def setup_policy_acl_flow(dpath, ofctl): """ Policy ACL flows when dp enter. """ matches = [ ofmatch.Match().eth_type(fibcapi.ETHTYPE_LACP), ofmatch.Match().eth_type(fibcapi.ETHTYPE_ARP), # ofmatch.Match().eth_type(fibcapi.ETHTYPE_IPV4).ip_proto(fibcapi.IPPROTO_ICMP4), # ofmatch.Match().eth_type(fibcapi.ETHTYPE_IPV6).ip_proto(fibcapi.IPPROTO_ICMP6), # ofmatch.Match().eth_type(fibcapi.ETHTYPE_IPV4).ip_proto(fibcapi.IPPROTO_OSPF), # ofmatch.Match().eth_type(fibcapi.ETHTYPE_IPV6).ip_proto(fibcapi.IPPROTO_OSPF), # ofmatch.Match().eth_type(fibcapi.ETHTYPE_IPV4).ip_proto(fibcapi.IPPROTO_TCP).tcp_src(fibcapi.TCPPORT_BGP), # ofmatch.Match().eth_type(fibcapi.ETHTYPE_IPV4).ip_proto(fibcapi.IPPROTO_TCP).tcp_dst(fibcapi.TCPPORT_BGP), # ofmatch.Match().eth_type(fibcapi.ETHTYPE_IPV6).ip_proto(fibcapi.IPPROTO_TCP).tcp_src(fibcapi.TCPPORT_BGP), # ofmatch.Match().eth_type(fibcapi.ETHTYPE_IPV6).ip_proto(fibcapi.IPPROTO_TCP).tcp_dst(fibcapi.TCPPORT_BGP), # ofmatch.Match().eth_type(fibcapi.ETHTYPE_IPV4).ip_proto(fibcapi.IPPROTO_TCP).tcp_src(fibcapi.TCPPORT_LDP), # ofmatch.Match().eth_type(fibcapi.ETHTYPE_IPV4).ip_proto(fibcapi.IPPROTO_TCP).tcp_dst(fibcapi.TCPPORT_LDP), ofmatch.Match().ip_dst(fibcapi.MCADDR_ALLROUTERS), ofmatch.Match().ip_dst(fibcapi.MCADDR_OSPF_HELLO), ofmatch.Match().ip_dst(fibcapi.MCADDR_OSPF_ALLDR), ] actions = [ofaction.output(dpath.ofproto.OFPP_CONTROLLER)] for match in matches: flow = offlow.flow_mod( match=match, actions=actions, writes=[], table_id=pb.FlowMod.POLICY_ACL, priority=fibcapi.PRIORITY_NORMAL, ) ofctl.mod_flow_entry(dpath, flow, dpath.ofproto.OFPFC_ADD)
def termination_mac_flow(dpath, mod, ofctl): """ Termination MAC flow table. """ _LOG.debug("TERM MAC FLow: %d %s %s", dpath.id, mod, ofctl) cmd = fibcapi.flow_mod_cmd(mod.cmd, dpath.ofproto) entry = mod.term_mac match = ofmatch.Match().eth_type(entry.match.eth_type).eth_dst( entry.match.eth_dst) def _actions(): if not offlow.is_action_needed(dpath, cmd): return [] return [ofaction.goto_table(entry.goto_table)] flow = offlow.flow_mod(match=match, actions=_actions, writes=[], table_id=pb.FlowMod.TERM_MAC, priority=fibcapi.PRIORITY_LOW) ofctl.mod_flow_entry(dpath, flow, cmd)
def policy_acl_flow(dpath, mod, ofctl, use_metadata=True): """ Policy ACL flow table. """ _LOG.debug("ACL FLow: %d %s", dpath.id, mod) entry = mod.acl if entry.match.in_port: # openflow mode: # send no flows for a port. # flows for a port are send by setup_flow(). return cmd = fibcapi.flow_mod_cmd(mod.cmd, dpath.ofproto) match = ofmatch.Match().ip_dst(entry.match.ip_dst).vrf( entry.match.vrf, use_metadata) def _actions(): if not offlow.is_action_needed(dpath, cmd): return [] return [ofaction.output(dpath.ofproto.OFPP_CONTROLLER)] flow = offlow.flow_mod(match=match, actions=_actions, writes=[], table_id=pb.FlowMod.POLICY_ACL, priority=fibcapi.PRIORITY_HIGH) ofctl.mod_flow_entry(dpath, flow, cmd)
def setup_term_mac_flow(dpath, ofctl): """ Termination MAC flow (for setup) """ matches = [ ofmatch.Match().eth_dst(fibcapi.HWADDR_MULTICAST4_MATCH).eth_type( fibcapi.ETHTYPE_IPV4), ofmatch.Match().eth_dst(fibcapi.HWADDR_MULTICAST6_MATCH).eth_type( fibcapi.ETHTYPE_IPV6), ] actions = [ofaction.goto_table(pb.FlowMod.MULTICAST_ROUTING)] for match in matches: flow = offlow.flow_mod( match=match, actions=actions, writes=[], table_id=pb.FlowMod.TERM_MAC, priority=2, ) ofctl.mod_flow_entry(dpath, flow, dpath.ofproto.OFPFC_ADD)
