def GenerateObjects(self, node, topospec): vpc_count = 0 for p in topospec.vpc: count = max(1, getattr(p, 'count', 0)) vpc_count += count for c in range(count): obj = None if hasattr(p, "nat46"): if p.nat46 is True and not utils.IsPipelineArtemis(): continue if utils.IsReconfigInProgress(node): if getattr(p, 'id', None): obj = self.GetVpcObject(node, p.id) obj.ObjUpdate(p, clone=False) if not obj: obj = VpcObject(node, p, c, p.count) self.Objs[node].update({obj.VPCId: obj}) obj.GenerateChildren(p) if obj.IsUnderlayVPC(): EzAccessStoreClient[node].SetUnderlayVPC(obj) # Write the flow and nexthop config to agent hook file if utils.IsFlowInstallationNeeded(): self.__write_cfg(vpc_count) if utils.IsPipelineApulu(): # Associate Nexthop objects if utils.IsReconfigInProgress(node): return ipsec.encrypt_client.AssociateObjects(node) ipsec.decrypt_client.AssociateObjects(node) NhGroupClient.CreateAllocator(node) NhClient.AssociateObjects(node) NhGroupClient.AssociateObjects(node) tunnel.client.FillUnderlayNhGroups(node) route.client.FillNhGroups(node) tunnel.client.FillIpsecObjects(node) return
def GenerateObjects(self, node, topospec): def __get_port_mode(port, mode='auto'): if mode == 'switch': return topo.PortTypes.SWITCH elif mode == 'host': return topo.PortTypes.HOST if EzAccessStoreClient[node].IsHostMode(): return topo.PortTypes.SWITCH elif EzAccessStoreClient[node].IsBitwMode(): if port == UplinkPorts.UplinkPort0: return topo.PortTypes.HOST elif port == UplinkPorts.UplinkPort1: return topo.PortTypes.SWITCH return topo.PortTypes.NONE portlist = getattr(topospec, 'uplink', None) if portlist is None: return if utils.IsReconfigInProgress(node): return for spec in portlist: entryspec = spec.entry port = getattr(entryspec, 'port') mode = __get_port_mode(port, getattr(entryspec, 'mode', 'auto')) obj = PortObject(node, port, mode) self.__objs.update({obj.PortId: obj}) if obj.IsHostPort(): EzAccessStoreClient[node].SetHostPort(obj.Port) elif obj.IsSwitchPort(): EzAccessStoreClient[node].SetSwitchPort(obj.Port) return
def GenerateObjects(self, node, topospec): if utils.IsReconfigInProgress(node): return obj = DeviceObject(node, topospec.device) self.Objs[node].update({0: obj}) EzAccessStoreClient[node].SetDevice(obj) return
def GenerateObjects(self, node, topospec): if utils.IsReconfigInProgress(node): return if (hasattr(topospec, 'security_profile')): obj = SecurityProfileObject(node, topospec.security_profile) self.Objs[node].update({obj.SecurityProfileId: obj}) EzAccessStoreClient[node].SetSecurityProfile(obj) return
def AddToReconfigState(self, op): if utils.IsReconfigInProgress(self.Node): if op == 'create': self.NodeObj.ReconfigState.Created.append(self) elif op == 'update': self.NodeObj.ReconfigState.Updated.append(self) else: assert(0) return
def GenerateObjects(self, node, parent, topospec): if not utils.IsL3InterfaceSupported(): return if utils.IsReconfigInProgress(node): return iflist = getattr(topospec, 'interface', []) self.__generate_l3_uplink_interfaces(node, parent, iflist) self.__generate_loopback_interfaces(node, iflist) self.__generate_control_interfaces(node, parent, iflist) return
