/main/java/org/onosproject/openstacknetworking/impl/OpenstackSwitchingIcmpHandler.java
@@ -0,0 +1,324 @@
+/*
+ * Copyright 2019-present Open Networking Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.onosproject.openstacknetworking.impl;
+
+import com.google.common.collect.ImmutableSet;
+import org.onlab.packet.Ethernet;
+import org.onlab.packet.IPv4;
+import org.onlab.packet.IpAddress;
+import org.onlab.packet.VlanId;
+import org.onosproject.cfg.ComponentConfigService;
+import org.onosproject.cfg.ConfigProperty;
+import org.onosproject.cluster.ClusterService;
+import org.onosproject.cluster.LeadershipService;
+import org.onosproject.cluster.NodeId;
+import org.onosproject.core.ApplicationId;
+import org.onosproject.core.CoreService;
+import org.onosproject.mastership.MastershipService;
+import org.onosproject.net.Device;
+import org.onosproject.net.PortNumber;
+import org.onosproject.net.device.DeviceService;
+import org.onosproject.net.driver.DriverService;
+import org.onosproject.net.flow.DefaultTrafficSelector;
+import org.onosproject.net.flow.DefaultTrafficTreatment;
+import org.onosproject.net.flow.TrafficSelector;
+import org.onosproject.net.flow.TrafficTreatment;
+import org.onosproject.openstacknetworking.api.OpenstackFlowRuleService;
+import org.onosproject.openstacknetworking.api.OpenstackNetwork.Type;
+import org.onosproject.openstacknetworking.api.OpenstackNetworkService;
+import org.onosproject.openstacknetworking.api.OpenstackRouterEvent;
+import org.onosproject.openstacknetworking.api.OpenstackRouterListener;
+import org.onosproject.openstacknetworking.api.OpenstackRouterService;
+import org.onosproject.openstacknode.api.OpenstackNode;
+import org.onosproject.openstacknode.api.OpenstackNodeEvent;
+import org.onosproject.openstacknode.api.OpenstackNodeListener;
+import org.onosproject.openstacknode.api.OpenstackNodeService;
+import org.openstack4j.model.network.Router;
+import org.openstack4j.model.network.RouterInterface;
+import org.openstack4j.model.network.Subnet;
+import org.osgi.service.component.annotations.Activate;
+import org.osgi.service.component.annotations.Component;
+import org.osgi.service.component.annotations.Deactivate;
+import org.osgi.service.component.annotations.Reference;
+import org.osgi.service.component.annotations.ReferenceCardinality;
+import org.slf4j.Logger;
+
+import java.util.Objects;
+import java.util.Set;
+import java.util.concurrent.ExecutorService;
+import java.util.stream.Collectors;
+
+import static java.util.concurrent.Executors.newSingleThreadExecutor;
+import static org.onlab.packet.ICMP.CODE_ECHO_REQEUST;
+import static org.onlab.packet.ICMP.TYPE_ECHO_REPLY;
+import static org.onlab.packet.ICMP.TYPE_ECHO_REQUEST;
+import static org.onlab.util.Tools.groupedThreads;
+import static org.onosproject.openstacknetworking.api.Constants.DEFAULT_GATEWAY_MAC;
+import static org.onosproject.openstacknetworking.api.Constants.OPENSTACK_NETWORKING_APP_ID;
+import static org.onosproject.openstacknetworking.api.Constants.PRIORITY_ICMP_RULE;
+import static org.onosproject.openstacknetworking.api.Constants.ROUTING_TABLE;
+import static org.onosproject.openstacknetworking.impl.OsgiPropertyConstants.USE_STATEFUL_SNAT;
+import static org.onosproject.openstacknetworking.util.OpenstackNetworkingUtil.getPropertyValueAsBoolean;
+import static org.onosproject.openstacknetworking.util.RulePopulatorUtil.NXM_NX_IP_TTL;
+import static org.onosproject.openstacknetworking.util.RulePopulatorUtil.NXM_OF_ICMP_TYPE;
+import static org.onosproject.openstacknetworking.util.RulePopulatorUtil.buildLoadExtension;
+import static org.onosproject.openstacknetworking.util.RulePopulatorUtil.buildMoveEthSrcToDstExtension;
+import static org.onosproject.openstacknetworking.util.RulePopulatorUtil.buildMoveIpSrcToDstExtension;
+import static org.onosproject.openstacknode.api.OpenstackNode.NodeType.COMPUTE;
+import static org.slf4j.LoggerFactory.getLogger;
+
+/**
+ * Populates the ICMP flow rules for providing connectivity with gateways.
