Gitiles
Code Review Sign In
gerrit.onosproject.org / onos / 0bc7fdbbe4eadbea03b4680174b1aee1077ffde5 / . / apps / openstacknetworking / src / main / java / org / onosproject / openstacknetworking / impl / OpenstackRoutingSnatHandler.java
blob: a1a1899663e93aabf8dd694148a7045c2088d0e8 [file] [log] [blame]
Hyunsun Moon44aac662017-02-18 02:07:01 +0900[diff] [blame]1/*
2 * Copyright 2016-present Open Networking Laboratory
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16package org.onosproject.openstacknetworking.impl;
17
18import org.apache.felix.scr.annotations.Activate;
19import org.apache.felix.scr.annotations.Component;
20import org.apache.felix.scr.annotations.Deactivate;
21import org.apache.felix.scr.annotations.Reference;
22import org.apache.felix.scr.annotations.ReferenceCardinality;
23import org.onlab.packet.Ethernet;
24import org.onlab.packet.IPv4;
25import org.onlab.packet.IpAddress;
26import org.onlab.packet.IpPrefix;
27import org.onlab.packet.MacAddress;
28import org.onlab.packet.TCP;
29import org.onlab.packet.TpPort;
30import org.onlab.packet.UDP;
31import org.onlab.util.KryoNamespace;
32import org.onosproject.core.ApplicationId;
33import org.onosproject.core.CoreService;
34import org.onosproject.net.DeviceId;
35import org.onosproject.net.device.DeviceService;
36import org.onosproject.net.flow.DefaultTrafficSelector;
37import org.onosproject.net.flow.DefaultTrafficTreatment;
38import org.onosproject.net.flow.TrafficSelector;
39import org.onosproject.net.flow.TrafficTreatment;
40import org.onosproject.net.flowobjective.DefaultForwardingObjective;
41import org.onosproject.net.flowobjective.FlowObjectiveService;
42import org.onosproject.net.flowobjective.ForwardingObjective;
43import org.onosproject.net.packet.DefaultOutboundPacket;
44import org.onosproject.net.packet.InboundPacket;
45import org.onosproject.net.packet.PacketContext;
46import org.onosproject.net.packet.PacketProcessor;
47import org.onosproject.net.packet.PacketService;
48import org.onosproject.openstacknetworking.api.InstancePort;
49import org.onosproject.openstacknetworking.api.InstancePortService;
50import org.onosproject.openstacknetworking.api.OpenstackRouterService;
51import org.onosproject.openstacknetworking.api.OpenstackNetworkService;
52import org.onosproject.openstacknode.OpenstackNodeService;
53import org.onosproject.scalablegateway.api.ScalableGatewayService;
54import org.onosproject.store.serializers.KryoNamespaces;
55import org.onosproject.store.service.ConsistentMap;
daniel park0bc7fdb2017-03-13 14:20:08 +0900[diff] [blame^]56import org.onosproject.store.service.DistributedSet;
Hyunsun Moon44aac662017-02-18 02:07:01 +0900[diff] [blame]57import org.onosproject.store.service.Serializer;
58import org.onosproject.store.service.StorageService;
59import org.openstack4j.model.network.ExternalGateway;
60import org.openstack4j.model.network.IP;
61import org.openstack4j.model.network.Network;
62import org.openstack4j.model.network.Port;
63import org.openstack4j.model.network.Router;
64import org.openstack4j.model.network.RouterInterface;
65import org.openstack4j.model.network.Subnet;
66import org.slf4j.Logger;
67
68import java.nio.ByteBuffer;
69import java.util.Objects;
70import java.util.concurrent.ExecutorService;
71
72import static java.util.concurrent.Executors.newSingleThreadExecutor;
73import static org.onlab.util.Tools.groupedThreads;
74import static org.onosproject.openstacknetworking.api.Constants.*;
75import static org.slf4j.LoggerFactory.getLogger;
76
77/**
78 * Handle packets needs SNAT.