def GenerateHostInterfaces(self, node, topospec): if not utils.IsInterfaceSupported(): return if utils.IsReconfigInProgress(node): return if not utils.IsDol(): self.__generate_host_interfaces_iota(node, topospec) else: if hasattr(topospec, 'hostinterface'): self.__generate_host_interfaces_dol(node, topospec.hostinterface) return
def GenerateObjects(self, node, mirrorsessionspec): if not hasattr(mirrorsessionspec, 'mirror'): return if utils.IsReconfigInProgress(node): return def __add_mirror_session(spec): obj = MirrorSessionObject(node, spec) self.Objs[node].update({obj.Id: obj}) for mirror_session_spec_obj in mirrorsessionspec.mirror: __add_mirror_session(mirror_session_spec_obj) return
def RollbackAttributes(self): if utils.IsReconfigInProgress(self.Node): utils.ModifyPolicyDependency(self, True) attrlist = [ "IngV4SecurityPolicyIds", "EgV4SecurityPolicyIds", "MeterEn" ] self.RollbackMany(attrlist) utils.ModifyPolicyDependency(self, False) else: attrlist = [ "SourceGuard", "TxPolicer", "RxPolicer", "MaxSessions", "MeterEn" ] self.RollbackMany(attrlist) return
def GenerateObjects(self, node, parent, subnet_spec): if getattr(subnet_spec, 'vnic', None) == None: return def __get_mirrors(spec, attr): vnicmirror = getattr(spec, attr, None) ms = [mirrorspec.msid for mirrorspec in vnicmirror or []] return ms for spec in subnet_spec.vnic: if utils.IsReconfigInProgress(node): id = getattr(spec, 'id', None) if id: obj = self.GetVnicObject(node, id) if obj: obj.ObjUpdate(spec) else: #TODO test this rxmirror = __get_mirrors(spec, 'rxmirror') txmirror = __get_mirrors(spec, 'txmirror') obj = VnicObject(node, parent, spec, rxmirror, txmirror) self.Objs[node].update({obj.VnicId: obj}) self.__l2mapping_objs[node].update({ (obj.MACAddr.getnum(), obj.SUBNET.UUID.GetUuid(), obj.VlanId()): obj }) utils.AddToReconfigState(obj, 'create') else: for obj in list(self.Objs[node].values()): obj.ObjUpdate(spec) continue for c in range(spec.count): # Alternate src dst validations rxmirror = __get_mirrors(spec, 'rxmirror') txmirror = __get_mirrors(spec, 'txmirror') obj = VnicObject(node, parent, spec, rxmirror, txmirror) self.Objs[node].update({obj.VnicId: obj}) self.__l2mapping_objs[node].update({ (obj.MACAddr.getnum(), obj.SUBNET.UUID.GetUuid(), obj.VlanId()): obj }) return
def GenerateObjects(self, node, topospecobj): if not hasattr(topospecobj, 'policer'): return if utils.IsReconfigInProgress(node): return rxpol = [] txpol = [] for policer_spec_obj in topospecobj.policer: obj = PolicerObject(node, policer_spec_obj) self.Objs[node].update({obj.PolicerId: obj}) if (policer_spec_obj.direction == 'ingress'): rxpol.append(obj) self.rxpolicercount += 1 else: txpol.append(obj) self.txpolicercount += 1 if len(rxpol): self.rxpoliceriter[node] = utils.rrobiniter(rxpol) if len(txpol): self.txpoliceriter[node] = utils.rrobiniter(txpol) return
def GenerateObjects(self, node, parent, vpc_spec_obj): poolid = 0 for spec in vpc_spec_obj.subnet: id = getattr(spec, 'id', None) if id: obj = self.GetSubnetObject(node, id) if utils.IsReconfigInProgress(node): if obj: obj.ObjUpdate(spec) obj.GenerateChildren(node, spec) else: #TODO test this obj = SubnetObject(node, parent, spec, poolid) self.Objs[node].update({obj.SubnetId: obj}) utils.AddToReconfigState(obj, 'create') return v6prefixlen = getattr(spec, 'v6prefixlen', 0) parent.InitSubnetPefixPools(poolid, v6prefixlen, spec.v4prefixlen) for c in range(spec.count): obj = SubnetObject(node, parent, spec, poolid) self.Objs[node].update({obj.SubnetId: obj}) poolid = poolid + 1 return
