use of com.cloud.network.rules.StaticNat in project cloudstack by apache.
the class NuageVspElement method applyStaticNats.
@Override
public boolean applyStaticNats(Network config, List<? extends StaticNat> rules) throws ResourceUnavailableException {
List<VspStaticNat> vspStaticNatDetails = new ArrayList<VspStaticNat>();
for (StaticNat staticNat : rules) {
IPAddressVO sourceNatIp = _ipAddressDao.findById(staticNat.getSourceIpAddressId());
VlanVO sourceNatVlan = _vlanDao.findById(sourceNatIp.getVlanId());
checkVlanUnderlayCompatibility(sourceNatVlan);
NicVO nicVO = _nicDao.findByIp4AddressAndNetworkId(staticNat.getDestIpAddress(), staticNat.getNetworkId());
VspStaticNat vspStaticNat = _nuageVspEntityBuilder.buildVspStaticNat(staticNat.isForRevoke(), sourceNatIp, sourceNatVlan, nicVO);
vspStaticNatDetails.add(vspStaticNat);
}
VspNetwork vspNetwork = _nuageVspEntityBuilder.buildVspNetwork(config);
HostVO nuageVspHost = _nuageVspManager.getNuageVspHost(config.getPhysicalNetworkId());
ApplyStaticNatVspCommand cmd = new ApplyStaticNatVspCommand(vspNetwork, vspStaticNatDetails);
Answer answer = _agentMgr.easySend(nuageVspHost.getId(), cmd);
if (answer == null || !answer.getResult()) {
s_logger.error("ApplyStaticNatNuageVspCommand for network " + config.getUuid() + " failed on Nuage VSD " + nuageVspHost.getDetail("hostname"));
if ((null != answer) && (null != answer.getDetails())) {
throw new ResourceUnavailableException(answer.getDetails(), Network.class, config.getId());
}
}
return true;
}
use of com.cloud.network.rules.StaticNat in project cloudstack by apache.
the class MidoNetElement method applyStaticNats.
/**
* From interface StaticNatServiceProvider
*/
@Override
public boolean applyStaticNats(Network network, List<? extends StaticNat> rules) throws ResourceUnavailableException {
s_logger.debug("applyStaticNats called with network: " + network.toString());
if (!midoInNetwork(network)) {
return false;
}
if (!canHandle(network, Service.StaticNat)) {
return false;
}
boolean resources = false;
Router tenantRouter = null;
Router providerRouter = null;
RouterPort[] ports = null;
RouterPort tenantUplink = null;
RouterPort providerDownlink = null;
RuleChain preFilter = null;
RuleChain preNat = null;
RuleChain post = null;
String accountIdStr = getAccountUuid(network);
String networkUUIDStr = String.valueOf(network.getId());
for (StaticNat rule : rules) {
IpAddress sourceIp = _networkModel.getIp(rule.getSourceIpAddressId());
String sourceIpAddr = sourceIp.getAddress().addr();
if (resources == false) {
tenantRouter = getOrCreateGuestNetworkRouter(network);
providerRouter = api.getRouter(_providerRouterId);
ports = getOrCreateProviderRouterPorts(tenantRouter, providerRouter);
tenantUplink = ports[0];
providerDownlink = ports[1];
boolean isVpc = getIsVpc(network);
long id = getRouterId(network, isVpc);
String routerName = getRouterName(isVpc, id);
preFilter = getChain(accountIdStr, routerName, RuleChainCode.TR_PREFILTER);
preNat = getChain(accountIdStr, routerName, RuleChainCode.TR_PRENAT);
post = api.getChain(tenantRouter.getOutboundFilterId());
resources = true;
}
if (rule.isForRevoke()) {
removeMidonetStaticNAT(preFilter, preNat, post, sourceIpAddr, rule.getDestIpAddress(), providerRouter);
} else {
addMidonetStaticNAT(preFilter, preNat, post, sourceIpAddr, rule.getDestIpAddress(), tenantUplink, providerDownlink, providerRouter, network);
}
}
return true;
}
use of com.cloud.network.rules.StaticNat in project cloudstack by apache.
the class VirtualNetworkApplianceManagerImpl method finalizeNetworkRulesForNetwork.
protected void finalizeNetworkRulesForNetwork(final Commands cmds, final DomainRouterVO router, final Provider provider, final Long guestNetworkId) {
s_logger.debug("Resending ipAssoc, port forwarding, load balancing rules as a part of Virtual router start");
final ArrayList<? extends PublicIpAddress> publicIps = getPublicIpsToApply(router, provider, guestNetworkId);
final List<FirewallRule> firewallRulesEgress = new ArrayList<FirewallRule>();
// Fetch firewall Egress rules.
