def _add_routing_instance(self, ri_conf): gevent.idle() ri_name = ri_conf.get("ri_name") vn = ri_conf.get("vn") is_l2 = ri_conf.get("is_l2", False) is_l2_l3 = ri_conf.get("is_l2_l3", False) import_targets = ri_conf.get("import_targets", set()) export_targets = ri_conf.get("export_targets", set()) prefixes = ri_conf.get("prefixes") or [] gateways = ri_conf.get("gateways") or [] router_external = ri_conf.get("router_external", False) interfaces = ri_conf.get("interfaces", []) vni = ri_conf.get("vni", None) fip_map = ri_conf.get("fip_map", None) network_id = ri_conf.get("network_id", None) is_internal_vn = True if '_contrail_lr_internal_vn_' in vn.name \ else False encapsulation_priorities = ri_conf.get("encapsulation_priorities") or [ "MPLSoGRE" ] highest_encapsulation = encapsulation_priorities[0] ri = RoutingInstance(name=ri_name) is_master_int_vn = False if vn: is_nat = True if fip_map else False ri.set_comment( DMUtils.vn_ri_comment(vn, is_l2, is_l2_l3, is_nat, router_external)) if is_internal_vn: lr_uuid = DMUtils.extract_lr_uuid_from_internal_vn_name( ri_name) else: if vn.logical_router is None: # try updating logical router to handle DM restart # vn.logical_router could be none as sequencing of # locate object calls in device_manager.py vn.set_logical_router(vn.fq_name[-1]) lr_uuid = vn.logical_router if lr_uuid: lr = LogicalRouterDM.get(lr_uuid) if lr: is_master_int_vn = lr.is_master if is_internal_vn: # set description only for interval VN/VRF ri.set_description("__contrail_%s_%s" % (lr.name, lr_uuid)) ri.set_is_master(is_master_int_vn) ri.set_virtual_network_id(str(network_id)) ri.set_vxlan_id(str(vni)) ri.set_virtual_network_is_internal(is_internal_vn) ri.set_is_public_network(router_external) if is_l2_l3: ri.set_virtual_network_mode('l2-l3') elif is_l2: ri.set_virtual_network_mode('l2') if highest_encapsulation == "VXLAN": ri.set_routing_instance_type("virtual-switch") elif highest_encapsulation in ["MPLSoGRE", "MPLSoUDP"]: ri.set_routing_instance_type("evpn") else: ri.set_virtual_network_mode('l3') if not is_l2: ri.set_routing_instance_type("vrf") if fip_map is None and (router_external or not is_internal_vn): # add RI prefixes for dc-gateway self._add_ri_prefixes(vn, router_external, interfaces, prefixes, ri) if ri.get_routing_instance_type() != 'virtual-switch' and \ ri.get_virtual_network_mode() != 'l2': self.ri_map[ri_name] = ri # add irb physical interface and irb vni gateway settings for l2_l3 if self._is_gateway() and is_l2_l3 and not is_internal_vn: __, li_map = self._add_or_lookup_pi(self.pi_map, 'irb', 'irb') intf_unit = self._add_or_lookup_li(li_map, 'irb.' + str(network_id), network_id) if len(gateways) > 0: if vn.has_ipv6_subnet is True: intf_unit.set_is_virtual_router(True) intf_unit.set_comment( DMUtils.vn_irb_comment(vn, False, is_l2_l3, router_external)) for (irb_ip, gateway) in gateways: if len(gateway) and gateway != '0.0.0.0': intf_unit.set_gateway(gateway) self._add_ip_address(intf_unit, irb_ip, gateway=gateway) else: self._add_ip_address(intf_unit, irb_ip) if (is_l2 and vni is not None and self._is_evpn(self._physical_router)): irb_name = 'irb.' + str(network_id) self._add_ref_to_list(ri.get_routing_interfaces(), irb_name) # add firewall config for public VRF if router_external and is_l2 is False: self._add_ri_vrf_firewall_config(prefixes, ri) # add firewall config for DCI Network if fip_map is not None: self._add_ref_to_list(ri.get_interfaces(), interfaces[0].name) self.firewall_config = self.firewall_config or Firewall( comment=DMUtils.firewall_comment()) f = FirewallFilter( name=DMUtils.make_private_vrf_filter_name(ri_name)) f.set_comment(DMUtils.vn_firewall_comment(vn, "private")) self.firewall_config.add_firewall_filters(f) term = Term(name=DMUtils.make_vrf_term_name(ri_name)) from_ = From() for fip_user_ip in