79 */
80@Component(immediate = true)
81public class OpenstackRoutingSnatHandler {
82
83 private final Logger log = getLogger(getClass());
84
85 private static final String ERR_PACKETIN = "Failed to handle packet in: ";
86 private static final int TIME_OUT_SNAT_RULE = 120;
daniel park0bc7fdb2017-03-13 14:20:08 +0900[diff] [blame^]87 private static final long TIME_OUT_SNAT_PORT_MS = 120 * 1000;
Hyunsun Moon44aac662017-02-18 02:07:01 +0900[diff] [blame]88 private static final int TP_PORT_MINIMUM_NUM = 1024;
89 private static final int TP_PORT_MAXIMUM_NUM = 65535;
90
91 private static final KryoNamespace.Builder NUMBER_SERIALIZER = KryoNamespace.newBuilder()
92 .register(KryoNamespaces.API);
93
94 @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
95 protected CoreService coreService;
96
97 @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
98 protected PacketService packetService;
99
100 @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
101 protected StorageService storageService;
102
103 @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
104 protected FlowObjectiveService flowObjectiveService;
105
106 @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
107 protected DeviceService deviceService;
108
109 @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
110 protected InstancePortService instancePortService;
111
112 @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
113 protected OpenstackNodeService osNodeService;
114
115 @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
116 protected OpenstackNetworkService osNetworkService;
117
118 @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
119 protected OpenstackRouterService osRouterService;
120
121 @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
122 protected ScalableGatewayService gatewayService;
123
124 private final ExecutorService eventExecutor = newSingleThreadExecutor(
125 groupedThreads(this.getClass().getSimpleName(), "event-handler", log));
126 private final InternalPacketProcessor packetProcessor = new InternalPacketProcessor();
127
daniel park0bc7fdb2017-03-13 14:20:08 +0900[diff] [blame^]128 private ConsistentMap<Integer, Long> allocatedPortNumMap;
129 private DistributedSet<Integer> unUsedPortNumSet;
Hyunsun Moon44aac662017-02-18 02:07:01 +0900[diff] [blame]130 private ApplicationId appId;
131
132 @Activate
133 protected void activate() {
134 appId = coreService.registerApplication(OPENSTACK_NETWORKING_APP_ID);
daniel park0bc7fdb2017-03-13 14:20:08 +0900[diff] [blame^]135
136 allocatedPortNumMap = storageService.<Integer, Long>consistentMapBuilder()
Hyunsun Moon44aac662017-02-18 02:07:01 +0900[diff] [blame]137 .withSerializer(Serializer.using(NUMBER_SERIALIZER.build()))
daniel park0bc7fdb2017-03-13 14:20:08 +0900[diff] [blame^]138 .withName("openstackrouting-allocatedportnummap")
Hyunsun Moon44aac662017-02-18 02:07:01 +0900[diff] [blame]139 .withApplicationId(appId)
140 .build();
141
daniel park0bc7fdb2017-03-13 14:20:08 +0900[diff] [blame^]142 unUsedPortNumSet = storageService.<Integer>setBuilder()
143 .withName("openstackrouting-unusedportnumset")