def GenerateObjects(self, node): if utils.IsReconfigInProgress(node): return obj = EventObject(node) self.Objs[node] = obj
def GenerateObjects(self, node): if utils.IsReconfigInProgress(node): return self.GenerateTechSupportObjects(node)
def GenerateObjects(self, node, parent, vpc_spec_obj): vpcpeerid = parent.GetVPCPeerId() if not self.__supported: return vpcid = parent.VPCId isV4Stack = utils.IsV4Stack(parent.Stack) isV6Stack = utils.IsV6Stack(parent.Stack) and self.__v6supported self.__v4objs[node][vpcid] = dict() self.__v6objs[node][vpcid] = dict() self.__v4iter[node][vpcid] = None self.__v6iter[node][vpcid] = None if utils.IsNatSupported(): if ResmgrClient[node].RemoteInternetNonNatTunAllocator == None and \ ResmgrClient[node].RemoteInternetNatTunAllocator == None: logger.info( "Skipping route creation as there are no Internet tunnels") return def __get_adjacent_routes(base, count): routes = OrderedDict() ipaddr = ipaddress.ip_network(base) af = ipaddr.version spec = routetbl_spec_obj priority = topo.DEFAULT_ROUTE_PRIORITY priorityType = getattr(spec, "priority", None) if priorityType: priority = __get_priority(priorityType, True) nh_type, nh_id, nhgid, vpcid, tunnelid, nat_type, service_nat_prefix, \ dnat_ip, classpriority, meteren = __get_route_attribs(spec, af) obj = RouteObject(node, ipaddr, priority, nh_type, nh_id, nhgid, \ vpcid, tunnelid, nat_type, service_nat_prefix, \ dnat_ip, classpriority, meteren) routes.update({obj.Id: obj}) c = 1 while c < count: ipaddr = utils.GetNextSubnet(ipaddr) if priorityType: priority = __get_priority(priorityType, False, priority) nh_type, nh_id, nhgid, vpcid, tunnelid, nat_type, service_nat_prefix, \ dnat_ip, classpriority, meteren = __get_route_attribs(spec, af) obj = RouteObject(node, ipaddr, priority, nh_type, nh_id, \ nhgid, vpcid, tunnelid, nat_type, \ service_nat_prefix, dnat_ip, classpriority, \ meteren) routes.update({obj.Id: obj}) c += 1 return routes def __get_overlap(basepfx, base, count): # for overlap, add user specified base prefix with original prefixlen routes = __get_user_specified_routes([basepfx]) routes = utils.MergeDicts(routes, __get_adjacent_routes(base, count)) return routes def __get_first_subnet(ip, prefixlen): for ip in ip.subnets(new_prefix=prefixlen): return (ip) return def __add_v4routetable(v4routes, spec): obj = RouteTableObject(node, parent, utils.IP_VERSION_4, v4routes, spec.routetype, tunobj, vpcpeerid, spec) self.__v4objs[node][vpcid].update({obj.RouteTblId: obj}) self.Objs[node].update({obj.RouteTblId: obj}) def __add_v6routetable(v6routes, spec): obj = RouteTableObject(node, parent, utils.IP_VERSION_6, v6routes, spec.routetype, tunobj, vpcpeerid, spec) self.