+ */
+@Component(immediate = true)
+public class OpenstackSwitchingIcmpHandler {
+
+ private final Logger log = getLogger(getClass());
+
+ private static final int DEFAULT_TTL = 0xff;
+
+ @Reference(cardinality = ReferenceCardinality.MANDATORY)
+ protected CoreService coreService;
+
+ @Reference(cardinality = ReferenceCardinality.MANDATORY)
+ protected MastershipService mastershipService;
+
+ @Reference(cardinality = ReferenceCardinality.MANDATORY)
+ protected DeviceService deviceService;
+
+ @Reference(cardinality = ReferenceCardinality.MANDATORY)
+ protected DriverService driverService;
+
+ @Reference(cardinality = ReferenceCardinality.MANDATORY)
+ protected ClusterService clusterService;
+
+ @Reference(cardinality = ReferenceCardinality.MANDATORY)
+ protected ComponentConfigService configService;
+
+ @Reference(cardinality = ReferenceCardinality.MANDATORY)
+ protected LeadershipService leadershipService;
+
+ @Reference(cardinality = ReferenceCardinality.MANDATORY)
+ protected OpenstackNodeService osNodeService;
+
+ @Reference(cardinality = ReferenceCardinality.MANDATORY)
+ protected OpenstackNetworkService osNetworkService;
+
+ @Reference(cardinality = ReferenceCardinality.MANDATORY)
+ protected OpenstackFlowRuleService osFlowRuleService;
+
+ @Reference(cardinality = ReferenceCardinality.MANDATORY)
+ protected OpenstackRouterService osRouterService;
+
+ private final ExecutorService eventExecutor = newSingleThreadExecutor(
+ groupedThreads(this.getClass().getSimpleName(), "event-handler"));
+ private final OpenstackRouterListener osRouterListener = new InternalRouterEventListener();
+ private final OpenstackNodeListener osNodeListener = new InternalNodeEventListener();
+
+ private ApplicationId appId;
+ private NodeId localNodeId;
+
+ @Activate
+ protected void activate() {
+ appId = coreService.registerApplication(OPENSTACK_NETWORKING_APP_ID);
+ localNodeId = clusterService.getLocalNode().id();
+ osRouterService.addListener(osRouterListener);
+ osNodeService.addListener(osNodeListener);
+
+ log.info("Started");
+ }
+
+ @Deactivate
+ protected void deactivate() {
+ osRouterService.removeListener(osRouterListener);
+ osNodeService.removeListener(osNodeListener);
+ eventExecutor.shutdown();
+
+ log.info("Stopped");
+ }
+
+ private boolean getStatefulSnatFlag() {
+ Set<ConfigProperty> properties =
+ configService.getProperties(OpenstackRoutingSnatHandler.class.getName());
+ return getPropertyValueAsBoolean(properties, USE_STATEFUL_SNAT);
+ }
+
+ private void processRouterIntfEvent(Router osRouter, RouterInterface routerIface, boolean install) {
+ if (!getStatefulSnatFlag()) {
+ return;
+ }
+
+ Subnet osSubnet = osNetworkService.subnet(routerIface.getSubnetId());
+ Type netType = osNetworkService.networkType(osSubnet.getNetworkId());
+ String segId = osNetworkService.segmentId(osSubnet.getNetworkId());
+ IpAddress gatewayIp = IpAddress.valueOf(osSubnet.getGateway());
+ Set<Subnet> routableSubnets = routableSubnets(osRouter, osSubnet.getId());
+
+ osNodeService.completeNodes(COMPUTE).stream()
+ .filter(cNode -> cNode.dataIp() != null)
+ .forEach(cNode -> setRoutableSubnetsIcmpRules(
+ cNode, segId, routableSubnets, gatewayIp, netType, install));
+ }
+
+ private void setRoutableSubnetsIcmpRules(OpenstackNode osNode,
+ String segmentId,
+ Set<Subnet> routableSubnets,
+ IpAddress gatewayIp,
+ Type networkType,
+ boolean install) {
+ setGatewayIcmpReplyRule(osNode, segmentId, gatewayIp, networkType, install);
+
+ routableSubnets.forEach(subnet -> {
+ setGatewayIcmpReplyRule(osNode, segmentId,
+ IpAddress.valueOf(subnet.getGateway()), networkType, install);
+ });
+ }
+
+ private Set<Subnet> routableSubnets(Router osRouter, String osSubnetId) {
+ Set<Subnet> osSubnets = osRouterService.routerInterfaces(osRouter.getId())