144 .withSerializer(Serializer.using(KryoNamespaces.API))
145 .build()
146 .asDistributedSet();
147
148 initializeUnusedPortNumSet();
149
Hyunsun Moon44aac662017-02-18 02:07:01 +0900[diff] [blame]150 packetService.addProcessor(packetProcessor, PacketProcessor.director(1));
151 log.info("Started");
152 }
153
daniel park0bc7fdb2017-03-13 14:20:08 +0900[diff] [blame^]154 private void initializeUnusedPortNumSet() {
155 for (int i = TP_PORT_MINIMUM_NUM; i < TP_PORT_MAXIMUM_NUM; i++) {
156 if (!allocatedPortNumMap.containsKey(Integer.valueOf(i))) {
157 unUsedPortNumSet.add(Integer.valueOf(i));
158 }
159 }
160
161 clearPortNumMap();
162 }
163
Hyunsun Moon44aac662017-02-18 02:07:01 +0900[diff] [blame]164 @Deactivate
165 protected void deactivate() {
166 packetService.removeProcessor(packetProcessor);
167 eventExecutor.shutdown();
168 log.info("Stopped");
169 }
170
171 private void processSnatPacket(PacketContext context, Ethernet eth) {
172 IPv4 iPacket = (IPv4) eth.getPayload();
173 InboundPacket packetIn = context.inPacket();
174
175 int patPort = getPortNum(eth.getSourceMAC(),
176 iPacket.getDestinationAddress());
177
178 InstancePort srcInstPort = instancePortService.instancePort(eth.getSourceMAC());
179 if (srcInstPort == null) {
180 log.trace(ERR_PACKETIN + "source host(MAC:{}) does not exist",
181 eth.getSourceMAC());
182 return;
183 }
184 IpAddress srcIp = IpAddress.valueOf(iPacket.getSourceAddress());
185 Subnet srcSubnet = getSourceSubnet(srcInstPort, srcIp);
186 IpAddress externalGatewayIp = getExternalIp(srcSubnet);
187 if (externalGatewayIp == null) {
188 return;
189 }
daniel park0bc7fdb2017-03-13 14:20:08 +0900[diff] [blame^]190 if (patPort == 0) {
191 log.error("There's no unused port for external ip {}... Drop this packet",
192 getExternalIp(srcSubnet));
193 return;
194 }
Hyunsun Moon44aac662017-02-18 02:07:01 +0900[diff] [blame]195
196 populateSnatFlowRules(context.inPacket(),
197 srcInstPort,
198 TpPort.tpPort(patPort),
199 externalGatewayIp);
200
201 packetOut((Ethernet) eth.clone(),
202 packetIn.receivedFrom().deviceId(),
203 patPort,
204 externalGatewayIp);
205 }
206
207 private Subnet getSourceSubnet(InstancePort instance, IpAddress srcIp) {
208 Port osPort = osNetworkService.port(instance.portId());
209 IP fixedIp = osPort.getFixedIps().stream()
210 .filter(ip -> IpAddress.valueOf(ip.getIpAddress()).equals(srcIp))
211 .findAny().orElse(null);
212 if (fixedIp == null) {
213 return null;
214 }
215 return osNetworkService.subnet(fixedIp.getSubnetId());
216 }
217
218 private IpAddress getExternalIp(Subnet srcSubnet) {
219 RouterInterface osRouterIface = osRouterService.routerInterfaces().stream()
220 .filter(i -> Objects.equals(i.getSubnetId(), srcSubnet.getId()))
221 .findAny().orElse(null);
222 if (osRouterIface == null) {
223 // this subnet is not connected to the router
224 log.trace(ERR_PACKETIN + "source subnet(ID:{}, CIDR:{}) has no router",
225 srcSubnet.getId(), srcSubnet.getCidr());
226 return null;
227 }
228
229 Router osRouter = osRouterService.router(osRouterIface.getId());
230 if (osRouter.getExternalGatewayInfo() == null) {