__v6objs[node][vpcid].update({obj.RouteTblId: obj}) self.Objs[node].update({obj.RouteTblId: obj}) def __derive_nh_type_info(spec): routetype = spec.routetype if 'vpc_peer' in routetype: return 'vpcpeer' elif 'blackhole' in routetype: return 'blackhole' elif utils.IsPipelineArtemis(): # handle service tunnel case, return tep return "nh" elif utils.IsPipelineApulu(): if 'overlay-ecmp' in spec.teptype: return "nhg" else: return "tep" else: return "tep" def __internet_tunnel_get(nat, teptype=None): if teptype is not None: if "service" in teptype: if "remoteservice" == teptype: return ResmgrClient[node].RemoteSvcTunAllocator.rrnext( ) return ResmgrClient[node].SvcTunAllocator.rrnext() if "underlay" in teptype: if "underlay-ecmp" == teptype: return ResmgrClient[ node].UnderlayECMPTunAllocator.rrnext() return ResmgrClient[node].UnderlayTunAllocator.rrnext() if "overlay-ecmp" in teptype: # Fill NhGroup later return None if nat is False: return ResmgrClient[ node].RemoteInternetNonNatTunAllocator.rrnext() else: return ResmgrClient[node].RemoteInternetNatTunAllocator.rrnext( ) def __get_tunnel(spec): routetype = spec.routetype nat, teptype = __get_nat_teptype_from_spec(spec) tunobj = __internet_tunnel_get(nat, teptype) return tunobj def __get_nexthop(af): nh = None if af == utils.IP_VERSION_4: nh = NexthopClient.GetV4Nexthop(node, parent.VPCId) else: nh = NexthopClient.GetV6Nexthop(node, parent.VPCId) return nh def __get_route_attribs(spec, af=utils.IP_VERSION_4): nhid = 0 nhgid = 0 vpcid = 0 tunnelid = 0 nat_type = None service_nat_prefix = getattr(spec, 'servicenatprefix', None) classpriority = getattr(spec, 'classpriority', 0) meteren = getattr(spec, 'meteren', False) dnat_ip = getattr(spec, 'dnatip', None) natspec = getattr(spec, 'nat', None) if natspec: nat_type = getattr(natspec, 'type', None) nat_level = getattr(natspec, 'level', None) nh_type = __derive_nh_type_info(spec) if nh_type == "vpcpeer": vpcid = vpcpeerid elif nh_type == "tep": tunobj = __get_tunnel(spec) if utils.IsPipelineArtemis() and tunobj.IsSvc(): # service tunnel case nh_type = "nh" nexthop = __get_nexthop(af) nh_id = nexthop.NexthopId else: tunnelid = tunobj.Id elif nh_type == "nh": nexthop = __get_nexthop(af) if nexthop: nhid = nexthop.NexthopId elif nh_type == "nhg": nhgid = 1 # fill later return nh_type, nhid, nhgid, vpcid, tunnelid, nat_type, \ service_nat_prefix, dnat_ip, classpriority, meteren def __get_priority(priotype, firstVal=False, priority=0): if priotype == "increasing": if firstVal: return topo.MIN_ROUTE_PRIORITY return (priority - 1) elif priotype == "decreasing": if firstVal: return topo.MAX_ROUTE_PRIORITY return (priority + 1) elif priotype == "random": return (random.randint(topo.MAX_ROUTE_PRIORITY, topo.MIN_ROUTE_PRIORITY)) else: logger.error("Unknown priority type", priotype) return (random.randint(topo.MAX_ROUTE_PRIORITY, topo.MIN_ROUTE_PRIORITY)) def __get_user_specified_routes(routespec): routes = OrderedDict() spec = routetbl_spec_obj priorityType = getattr(spec, "priority", None) priority = topo.DEFAULT_ROUTE_PRIORITY if priorityType: priority = __get_priority(spec.priority, True) if routespec: for route in routespec: if priorityType: priority = __get_priority(spec.priority, False, priority) nh_type, nh_id, nhgid, vpcid, tunnelid, nat_type, \ service_nat_prefix, dnat_ip, classpriority, \ meteren = __get_route_attribs(spec) obj = RouteObject(node, ipaddress.ip_network(route.replace('\\', '/')),\ priority, nh_type, nh_id, nhgid, vpcid, tunnelid,\ nat_type, service_nat_prefix, dnat_ip,\ classpriority, meteren) routes.update({obj.Id: obj}) return routes def __add_user_specified_routetable(spec): if isV4Stack: __add_v4routetable(__get_user_specified_routes(spec.v4routes), spec) if