list(fip_map.keys()): from_.add_source_address( self._get_subnet_for_cidr(fip_user_ip)) term.set_from(from_) term.set_then(Then(routing_instance=[ri_name])) f.add_terms(term) __, li_map = self._add_or_lookup_pi(self.pi_map, 'irb', 'irb') intf_name = 'irb.' + str(network_id) intf_unit = self._add_or_lookup_li(li_map, intf_name, network_id) intf_unit.set_comment(DMUtils.vn_irb_fip_inet_comment(vn)) intf_unit.set_family("inet") intf_unit.add_firewall_filters( DMUtils.make_private_vrf_filter_name(ri_name)) self._add_ref_to_list(ri.get_routing_interfaces(), intf_name) # fip services config nat_rules = NatRules(allow_overlapping_nat_pools=True, name=DMUtils.make_services_set_name(ri_name), comment=DMUtils.service_set_comment(vn)) ri.set_nat_rules(nat_rules) snat_rule = NatRule(name=DMUtils.make_snat_rule_name(ri_name), comment=DMUtils.service_set_nat_rule_comment( vn, "SNAT"), direction="input", translation_type="basic-nat44") snat_rule.set_comment(DMUtils.snat_rule_comment()) nat_rules.add_rules(snat_rule) dnat_rule = NatRule(name=DMUtils.make_dnat_rule_name(ri_name), comment=DMUtils.service_set_nat_rule_comment( vn, "DNAT"), direction="output", translation_type="dnat-44") dnat_rule.set_comment(DMUtils.dnat_rule_comment()) nat_rules.add_rules(dnat_rule) nat_rules.set_inside_interface(interfaces[0].name) nat_rules.set_outside_interface(interfaces[1].name) for pip, fip_vn in list(fip_map.items()): fip = fip_vn["floating_ip"] snat_rule.add_source_addresses(self._get_subnet_for_cidr(pip)) snat_rule.add_source_prefixes(self._get_subnet_for_cidr(fip)) dnat_rule.add_destination_addresses( self._get_subnet_for_cidr(fip)) dnat_rule.add_destination_prefixes( self._get_subnet_for_cidr(pip)) self._add_ref_to_list(ri.get_ingress_interfaces(), interfaces[0].name) self._add_ref_to_list(ri.get_egress_interfaces(), interfaces[1].name) for target in import_targets: self._add_to_list(ri.get_import_targets(), target) for target in export_targets: self._add_to_list(ri.get_export_targets(), target)
def build_svc_chaining_ri_config(self, si_name, left_vrf_info, right_vrf_info): # left vrf vn_obj = VirtualNetworkDM.get(left_vrf_info.get("vn_id")) if vn_obj: vrf_name = DMUtils.make_vrf_name(vn_obj.fq_name[-1], vn_obj.vn_network_id, "l3") network_id = vn_obj.vn_network_id vxlan_id = vn_obj.get_vxlan_vni() primary_ri = self._get_primary_ri(vn_obj) et, it = self._get_export_import_targets(vn_obj, primary_ri) is_internal_vn = (True if "_contrail_lr_internal_vn_" in vn_obj.name else False) left_ri = RoutingInstance( name=vrf_name, virtual_network_mode="l3", export_targets=et, import_targets=it, virtual_network_id=str(network_id), vxlan_id=str(vxlan_id), is_public_network=vn_obj.router_external, ) left_ri.set_routing_instance_type("vrf") left_ri.set_virtual_network_is_internal(is_internal_vn) if is_internal_vn: lr = self.get_lr_name_from_ri(vrf_name) if lr: left_ri.set_description("__contrail_%s_%s" % (lr.name, lr.uuid)) self.ri_map_leafspine[vrf_name] = left_ri self._add_ref_to_list( left_ri.get_routing_interfaces(), "irb." + left_vrf_info.get("left_svc_unit"), ) if left_vrf_info.get("srx_left_interface") and left_vrf_info.get( "loopback_ip"): protocols = RoutingInstanceProtocols() bgp_name = si_name + "_left" peer_bgp_name = (bgp_name + "_" + left_vrf_info.get("srx_left_interface")) peer_bgp = Bgp( name=peer_bgp_name, autonomous_system=left_vrf_info.get("peer"), ip_address=left_vrf_info.get("srx_left_interface"), ) bgp = Bgp( name=bgp_name, type_="external", autonomous_system=left_vrf_info.get("local"), ) bgp.add_peers(peer_bgp) bgp.set_comment("PNF-Service-Chaining") protocols.add_bgp(bgp) pimrp = PimRp(ip_address=left_vrf_info.get("loopback_ip")) pim = Pim(name=si_name + "_left") pim.set_rp(pimrp) pim.set_comment("PNF-Service-Chaining") protocols.add_pim(pim) self.ri_protocols_leafspine_map[vrf_name][bgp_name] = protocols left_ri.set_protocols( self._get_values_sorted_by_key( self.ri_protocols_leafspine_map[vrf_name])) # create