Ejemplo n.º 1
0
 def add_ether_type_term(self, ff, ether_type_match):
     if not ether_type_match:
         return None
     term = Term()
     from_ = From()
     term.set_from(from_)
     term.set_name("ether-type")
     from_.set_ether_type(ether_type_match.lower())
     term.set_then(Then(accept_or_reject=True))
     ff.add_terms(term)
Ejemplo n.º 2
0
 def add_dns_dhcp_terms(self, ff):
     port_list = [67, 68, 53]
     term = Term()
     term.set_name("allow-dns-dhcp")
     from_ = From()
     from_.set_ip_protocol("udp")
     term.set_from(from_)
     for port in port_list:
         from_.add_source_ports(str(port))
     term.set_then(Then(accept_or_reject=True))
     ff.add_terms(term)
Ejemplo n.º 3
0
    def _add_routing_instance(self, ri_conf):
        gevent.idle()
        ri_name = ri_conf.get("ri_name")
        vn = ri_conf.get("vn")
        is_l2 = ri_conf.get("is_l2", False)
        is_l2_l3 = ri_conf.get("is_l2_l3", False)
        import_targets = ri_conf.get("import_targets", set())
        export_targets = ri_conf.get("export_targets", set())
        prefixes = ri_conf.get("prefixes") or []
        gateways = ri_conf.get("gateways") or []
        router_external = ri_conf.get("router_external", False)
        interfaces = ri_conf.get("interfaces", [])
        vni = ri_conf.get("vni", None)
        fip_map = ri_conf.get("fip_map", None)
        network_id = ri_conf.get("network_id", None)
        is_internal_vn = True if '_contrail_lr_internal_vn_' in vn.name \
            else False
        encapsulation_priorities = ri_conf.get("encapsulation_priorities") or [
            "MPLSoGRE"
        ]
        highest_encapsulation = encapsulation_priorities[0]

        ri = RoutingInstance(name=ri_name)
        is_master_int_vn = False
        if vn:
            is_nat = True if fip_map else False
            ri.set_comment(
                DMUtils.vn_ri_comment(vn, is_l2, is_l2_l3, is_nat,
                                      router_external))
            if is_internal_vn:
                lr_uuid = DMUtils.extract_lr_uuid_from_internal_vn_name(
                    ri_name)
            else:
                if vn.logical_router is None:
                    # try updating logical router to handle DM restart
                    # vn.logical_router could be none as sequencing of
                    # locate object calls in device_manager.py
                    vn.set_logical_router(vn.fq_name[-1])
                lr_uuid = vn.logical_router
            if lr_uuid:
                lr = LogicalRouterDM.get(lr_uuid)
                if lr:
                    is_master_int_vn = lr.is_master
                    if is_internal_vn:
                        # set description only for interval VN/VRF
                        ri.set_description("__contrail_%s_%s" %
                                           (lr.name, lr_uuid))
            ri.set_is_master(is_master_int_vn)

        ri.set_virtual_network_id(str(network_id))
        ri.set_vxlan_id(str(vni))
        ri.set_virtual_network_is_internal(is_internal_vn)
        ri.set_is_public_network(router_external)
        if is_l2_l3:
            ri.set_virtual_network_mode('l2-l3')
        elif is_l2:
            ri.set_virtual_network_mode('l2')
            if highest_encapsulation == "VXLAN":
                ri.set_routing_instance_type("virtual-switch")
            elif highest_encapsulation in ["MPLSoGRE", "MPLSoUDP"]:
                ri.set_routing_instance_type("evpn")
        else:
            ri.set_virtual_network_mode('l3')

        if not is_l2:
            ri.set_routing_instance_type("vrf")
            if fip_map is None and (router_external or not is_internal_vn):
                # add RI prefixes for dc-gateway
                self._add_ri_prefixes(vn, router_external, interfaces,
                                      prefixes, ri)

        if ri.get_routing_instance_type() != 'virtual-switch' and \
                ri.get_virtual_network_mode() != 'l2':
            self.ri_map[ri_name] = ri