231 // this router does not have external connectivity
232 log.trace(ERR_PACKETIN + "router({}) has no external gateway",
233 osRouter.getName());
234 return null;
235 }
236
237 ExternalGateway exGatewayInfo = osRouter.getExternalGatewayInfo();
238 if (!exGatewayInfo.isEnableSnat()) {
239 // SNAT is disabled in this router
240 log.trace(ERR_PACKETIN + "router({}) SNAT is disabled", osRouter.getName());
241 return null;
242 }
243
244 // TODO fix openstack4j for ExternalGateway provides external fixed IP list
245 Port exGatewayPort = osNetworkService.ports(exGatewayInfo.getNetworkId())
246 .stream()
247 .filter(port -> Objects.equals(port.getDeviceId(), osRouter.getId()))
248 .findAny().orElse(null);
249 if (exGatewayPort == null) {
250 log.trace(ERR_PACKETIN + "no external gateway port for router({})",
251 osRouter.getName());
252 return null;
253 }
254
255 return IpAddress.valueOf(exGatewayPort.getFixedIps().stream()
256 .findFirst().get().getIpAddress());
257 }
258
259 private void populateSnatFlowRules(InboundPacket packetIn, InstancePort srcInstPort,
260 TpPort patPort, IpAddress externalIp) {
261 Network osNet = osNetworkService.network(srcInstPort.networkId());
262 if (osNet == null) {
263 final String error = String.format(ERR_PACKETIN + "network %s not found",
264 srcInstPort.networkId());
265 throw new IllegalStateException(error);
266 }
267
268 setDownstreamRules(srcInstPort,
269 Long.parseLong(osNet.getProviderSegID()),
270 externalIp,
271 patPort,
272 packetIn);
273
274 setUpstreamRules(Long.parseLong(osNet.getProviderSegID()),
275 externalIp,
276 patPort,
277 packetIn);
278 }
279
280 private void setDownstreamRules(InstancePort srcInstPort, Long srcVni,
281 IpAddress externalIp, TpPort patPort,
282 InboundPacket packetIn) {
283 IPv4 iPacket = (IPv4) packetIn.parsed().getPayload();
284 IpAddress internalIp = IpAddress.valueOf(iPacket.getSourceAddress());
285
286 TrafficSelector.Builder sBuilder = DefaultTrafficSelector.builder()
287 .matchEthType(Ethernet.TYPE_IPV4)
288 .matchIPProtocol(iPacket.getProtocol())
289 .matchIPDst(IpPrefix.valueOf(externalIp, 32))
290 .matchIPSrc(IpPrefix.valueOf(iPacket.getDestinationAddress(), 32));
291
292 TrafficTreatment.Builder tBuilder = DefaultTrafficTreatment.builder()
293 .setTunnelId(srcVni)
294 .setEthDst(packetIn.parsed().getSourceMAC())
295 .setIpDst(internalIp);
296
297 switch (iPacket.getProtocol()) {
298 case IPv4.PROTOCOL_TCP:
299 TCP tcpPacket = (TCP) iPacket.getPayload();
300 sBuilder.matchTcpSrc(TpPort.tpPort(tcpPacket.getDestinationPort()))
301 .matchTcpDst(patPort);
302 tBuilder.setTcpDst(TpPort.tpPort(tcpPacket.getSourcePort()));
303 break;
304 case IPv4.PROTOCOL_UDP:
305 UDP udpPacket = (UDP) iPacket.getPayload();
306 sBuilder.matchUdpSrc(TpPort.tpPort(udpPacket.getDestinationPort()))
307 .matchUdpDst(patPort);
308 tBuilder.setUdpDst(TpPort.tpPort(udpPacket.getSourcePort()));
309 break;
310 default:
311 break;
312 }
313
314 gatewayService.getGatewayDeviceIds().forEach(deviceId -> {
315 DeviceId srcDeviceId = srcInstPort.deviceId();
316 TrafficTreatment.Builder tmpBuilder =