def _lagopus_bugfix(dpath, ofctl): """ To avoid lagopus bug. """ flow = offlow.flow_mod( match=ofmatch.Match().eth_type(fibcapi.ETHTYPE_MPLS), actions=[], writes=[], table_id=pb.FlowMod.POLICY_ACL, priority=fibcapi.PRIORITY_HIGHEST, ) ofctl.mod_flow_entry(dpath, flow, dpath.ofproto.OFPFC_ADD)
def unicast_routing_flow(dpath, mod, ofctl, use_metadata=True): """ Create flow_mod for Unicast Routing flow table. """ _LOG.debug("Unicast Routing FLow: %d %s", dpath.id, mod) cmd = fibcapi.flow_mod_cmd(mod.cmd, dpath.ofproto) entry = mod.unicast match = ofmatch.Match().ip_dst(entry.match.ip_dst).vrf( entry.match.vrf, use_metadata) def _actions(): if not offlow.is_action_needed(dpath, cmd): return [] return [ofaction.goto_table(pb.FlowMod.POLICY_ACL)] def _writes(): if not offlow.is_action_needed(dpath, cmd): return [] writes = [ofaction.dec_nw_ttl()] if entry.g_type == pb.GroupMod.L3_UNICAST: writes.append( ofaction.group(fibcapi.l3_unicast_group_id(entry.g_id))) elif entry.g_type == pb.GroupMod.L3_ECMP: writes.append(ofaction.group(fibcapi.l3_ecmp_group_id(entry.g_id))) elif entry.g_type == pb.GroupMod.MPLS_L3_VPN: writes.append( ofaction.group(fibcapi.mpls_label_group_id(2, entry.g_id))) else: pass return writes def _priority_base(): if entry.g_type == pb.GroupMod.MPLS_L3_VPN: return fibcapi.PRIORITY_BASE_VPN return fibcapi.PRIORITY_BASE_UC priority = offlow.priority_for_ipaddr(entry.match.ip_dst, _priority_base()) flow = offlow.flow_mod(match=match, actions=_actions, writes=_writes, table_id=pb.FlowMod.UNICAST_ROUTING, priority=priority) ofctl.mod_flow_entry(dpath, flow, cmd)
def _add_mpls_l3_type_php_flows(dpath, ofctl): # L3 VPN Forward (IPv4) based on this label (PHP) flow = offlow.flow_mod( match=ofmatch.Match().eth_type(fibcapi.ETHTYPE_MPLS).mpls_type( fibcapi.MPLSTYPE_PHP, True), actions=[ ofaction.pop_mpls(fibcapi.ETHTYPE_IPV4), ofaction.goto_table(pb.FlowMod.MPLS_LABEL_TRUST), ], writes=[], table_id=pb.FlowMod.MPLS_L3_TYPE, priority=5, ) ofctl.mod_flow_entry(dpath, flow, dpath.ofproto.OFPFC_ADD) return
def _add_mpls_l3_type_l3vpn_flows(dpath, ofctl): # L3 VPN Route (IPv4 Unicast) flow = offlow.flow_mod( match=ofmatch.Match().eth_type(fibcapi.ETHTYPE_MPLS), actions=[ ofaction.set_mpls_type(fibcapi.MPLSTYPE_UNICAST, True), ofaction.pop_mpls(fibcapi.ETHTYPE_IPV4), ofaction.goto_table(pb.FlowMod.MPLS_LABEL_TRUST), ], writes=[], table_id=pb.FlowMod.MPLS_L3_TYPE, priority=1, ) ofctl.mod_flow_entry(dpath, flow, dpath.ofproto.OFPFC_ADD) return
def _add_mpls_type_flows(dpath, ofctl): """ MPLS Type builtin flows. """ datas = [ (fibcapi.MPLSTYPE_VPS, pb.FlowMod.POLICY_ACL), (fibcapi.MPLSTYPE_UNICAST, pb.FlowMod.UNICAST_ROUTING), (fibcapi.MPLSTYPE_MULTICAST, pb.FlowMod.MULTICAST_ROUTING), (fibcapi.MPLSTYPE_PHP, pb.FlowMod.POLICY_ACL), ] for mpls_type, goto_table in datas: flow = offlow.flow_mod( match=ofmatch.Match().mpls_type(mpls_type, True), actions=[ ofaction.goto_table(goto_table), ], writes=[], table_id=pb.FlowMod.MPLS_TYPE, priority=1, ) ofctl.mod_flow_entry(dpath, flow, dpath.ofproto.OFPFC_ADD) return
def _match(): match = ofmatch.Match() match.eth_type(fibcapi.ETHTYPE_MPLS) match.mpls_bos(entry.match.bos) match.mpls_label(entry.match.label) return match
def _match(): match = ofmatch.Match() match.in_port(entry.match.in_port) match.vlan_vid(entry.match.vid, entry.match.vid_mask) return match