def setup_policy_acl_flow(dpath, ofctl):
"""
Policy ACL flows when dp enter.
"""
matches = [
ofmatch.Match().eth_type(fibcapi.ETHTYPE_LACP),
ofmatch.Match().eth_type(fibcapi.ETHTYPE_ARP),
# ofmatch.Match().eth_type(fibcapi.ETHTYPE_IPV4).ip_proto(fibcapi.IPPROTO_ICMP4),
# ofmatch.Match().eth_type(fibcapi.ETHTYPE_IPV6).ip_proto(fibcapi.IPPROTO_ICMP6),
# ofmatch.Match().eth_type(fibcapi.ETHTYPE_IPV4).ip_proto(fibcapi.IPPROTO_OSPF),
# ofmatch.Match().eth_type(fibcapi.ETHTYPE_IPV6).ip_proto(fibcapi.IPPROTO_OSPF),
# ofmatch.Match().eth_type(fibcapi.ETHTYPE_IPV4).ip_proto(fibcapi.IPPROTO_TCP).tcp_src(fibcapi.TCPPORT_BGP),
# ofmatch.Match().eth_type(fibcapi.ETHTYPE_IPV4).ip_proto(fibcapi.IPPROTO_TCP).tcp_dst(fibcapi.TCPPORT_BGP),
# ofmatch.Match().eth_type(fibcapi.ETHTYPE_IPV6).ip_proto(fibcapi.IPPROTO_TCP).tcp_src(fibcapi.TCPPORT_BGP),
# ofmatch.Match().eth_type(fibcapi.ETHTYPE_IPV6).ip_proto(fibcapi.IPPROTO_TCP).tcp_dst(fibcapi.TCPPORT_BGP),
# ofmatch.Match().eth_type(fibcapi.ETHTYPE_IPV4).ip_proto(fibcapi.IPPROTO_TCP).tcp_src(fibcapi.TCPPORT_LDP),
# ofmatch.Match().eth_type(fibcapi.ETHTYPE_IPV4).ip_proto(fibcapi.IPPROTO_TCP).tcp_dst(fibcapi.TCPPORT_LDP),
ofmatch.Match().ip_dst(fibcapi.MCADDR_ALLROUTERS),
ofmatch.Match().ip_dst(fibcapi.MCADDR_OSPF_HELLO),
ofmatch.Match().ip_dst(fibcapi.MCADDR_OSPF_ALLDR),
]
actions = [ofaction.output(dpath.ofproto.OFPP_CONTROLLER)]
for match in matches:
flow = offlow.flow_mod(
match=match,
actions=actions,
writes=[],
table_id=pb.FlowMod.POLICY_ACL,
priority=fibcapi.PRIORITY_NORMAL,
)
ofctl.mod_flow_entry(dpath, flow, dpath.ofproto.OFPFC_ADD)
def termination_mac_flow(dpath, mod, ofctl):
"""
Termination MAC flow table.
"""
_LOG.debug("TERM MAC FLow: %d %s %s", dpath.id, mod, ofctl)
cmd = fibcapi.flow_mod_cmd(mod.cmd, dpath.ofproto)
entry = mod.term_mac
match = ofmatch.Match().eth_type(entry.match.eth_type).eth_dst(
entry.match.eth_dst)
def _actions():
if not offlow.is_action_needed(dpath, cmd):
return []
return [ofaction.goto_table(entry.goto_table)]
flow = offlow.flow_mod(match=match,
actions=_actions,
writes=[],
table_id=pb.FlowMod.TERM_MAC,
priority=fibcapi.PRIORITY_LOW)
ofctl.mod_flow_entry(dpath, flow, cmd)
def policy_acl_flow(dpath, mod, ofctl, use_metadata=True):
"""
Policy ACL flow table.
"""
_LOG.debug("ACL FLow: %d %s", dpath.id, mod)
entry = mod.acl
if entry.match.in_port:
# openflow mode:
# send no flows for a port.
# flows for a port are send by setup_flow().
return
cmd = fibcapi.flow_mod_cmd(mod.cmd, dpath.ofproto)
match = ofmatch.Match().ip_dst(entry.match.ip_dst).vrf(
entry.match.vrf, use_metadata)
def _actions():
if not offlow.is_action_needed(dpath, cmd):
return []
return [ofaction.output(dpath.ofproto.OFPP_CONTROLLER)]
flow = offlow.flow_mod(match=match,
actions=_actions,
writes=[],
table_id=pb.FlowMod.POLICY_ACL,
priority=fibcapi.PRIORITY_HIGH)
ofctl.mod_flow_entry(dpath, flow, cmd)
def setup_term_mac_flow(dpath, ofctl):
"""
Termination MAC flow (for setup)
"""
matches = [
ofmatch.Match().eth_dst(fibcapi.HWADDR_MULTICAST4_MATCH).eth_type(
fibcapi.ETHTYPE_IPV4),
ofmatch.Match().eth_dst(fibcapi.HWADDR_MULTICAST6_MATCH).eth_type(
fibcapi.ETHTYPE_IPV6),
]
actions = [ofaction.goto_table(pb.FlowMod.MULTICAST_ROUTING)]
for match in matches:
flow = offlow.flow_mod(
match=match,
actions=actions,
writes=[],
table_id=pb.FlowMod.TERM_MAC,
priority=2,
)
ofctl.mod_flow_entry(dpath, flow, dpath.ofproto.OFPFC_ADD)
def _lagopus_bugfix(dpath, ofctl):
"""
To avoid lagopus bug.