        # add irb physical interface and irb vni gateway settings for l2_l3
        if self._is_gateway() and is_l2_l3 and not is_internal_vn:
            __, li_map = self._add_or_lookup_pi(self.pi_map, 'irb', 'irb')
            intf_unit = self._add_or_lookup_li(li_map,
                                               'irb.' + str(network_id),
                                               network_id)
            if len(gateways) > 0:
                if vn.has_ipv6_subnet is True:
                    intf_unit.set_is_virtual_router(True)
                intf_unit.set_comment(
                    DMUtils.vn_irb_comment(vn, False, is_l2_l3,
                                           router_external))
                for (irb_ip, gateway) in gateways:
                    if len(gateway) and gateway != '0.0.0.0':
                        intf_unit.set_gateway(gateway)
                        self._add_ip_address(intf_unit,
                                             irb_ip,
                                             gateway=gateway)
                    else:
                        self._add_ip_address(intf_unit, irb_ip)
            if (is_l2 and vni is not None
                    and self._is_evpn(self._physical_router)):
                irb_name = 'irb.' + str(network_id)
                self._add_ref_to_list(ri.get_routing_interfaces(), irb_name)

        # add firewall config for public VRF
        if router_external and is_l2 is False:
            self._add_ri_vrf_firewall_config(prefixes, ri)

        # add firewall config for DCI Network
        if fip_map is not None:
            self._add_ref_to_list(ri.get_interfaces(), interfaces[0].name)
            self.firewall_config = self.firewall_config or Firewall(
                comment=DMUtils.firewall_comment())
            f = FirewallFilter(
                name=DMUtils.make_private_vrf_filter_name(ri_name))
            f.set_comment(DMUtils.vn_firewall_comment(vn, "private"))
            self.firewall_config.add_firewall_filters(f)

            term = Term(name=DMUtils.make_vrf_term_name(ri_name))
            from_ = From()
            for fip_user_ip in list(fip_map.keys()):
                from_.add_source_address(
                    self._get_subnet_for_cidr(fip_user_ip))
            term.set_from(from_)
            term.set_then(Then(routing_instance=[ri_name]))
            f.add_terms(term)

            __, li_map = self._add_or_lookup_pi(self.pi_map, 'irb', 'irb')
            intf_name = 'irb.' + str(network_id)
            intf_unit = self._add_or_lookup_li(li_map, intf_name, network_id)
            intf_unit.set_comment(DMUtils.vn_irb_fip_inet_comment(vn))
            intf_unit.set_family("inet")
            intf_unit.add_firewall_filters(
                DMUtils.make_private_vrf_filter_name(ri_name))
            self._add_ref_to_list(ri.get_routing_interfaces(), intf_name)

            # fip services config
            nat_rules = NatRules(allow_overlapping_nat_pools=True,
                                 name=DMUtils.make_services_set_name(ri_name),
                                 comment=DMUtils.service_set_comment(vn))
            ri.set_nat_rules(nat_rules)
            snat_rule = NatRule(name=DMUtils.make_snat_rule_name(ri_name),
                                comment=DMUtils.service_set_nat_rule_comment(
                                    vn, "SNAT"),
                                direction="input",
                                translation_type="basic-nat44")
            snat_rule.set_comment(DMUtils.snat_rule_comment())
            nat_rules.add_rules(snat_rule)
            dnat_rule = NatRule(name=DMUtils.make_dnat_rule_name(ri_name),
                                comment=DMUtils.service_set_nat_rule_comment(
                                    vn, "DNAT"),
                                direction="output",
                                translation_type="dnat-44")
            dnat_rule.set_comment(DMUtils.dnat_rule_comment())
            nat_rules.add_rules(dnat_rule)
            nat_rules.set_inside_interface(interfaces[0].name)
            nat_rules.set_outside_interface(interfaces[1].name)

            for pip, fip_vn in list(fip_map.items()):
                fip = fip_vn["floating_ip"]
                snat_rule.add_source_addresses(self._get_subnet_for_cidr(pip))
                snat_rule.add_source_prefixes(self._get_subnet_for_cidr(fip))
                dnat_rule.add_destination_addresses(
                    self._get_subnet_for_cidr(fip))
                dnat_rule.add_destination_prefixes(
                    self._get_subnet_for_cidr(pip))
            self._add_ref_to_list(ri.get_ingress_interfaces(),
                                  interfaces[0].name)
            self._add_ref_to_list(ri.get_egress_interfaces(),
                                  interfaces[1].name)
        for target in import_targets:
            self._add_to_list(ri.get_import_targets(), target)
        for target in export_targets:
            self._add_to_list(ri.get_export_targets(), target)
Ejemplo n.º 4
0
 def add_filter_term(self, ff, name):
     term = Term()
     term.set_name(name)
     ff.add_terms(term)
     term.set_then(Then(accept_or_reject=True))
     return term