if (_networkModel.isProviderSupportServiceInNetwork(guestNetworkId, Service.Firewall, provider)) {
firewallRulesEgress.addAll(_rulesDao.listByNetworkPurposeTrafficType(guestNetworkId, Purpose.Firewall, FirewallRule.TrafficType.Egress));
// create egress default rule for VR
createDefaultEgressFirewallRule(firewallRulesEgress, guestNetworkId);
}
// Re-apply firewall Egress rules
s_logger.debug("Found " + firewallRulesEgress.size() + " firewall Egress rule(s) to apply as a part of domR " + router + " start.");
if (!firewallRulesEgress.isEmpty()) {
_commandSetupHelper.createFirewallRulesCommands(firewallRulesEgress, router, cmds, guestNetworkId);
}
if (publicIps != null && !publicIps.isEmpty()) {
final List<RemoteAccessVpn> vpns = new ArrayList<RemoteAccessVpn>();
final List<PortForwardingRule> pfRules = new ArrayList<PortForwardingRule>();
final List<FirewallRule> staticNatFirewallRules = new ArrayList<FirewallRule>();
final List<StaticNat> staticNats = new ArrayList<StaticNat>();
final List<FirewallRule> firewallRulesIngress = new ArrayList<FirewallRule>();
// StaticNatRules; PFVPN to reapply on domR start)
for (final PublicIpAddress ip : publicIps) {
if (_networkModel.isProviderSupportServiceInNetwork(guestNetworkId, Service.PortForwarding, provider)) {
pfRules.addAll(_pfRulesDao.listForApplication(ip.getId()));
}
if (_networkModel.isProviderSupportServiceInNetwork(guestNetworkId, Service.StaticNat, provider)) {
staticNatFirewallRules.addAll(_rulesDao.listByIpAndPurpose(ip.getId(), Purpose.StaticNat));
}
if (_networkModel.isProviderSupportServiceInNetwork(guestNetworkId, Service.Firewall, provider)) {
firewallRulesIngress.addAll(_rulesDao.listByIpAndPurpose(ip.getId(), Purpose.Firewall));
}
if (_networkModel.isProviderSupportServiceInNetwork(guestNetworkId, Service.Vpn, provider)) {
final RemoteAccessVpn vpn = _vpnDao.findByPublicIpAddress(ip.getId());
if (vpn != null) {
vpns.add(vpn);
}
}
if (_networkModel.isProviderSupportServiceInNetwork(guestNetworkId, Service.StaticNat, provider)) {
if (ip.isOneToOneNat()) {
boolean revoke = false;
if (ip.getState() == IpAddress.State.Releasing) {
// for ips got struck in releasing state we need to delete the rule not add.
s_logger.debug("Rule revoke set to true for the ip " + ip.getAddress() + " becasue it is in releasing state");
revoke = true;
}
final StaticNatImpl staticNat = new StaticNatImpl(ip.getAccountId(), ip.getDomainId(), guestNetworkId, ip.getId(), ip.getVmIp(), revoke);
staticNats.add(staticNat);
}
}
}
// Re-apply static nats
s_logger.debug("Found " + staticNats.size() + " static nat(s) to apply as a part of domR " + router + " start.");
if (!staticNats.isEmpty()) {
_commandSetupHelper.createApplyStaticNatCommands(staticNats, router, cmds, guestNetworkId);
}
// Re-apply firewall Ingress rules
s_logger.debug("Found " + firewallRulesIngress.size() + " firewall Ingress rule(s) to apply as a part of domR " + router + " start.");
if (!firewallRulesIngress.isEmpty()) {
_commandSetupHelper.createFirewallRulesCommands(firewallRulesIngress, router, cmds, guestNetworkId);
}
// Re-apply port forwarding rules
s_logger.debug("Found " + pfRules.size() + " port forwarding rule(s) to apply as a part of domR " + router + " start.");
if (!pfRules.isEmpty()) {
_commandSetupHelper.createApplyPortForwardingRulesCommands(pfRules, router, cmds, guestNetworkId);
}
// Re-apply static nat rules
s_logger.debug("Found " + staticNatFirewallRules.size() + " static nat rule(s) to apply as a part of domR " + router + " start.");