"""
flow = offlow.flow_mod(
match=ofmatch.Match().eth_type(fibcapi.ETHTYPE_MPLS),
actions=[],
writes=[],
table_id=pb.FlowMod.POLICY_ACL,
priority=fibcapi.PRIORITY_HIGHEST,
)
ofctl.mod_flow_entry(dpath, flow, dpath.ofproto.OFPFC_ADD)
def unicast_routing_flow(dpath, mod, ofctl, use_metadata=True):
"""
Create flow_mod for Unicast Routing flow table.
"""
_LOG.debug("Unicast Routing FLow: %d %s", dpath.id, mod)
cmd = fibcapi.flow_mod_cmd(mod.cmd, dpath.ofproto)
entry = mod.unicast
match = ofmatch.Match().ip_dst(entry.match.ip_dst).vrf(
entry.match.vrf, use_metadata)
def _actions():
if not offlow.is_action_needed(dpath, cmd):
return []
return [ofaction.goto_table(pb.FlowMod.POLICY_ACL)]
def _writes():
if not offlow.is_action_needed(dpath, cmd):
return []
writes = [ofaction.dec_nw_ttl()]
if entry.g_type == pb.GroupMod.L3_UNICAST:
writes.append(
ofaction.group(fibcapi.l3_unicast_group_id(entry.g_id)))
elif entry.g_type == pb.GroupMod.L3_ECMP:
writes.append(ofaction.group(fibcapi.l3_ecmp_group_id(entry.g_id)))
elif entry.g_type == pb.GroupMod.MPLS_L3_VPN:
writes.append(
ofaction.group(fibcapi.mpls_label_group_id(2, entry.g_id)))
else:
pass
return writes
def _priority_base():
if entry.g_type == pb.GroupMod.MPLS_L3_VPN:
return fibcapi.PRIORITY_BASE_VPN
return fibcapi.PRIORITY_BASE_UC
priority = offlow.priority_for_ipaddr(entry.match.ip_dst, _priority_base())
flow = offlow.flow_mod(match=match,
actions=_actions,
writes=_writes,
table_id=pb.FlowMod.UNICAST_ROUTING,
priority=priority)
ofctl.mod_flow_entry(dpath, flow, cmd)
def _add_mpls_l3_type_php_flows(dpath, ofctl):
# L3 VPN Forward (IPv4) based on this label (PHP)
flow = offlow.flow_mod(
match=ofmatch.Match().eth_type(fibcapi.ETHTYPE_MPLS).mpls_type(
fibcapi.MPLSTYPE_PHP, True),
actions=[
ofaction.pop_mpls(fibcapi.ETHTYPE_IPV4),
ofaction.goto_table(pb.FlowMod.MPLS_LABEL_TRUST),
],
writes=[],
table_id=pb.FlowMod.MPLS_L3_TYPE,
priority=5,
)
ofctl.mod_flow_entry(dpath, flow, dpath.ofproto.OFPFC_ADD)
return
def _add_mpls_l3_type_l3vpn_flows(dpath, ofctl):
# L3 VPN Route (IPv4 Unicast)
flow = offlow.flow_mod(
match=ofmatch.Match().eth_type(fibcapi.ETHTYPE_MPLS),
actions=[
ofaction.set_mpls_type(fibcapi.MPLSTYPE_UNICAST, True),
ofaction.pop_mpls(fibcapi.ETHTYPE_IPV4),
ofaction.goto_table(pb.FlowMod.MPLS_LABEL_TRUST),
],
writes=[],
table_id=pb.FlowMod.MPLS_L3_TYPE,
priority=1,
)
ofctl.mod_flow_entry(dpath, flow, dpath.ofproto.OFPFC_ADD)
return
def _add_mpls_type_flows(dpath, ofctl):
"""
MPLS Type builtin flows.
"""
datas = [
(fibcapi.MPLSTYPE_VPS, pb.FlowMod.POLICY_ACL),
(fibcapi.MPLSTYPE_UNICAST, pb.FlowMod.UNICAST_ROUTING),
(fibcapi.MPLSTYPE_MULTICAST, pb.FlowMod.MULTICAST_ROUTING),
(fibcapi.MPLSTYPE_PHP, pb.FlowMod.POLICY_ACL),
]
for mpls_type, goto_table in datas:
flow = offlow.flow_mod(
match=ofmatch.Match().mpls_type(mpls_type, True),
actions=[
ofaction.goto_table(goto_table),
],
writes=[],
table_id=pb.FlowMod.MPLS_TYPE,
priority=1,
)
ofctl.mod_flow_entry(dpath, flow, dpath.ofproto.OFPFC_ADD)
return
def _match():
match = ofmatch.Match()
match.eth_type(fibcapi.ETHTYPE_MPLS)
match.mpls_bos(entry.match.bos)
match.mpls_label(entry.match.label)
return match
def _match():
match = ofmatch.Match()
match.in_port(entry.match.in_port)
match.vlan_vid(entry.match.vid, entry.match.vid_mask)
return match