317 DefaultTrafficTreatment.builder(tBuilder.build());
318 tmpBuilder.extension(RulePopulatorUtil.buildExtension(
319 deviceService,
320 deviceId,
321 osNodeService.dataIp(srcDeviceId).get().getIp4Address()), deviceId)
322 .setOutput(osNodeService.tunnelPort(deviceId).get());
323
324 ForwardingObjective fo = DefaultForwardingObjective.builder()
325 .withSelector(sBuilder.build())
326 .withTreatment(tmpBuilder.build())
327 .withFlag(ForwardingObjective.Flag.VERSATILE)
328 .withPriority(PRIORITY_SNAT_RULE)
329 .makeTemporary(TIME_OUT_SNAT_RULE)
330 .fromApp(appId)
331 .add();
332
333 flowObjectiveService.forward(deviceId, fo);
334 });
335 }
336
337 private void setUpstreamRules(Long srcVni, IpAddress externalIp, TpPort patPort,
338 InboundPacket packetIn) {
339 IPv4 iPacket = (IPv4) packetIn.parsed().getPayload();
340 TrafficSelector.Builder sBuilder = DefaultTrafficSelector.builder()
341 .matchEthType(Ethernet.TYPE_IPV4)
342 .matchIPProtocol(iPacket.getProtocol())
343 .matchTunnelId(srcVni)
344 .matchIPSrc(IpPrefix.valueOf(iPacket.getSourceAddress(), 32))
345 .matchIPDst(IpPrefix.valueOf(iPacket.getDestinationAddress(), 32));
346
347 TrafficTreatment.Builder tBuilder = DefaultTrafficTreatment.builder();
348 switch (iPacket.getProtocol()) {
349 case IPv4.PROTOCOL_TCP:
350 TCP tcpPacket = (TCP) iPacket.getPayload();
351 sBuilder.matchTcpSrc(TpPort.tpPort(tcpPacket.getSourcePort()))
352 .matchTcpDst(TpPort.tpPort(tcpPacket.getDestinationPort()));
353 tBuilder.setTcpSrc(patPort)
354 .setEthDst(DEFAULT_EXTERNAL_ROUTER_MAC);
355 break;
356 case IPv4.PROTOCOL_UDP:
357 UDP udpPacket = (UDP) iPacket.getPayload();
358 sBuilder.matchUdpSrc(TpPort.tpPort(udpPacket.getSourcePort()))
359 .matchUdpDst(TpPort.tpPort(udpPacket.getDestinationPort()));
360 tBuilder.setUdpSrc(patPort)
361 .setEthDst(DEFAULT_EXTERNAL_ROUTER_MAC);
362
363 break;
364 default:
365 log.debug("Unsupported IPv4 protocol {}");
366 break;
367 }
368
369 tBuilder.setIpSrc(externalIp);
370 gatewayService.getGatewayDeviceIds().forEach(deviceId -> {
371 TrafficTreatment.Builder tmpBuilder =
372 DefaultTrafficTreatment.builder(tBuilder.build());
373 tmpBuilder.setOutput(gatewayService.getUplinkPort(deviceId));
374 ForwardingObjective fo = DefaultForwardingObjective.builder()
375 .withSelector(sBuilder.build())
376 .withTreatment(tmpBuilder.build())
377 .withFlag(ForwardingObjective.Flag.VERSATILE)
378 .withPriority(PRIORITY_SNAT_RULE)
379 .makeTemporary(TIME_OUT_SNAT_RULE)
380 .fromApp(appId)
381 .add();
382
383 flowObjectiveService.forward(deviceId, fo);
384 });
385 }
386
387 private void packetOut(Ethernet ethPacketIn, DeviceId srcDevice, int patPort,
388 IpAddress externalIp) {
389 IPv4 iPacket = (IPv4) ethPacketIn.getPayload();
390
391 switch (iPacket.getProtocol()) {
392 case IPv4.PROTOCOL_TCP:
393 TCP tcpPacket = (TCP) iPacket.getPayload();
394 tcpPacket.setSourcePort(patPort);
395 tcpPacket.resetChecksum();
396 tcpPacket.setParent(iPacket);
397 iPacket.setPayload(tcpPacket);
398 break;
399 case IPv4.PROTOCOL_UDP:
400 UDP udpPacket = (UDP) iPacket.getPayload();
401 udpPacket.setSourcePort(patPort);
402 udpPacket.resetChecksum();