new service chain ri for vni targets for vn in left_vrf_info.get("tenant_vn") or []: vn_obj = VirtualNetworkDM.get(vn) if vn_obj: vrf_name = DMUtils.make_vrf_name(vn_obj.fq_name[-1], vn_obj.vn_network_id, "l3") network_id = vn_obj.vn_network_id vxlan_id = vn_obj.get_vxlan_vni() primary_ri = self._get_primary_ri(vn_obj) et, it = self._get_export_import_targets(vn_obj, primary_ri) ri = RoutingInstance( name=vrf_name, virtual_network_mode="l3", export_targets=et, import_targets=it, virtual_network_id=str(network_id), vxlan_id=str(vxlan_id), is_public_network=vn_obj.router_external, ) vni_ri_left = RoutingInstance(name=si_name + "_service_chain_left") self.ri_map_leafspine[si_name + "_service_chain_left"] = vni_ri_left vni_ri_left.set_comment("PNF-Service-Chaining") vni_ri_left.set_routing_instance_type("virtual-switch") vni_ri_left.set_vxlan_id(left_vrf_info.get("left_svc_unit")) for target in ri.get_export_targets(): self._add_to_list(vni_ri_left.get_export_targets(), target) # right vrf vn_obj = VirtualNetworkDM.get(right_vrf_info.get("vn_id")) if vn_obj: vrf_name = DMUtils.make_vrf_name(vn_obj.fq_name[-1], vn_obj.vn_network_id, "l3") network_id = vn_obj.vn_network_id vxlan_id = vn_obj.get_vxlan_vni() primary_ri = self._get_primary_ri(vn_obj) et, it = self._get_export_import_targets(vn_obj, primary_ri) is_internal_vn = (True if "_contrail_lr_internal_vn_" in vn_obj.name else False) right_ri = RoutingInstance( name=vrf_name, virtual_network_mode="l3", export_targets=et, import_targets=it, virtual_network_id=str(network_id), vxlan_id=str(vxlan_id), is_public_network=vn_obj.router_external, ) right_ri.set_routing_instance_type("vrf") right_ri.set_virtual_network_is_internal(is_internal_vn) if is_internal_vn: lr = self.get_lr_name_from_ri(vrf_name) if lr: right_ri.set_description("__contrail_%s_%s" % (lr.name, lr.uuid)) self.ri_map_leafspine[vrf_name] = right_ri self._add_ref_to_list( right_ri.get_routing_interfaces(), "irb." + right_vrf_info.get("right_svc_unit"), ) if right_vrf_info.get("srx_right_interface") and left_vrf_info.get( "loopback_ip"): protocols = RoutingInstanceProtocols() bgp_name = si_name + "_right" peer_bgp_name = (bgp_name + "_" + right_vrf_info.get("srx_right_interface")) peer_bgp = Bgp( name=peer_bgp_name, autonomous_system=right_vrf_info.get("peer"), ip_address=right_vrf_info.get("srx_right_interface"), ) bgp = Bgp( name=bgp_name, type_="external", autonomous_system=right_vrf_info.get("local"), ) bgp.add_peers(peer_bgp) bgp.set_comment("PNF-Service-Chaining") protocols.add_bgp(bgp) pimrp = PimRp(ip_address=left_vrf_info.get("loopback_ip")) pim = Pim(name=si_name + "_right") pim.set_rp(pimrp) pim.set_comment("PNF-Service-Chaining") protocols.add_pim(pim) self.ri_protocols_leafspine_map[vrf_name][bgp_name] = protocols right_ri.set_protocols( self._get_values_sorted_by_key( self.ri_protocols_leafspine_map[vrf_name])) # create new service chain ri for vni targets for vn in right_vrf_info.get("tenant_vn") or []: vn_obj = VirtualNetworkDM.get(vn) if vn_obj: vrf_name = DMUtils.make_vrf_name(vn_obj.fq_name[-1], vn_obj.vn_network_id, "l3") network_id = vn_obj.vn_network_id vxlan_id = vn_obj.get_vxlan_vni() primary_ri = self._get_primary_ri(vn_obj) et, it = self._get_export_import_targets(vn_obj, primary_ri) ri = RoutingInstance( name=vrf_name, virtual_network_mode="l3", export_targets=et, import_targets=it, virtual_network_id=str(network_id), vxlan_id=str(vxlan_id), is_public_network=vn_obj.router_external, ) vni_ri_right = RoutingInstance(name=si_name + "_service_chain_right") self.ri_map_leafspine[si_name + "_service_chain_right"] = vni_ri_right vni_ri_right.set_comment("PNF-Service-Chaining") vni_ri_right.set_routing_instance_type("virtual-switch") vni_ri_right.set_vxlan_id(right_vrf_info.get("right_svc_unit")) for target in ri.get_export_targets(): self._add_to_list(vni_ri_right.get_export_targets(), target)