if (!staticNatFirewallRules.isEmpty()) {
final List<StaticNatRule> staticNatRules = new ArrayList<StaticNatRule>();
for (final FirewallRule rule : staticNatFirewallRules) {
staticNatRules.add(_rulesMgr.buildStaticNatRule(rule, false));
}
_commandSetupHelper.createApplyStaticNatRulesCommands(staticNatRules, router, cmds, guestNetworkId);
}
// Re-apply vpn rules
s_logger.debug("Found " + vpns.size() + " vpn(s) to apply as a part of domR " + router + " start.");
if (!vpns.isEmpty()) {
for (final RemoteAccessVpn vpn : vpns) {
_commandSetupHelper.createApplyVpnCommands(true, vpn, router, cmds);
}
}
final List<LoadBalancerVO> lbs = _loadBalancerDao.listByNetworkIdAndScheme(guestNetworkId, Scheme.Public);
final List<LoadBalancingRule> lbRules = new ArrayList<LoadBalancingRule>();
if (_networkModel.isProviderSupportServiceInNetwork(guestNetworkId, Service.Lb, provider)) {
// Re-apply load balancing rules
for (final LoadBalancerVO lb : lbs) {
final List<LbDestination> dstList = _lbMgr.getExistingDestinations(lb.getId());
final List<LbStickinessPolicy> policyList = _lbMgr.getStickinessPolicies(lb.getId());
final List<LbHealthCheckPolicy> hcPolicyList = _lbMgr.getHealthCheckPolicies(lb.getId());
final Ip sourceIp = _networkModel.getPublicIpAddress(lb.getSourceIpAddressId()).getAddress();
final LbSslCert sslCert = _lbMgr.getLbSslCert(lb.getId());
final LoadBalancingRule loadBalancing = new LoadBalancingRule(lb, dstList, policyList, hcPolicyList, sourceIp, sslCert, lb.getLbProtocol());
lbRules.add(loadBalancing);
}
}
s_logger.debug("Found " + lbRules.size() + " load balancing rule(s) to apply as a part of domR " + router + " start.");
if (!lbRules.isEmpty()) {
_commandSetupHelper.createApplyLoadBalancingRulesCommands(lbRules, router, cmds, guestNetworkId);
}
}
// Reapply dhcp and dns configuration.
final Network guestNetwork = _networkDao.findById(guestNetworkId);
if (guestNetwork.getGuestType() == GuestType.Shared && _networkModel.isProviderSupportServiceInNetwork(guestNetworkId, Service.Dhcp, provider)) {
final Map<Network.Capability, String> dhcpCapabilities = _networkSvc.getNetworkOfferingServiceCapabilities(_networkOfferingDao.findById(_networkDao.findById(guestNetworkId).getNetworkOfferingId()), Service.Dhcp);
final String supportsMultipleSubnets = dhcpCapabilities.get(Network.Capability.DhcpAccrossMultipleSubnets);
if (supportsMultipleSubnets != null && Boolean.valueOf(supportsMultipleSubnets)) {
final List<NicIpAliasVO> revokedIpAliasVOs = _nicIpAliasDao.listByNetworkIdAndState(guestNetworkId, NicIpAlias.State.revoked);
s_logger.debug("Found" + revokedIpAliasVOs.size() + "ip Aliases to revoke on the router as a part of dhcp configuration");
removeRevokedIpAliasFromDb(revokedIpAliasVOs);
final List<NicIpAliasVO> aliasVOs = _nicIpAliasDao.listByNetworkIdAndState(guestNetworkId, NicIpAlias.State.active);
s_logger.debug("Found" + aliasVOs.size() + "ip Aliases to apply on the router as a part of dhcp configuration");
final List<IpAliasTO> activeIpAliasTOs = new ArrayList<IpAliasTO>();
for (final NicIpAliasVO aliasVO : aliasVOs) {
activeIpAliasTOs.add(new IpAliasTO(aliasVO.getIp4Address(), aliasVO.getNetmask(), aliasVO.getAliasCount().toString()));
}
if (activeIpAliasTOs.size() != 0) {
_commandSetupHelper.createIpAlias(router, activeIpAliasTOs, guestNetworkId, cmds);
_commandSetupHelper.configDnsMasq(router, _networkDao.findById(guestNetworkId), cmds);
}
}
}
}
use of com.cloud.network.rules.StaticNat in project cloudstack by apache.
the class BigSwitchBcfElement method applyStaticNats.