403 udpPacket.setParent(iPacket);
404 iPacket.setPayload(udpPacket);
405 break;
406 default:
407 log.trace("Temporally, this method can process UDP and TCP protocol.");
408 return;
409 }
410
411 iPacket.setSourceAddress(externalIp.toString());
412 iPacket.resetChecksum();
413 iPacket.setParent(ethPacketIn);
414 ethPacketIn.setDestinationMACAddress(DEFAULT_EXTERNAL_ROUTER_MAC);
415 ethPacketIn.setPayload(iPacket);
416
417 TrafficTreatment treatment = DefaultTrafficTreatment.builder()
418 .setOutput(gatewayService.getUplinkPort(srcDevice))
419 .build();
420 ethPacketIn.resetChecksum();
421 packetService.emit(new DefaultOutboundPacket(
422 srcDevice,
423 treatment,
424 ByteBuffer.wrap(ethPacketIn.serialize())));
425 }
426
427 private int getPortNum(MacAddress sourceMac, int destinationAddress) {
daniel park0bc7fdb2017-03-13 14:20:08 +0900[diff] [blame^]428 if (unUsedPortNumSet.isEmpty()) {
Hyunsun Moon44aac662017-02-18 02:07:01 +0900[diff] [blame]429 clearPortNumMap();
Hyunsun Moon44aac662017-02-18 02:07:01 +0900[diff] [blame]430 }
daniel park0bc7fdb2017-03-13 14:20:08 +0900[diff] [blame^]431
432 int portNum = findUnusedPortNum();
433
434 if (portNum != 0) {
435 unUsedPortNumSet.remove(Integer.valueOf(portNum));
436 allocatedPortNumMap
437 .put(Integer.valueOf(portNum), Long.valueOf(System.currentTimeMillis()));
438 }
439
Hyunsun Moon44aac662017-02-18 02:07:01 +0900[diff] [blame]440 return portNum;
441 }
442
443 private int findUnusedPortNum() {
daniel park0bc7fdb2017-03-13 14:20:08 +0900[diff] [blame^]444 return unUsedPortNumSet.stream().findAny().orElse(Integer.valueOf(0)).intValue();
Hyunsun Moon44aac662017-02-18 02:07:01 +0900[diff] [blame]445 }
446
447 private void clearPortNumMap() {
daniel park0bc7fdb2017-03-13 14:20:08 +0900[diff] [blame^]448 allocatedPortNumMap.entrySet().forEach(e -> {
449 if (System.currentTimeMillis() - e.getValue().value().longValue() > TIME_OUT_SNAT_PORT_MS) {
450 allocatedPortNumMap.remove(e.getKey());
451 unUsedPortNumSet.add(e.getKey());
Hyunsun Moon44aac662017-02-18 02:07:01 +0900[diff] [blame]452 }
453 });
454 }
455
456 private class InternalPacketProcessor implements PacketProcessor {
457
458 @Override
459 public void process(PacketContext context) {
460 if (context.isHandled()) {
461 return;
462 } else if (!gatewayService.getGatewayDeviceIds().contains(
463 context.inPacket().receivedFrom().deviceId())) {
464 // return if the packet is not from gateway nodes
465 return;
466 }
467
468 InboundPacket pkt = context.inPacket();
469 Ethernet eth = pkt.parsed();
470 if (eth == null || eth.getEtherType() == Ethernet.TYPE_ARP) {
471 return;
472 }
473
474 IPv4 iPacket = (IPv4) eth.getPayload();
475 switch (iPacket.getProtocol()) {
476 case IPv4.PROTOCOL_ICMP:
477 break;
478 case IPv4.PROTOCOL_UDP:
479 UDP udpPacket = (UDP) iPacket.getPayload();
480 if (udpPacket.getDestinationPort() == UDP.DHCP_SERVER_PORT &&
481 udpPacket.getSourcePort() == UDP.DHCP_CLIENT_PORT) {
482 // don't process DHCP
483 break;
484 }
485 default:
486 eventExecutor.execute(() -> processSnatPacket(context, eth));
487 break;
488 }
489 }
490 }
491}