+ .stream()
+ .filter(iface -> !Objects.equals(iface.getSubnetId(), osSubnetId))
+ .map(iface -> osNetworkService.subnet(iface.getSubnetId()))
+ .collect(Collectors.toSet());
+ return ImmutableSet.copyOf(osSubnets);
+ }
+
+ private void setGatewayIcmpReplyRule(OpenstackNode osNode,
+ String segmentId,
+ IpAddress gatewayIp,
+ Type networkType,
+ boolean install) {
+ TrafficSelector.Builder sBuilder = DefaultTrafficSelector.builder()
+ .matchEthType(Ethernet.TYPE_IPV4)
+ .matchIPProtocol(IPv4.PROTOCOL_ICMP)
+ .matchIcmpType(TYPE_ECHO_REQUEST)
+ .matchIcmpCode(CODE_ECHO_REQEUST)
+ .matchIPDst(gatewayIp.getIp4Address().toIpPrefix());
+
+ switch (networkType) {
+ case VXLAN:
+ case GRE:
+ case GENEVE:
+ sBuilder.matchTunnelId(Long.parseLong(segmentId));
+ break;
+ case VLAN:
+ sBuilder.matchVlanId(VlanId.vlanId(segmentId));
+ break;
+ default:
+ break;
+ }
+
+ Device device = deviceService.getDevice(osNode.intgBridge());
+ TrafficTreatment.Builder tBuilder = DefaultTrafficTreatment.builder()
+ .extension(buildMoveEthSrcToDstExtension(device), device.id())
+ .extension(buildMoveIpSrcToDstExtension(device), device.id())
+ .extension(buildLoadExtension(device, NXM_NX_IP_TTL, DEFAULT_TTL), device.id())
+ .extension(buildLoadExtension(device, NXM_OF_ICMP_TYPE, TYPE_ECHO_REPLY), device.id())
+ .setIpSrc(gatewayIp)
+ .setEthSrc(DEFAULT_GATEWAY_MAC)
+ .setOutput(PortNumber.IN_PORT);
+
+ osFlowRuleService.setRule(
+ appId,
+ osNode.intgBridge(),
+ sBuilder.build(),
+ tBuilder.build(),
+ PRIORITY_ICMP_RULE,
+ ROUTING_TABLE,
+ install);
+ }
+
+ private class InternalRouterEventListener implements OpenstackRouterListener {
+ private boolean isRelevantHelper() {
+ return Objects.equals(localNodeId, leadershipService.getLeader(appId.name()));
+ }
+
+ @Override
+ public void event(OpenstackRouterEvent event) {
+ switch (event.type()) {
+ case OPENSTACK_ROUTER_INTERFACE_ADDED:
+ eventExecutor.execute(() -> processRouterIntfCreation(event));
+ break;
+ case OPENSTACK_ROUTER_INTERFACE_REMOVED:
+ eventExecutor.execute(() -> processRouterIntfRemoval(event));
+ break;
+ default:
+ // do nothing for the other events
+ break;
+ }
+ }
+
+ private void processRouterIntfCreation(OpenstackRouterEvent event) {
+ if (!isRelevantHelper()) {
+ return;
+ }
+
+ log.debug("Router interface {} added to router {}",
+ event.routerIface().getPortId(),
+ event.routerIface().getId());
+
+ processRouterIntfEvent(event.subject(), event.routerIface(), true);
+ }
+
+ private void processRouterIntfRemoval(OpenstackRouterEvent event) {
+ if (!isRelevantHelper()) {
+ return;
+ }
+
+ log.debug("Router interface {} removed from router {}",
+ event.routerIface().getPortId(),
+ event.routerIface().getId());
+
+ processRouterIntfEvent(event.subject(), event.routerIface(), false);
+ }
+ }
+
+ private class InternalNodeEventListener implements OpenstackNodeListener {
+
+ private boolean isRelevantHelper() {
+ return Objects.equals(localNodeId, leadershipService.getLeader(appId.name()));
+ }
+
+ @Override
+ public void event(OpenstackNodeEvent event) {
+ OpenstackNode osNode = event.subject();
+ switch (event.type()) {
+ case OPENSTACK_NODE_COMPLETE:
+ case OPENSTACK_NODE_INCOMPLETE:
+ case OPENSTACK_NODE_UPDATED:
+ case OPENSTACK_NODE_REMOVED:
+ eventExecutor.execute(() -> {
+ if (!isRelevantHelper()) {
+ return;
+ }
+ reconfigureRouters(osNode);
+ });
+ break;
+ default:
+ break;
+ }
+ }
+
+ private void reconfigureRouters(OpenstackNode osNode) {
+ osRouterService.routers().forEach(osRouter -> {
+ osRouterService.routerInterfaces(osRouter.getId()).forEach(iface -> {
+ processRouterIntfEvent(osRouter, iface, true);
+ });
+ });
+ log.info("Reconfigure routers for {}", osNode.hostname());
+ }
+ }
+}