isV6Stack: __add_v6routetable(__get_user_specified_routes(spec.v6routes), spec) def __get_valid_route_count_per_route_table(count): if count > Resmgr.MAX_ROUTES_PER_ROUTE_TBL: return Resmgr.MAX_ROUTES_PER_ROUTE_TBL return count def __get_nat_teptype_from_spec(routetbl_spec_obj): nat = False natSpec = getattr(routetbl_spec_obj, 'nat', None) if natSpec: level = getattr(natSpec, 'level') if level == 'tunnel' and not utils.IsPipelineApulu(): nat = True teptype = getattr(routetbl_spec_obj, 'teptype', None) return nat, teptype for routetbl_spec_obj in vpc_spec_obj.routetbl: if utils.IsReconfigInProgress(node): id = getattr(routetbl_spec_obj, 'id', None) if id: obj = self.GetRouteTableObject(node, id) if obj: obj.ObjUpdate(routetbl_spec_obj) else: for obj in list(self.Objs[node].values()): obj.ObjUpdate(routetbl_spec_obj) continue routetbltype = routetbl_spec_obj.type routetype = routetbl_spec_obj.routetype nat, teptype = __get_nat_teptype_from_spec(routetbl_spec_obj) tunobj = __internet_tunnel_get(nat, teptype) if routetbltype == "specific": __add_user_specified_routetable(routetbl_spec_obj) continue routetablecount = routetbl_spec_obj.count v4routecount = __get_valid_route_count_per_route_table( routetbl_spec_obj.nv4routes) v6routecount = __get_valid_route_count_per_route_table( routetbl_spec_obj.nv6routes) v4prefixlen = routetbl_spec_obj.v4prefixlen v6prefixlen = routetbl_spec_obj.v6prefixlen v4base = __get_first_subnet( ipaddress.ip_network( routetbl_spec_obj.v4base.replace('\\', '/')), v4prefixlen) v6base = __get_first_subnet( ipaddress.ip_network( routetbl_spec_obj.v6base.replace('\\', '/')), v6prefixlen) # get user specified routes if any for 'base' routetbltype user_specified_v4routes = __get_user_specified_routes( routetbl_spec_obj.v4routes) user_specified_v6routes = __get_user_specified_routes( routetbl_spec_obj.v6routes) v4routecount -= len(user_specified_v4routes) v6routecount -= len(user_specified_v6routes) if 'overlap' in routetype: v4routecount -= 1 v6routecount -= 1 for i in range(routetablecount): if 'adjacent' in routetype: if isV4Stack: routes = utils.MergeDicts(user_specified_v4routes, \ __get_adjacent_routes(v4base, v4routecount-1)) __add_v4routetable(routes, routetbl_spec_obj) v4base = utils.GetNextSubnet( routes.get(list(routes)[-1]).ipaddr) if isV6Stack: routes = utils.MergeDicts(user_specified_v6routes, \ __get_adjacent_routes(v6base, v6routecount-1)) __add_v6routetable(routes, routetbl_spec_obj) v6base = utils.GetNextSubnet( routes.get(list(routes)[-1]).ipaddr) elif 'overlap' in routetype: if isV4Stack: routes = utils.MergeDicts(user_specified_v4routes, \ __get_overlap(routetbl_spec_obj.v4base, v4base, v4routecount)) __add_v4routetable(routes, routetbl_spec_obj) v4base = utils.GetNextSubnet( routes.get(list(routes)[-1]).ipaddr) if isV6Stack: routes = utils.MergeDicts(user_specified_v6routes, \ __get_overlap(routetbl_spec_obj.v6base, v6base, v6routecount)) __add_v6routetable(routes, routetbl_spec_obj) v6base = utils.GetNextSubnet( routes.get(list(routes)[-1]).ipaddr) if self.__v6objs[node][vpcid]: self.__v6iter[node][vpcid] = utils.rrobiniter( self.__v6objs[node][vpcid].values()) if self.__v4objs[node][vpcid]: self.__v4iter[node][vpcid] = utils.rrobiniter( self.__v4objs[node][vpcid].values())