@Override
public boolean applyStaticNats(Network network, List<? extends StaticNat> rules) throws ResourceUnavailableException {
bcfUtilsInit();
_bcfUtils.listACLbyNetwork(network);
Vpc vpc = null;
if (network.getVpcId() != null) {
vpc = _vpcDao.acquireInLockTable(network.getVpcId());
}
String tenantId;
if (vpc != null) {
tenantId = vpc.getUuid();
_vpcDao.releaseFromLockTable(vpc.getId());
} else {
// use account in CS as tenant in BSN
// use network uuid as tenantId for non-VPC networks
tenantId = network.getUuid();
}
for (StaticNat rule : rules) {
String srcIp = _ipAddressDao.findById(rule.getSourceIpAddressId()).getAddress().addr();
String dstIp = rule.getDestIpAddress();
String mac = rule.getSourceMacAddress();
if (!rule.isForRevoke()) {
s_logger.debug("BCF enables static NAT for public IP: " + srcIp + " private IP " + dstIp + " mac " + mac);
CreateBcfStaticNatCommand cmd = new CreateBcfStaticNatCommand(tenantId, network.getUuid(), dstIp, srcIp, mac);
_bcfUtils.sendBcfCommandWithNetworkSyncCheck(cmd, network);
} else {
s_logger.debug("BCF removes static NAT for public IP: " + srcIp + " private IP " + dstIp + " mac " + mac);
DeleteBcfStaticNatCommand cmd = new DeleteBcfStaticNatCommand(tenantId, srcIp);
_bcfUtils.sendBcfCommandWithNetworkSyncCheck(cmd, network);
}
}
return true;
}
use of com.cloud.network.rules.StaticNat in project cloudstack by apache.
the class NetscalerElement method applyStaticNats.
@Override
public boolean applyStaticNats(Network config, List<? extends StaticNat> rules) throws ResourceUnavailableException {
if (!canHandle(config, Service.StaticNat)) {
return false;
}
boolean multiNetScalerDeployment = Boolean.valueOf(_configDao.getValue(Config.EIPWithMultipleNetScalersEnabled.key()));
try {
if (!multiNetScalerDeployment) {
String errMsg;
ExternalLoadBalancerDeviceVO lbDevice = getExternalLoadBalancerForNetwork(config);
if (lbDevice == null) {
try {
lbDevice = allocateLoadBalancerForNetwork(config);
} catch (Exception e) {
errMsg = "Could not allocate a NetSclaer load balancer for configuring static NAT rules due to" + e.getMessage();
s_logger.error(errMsg);
throw new ResourceUnavailableException(errMsg, this.getClass(), 0);
}
}
if (!isNetscalerDevice(lbDevice.getDeviceName())) {
errMsg = "There are no NetScaler load balancer assigned for this network. So NetScaler element will not be handling the static nat rules.";
s_logger.error(errMsg);
throw new ResourceUnavailableException(errMsg, this.getClass(), 0);
}
SetStaticNatRulesAnswer answer = null;
List<StaticNatRuleTO> rulesTO = null;
if (rules != null) {
rulesTO = new ArrayList<StaticNatRuleTO>();
for (StaticNat rule : rules) {
IpAddress sourceIp = _networkMgr.getIp(rule.getSourceIpAddressId());
StaticNatRuleTO ruleTO = new StaticNatRuleTO(0, sourceIp.getAddress().addr(), null, null, rule.getDestIpAddress(), null, null, null, rule.isForRevoke(), false);
rulesTO.add(ruleTO);
}
}
SetStaticNatRulesCommand cmd = new SetStaticNatRulesCommand(rulesTO, null);
answer = (SetStaticNatRulesAnswer) _agentMgr.send(lbDevice.getHostId(), cmd);
if (answer == null) {
return false;
} else {
return answer.getResult();
}
} else {
if (rules != null) {
for (StaticNat rule : rules) {
// validate if EIP rule can be configured.
ExternalLoadBalancerDeviceVO lbDevice = getNetScalerForEIP(rule);
if (lbDevice == null) {
String errMsg = "There is no NetScaler device configured to perform EIP to guest IP address: " + rule.getDestIpAddress();
s_logger.error(errMsg);
throw new ResourceUnavailableException(errMsg, this.getClass(), 0);
}
List<StaticNatRuleTO> rulesTO = new ArrayList<StaticNatRuleTO>();
IpAddress sourceIp = _networkMgr.getIp(rule.getSourceIpAddressId());
StaticNatRuleTO ruleTO = new StaticNatRuleTO(0, sourceIp.getAddress().addr(), null, null, rule.getDestIpAddress(), null, null, null, rule.isForRevoke(), false);
rulesTO.add(ruleTO);
SetStaticNatRulesCommand cmd = new SetStaticNatRulesCommand(rulesTO, null);
// send commands to configure INAT rule on the NetScaler
// device
SetStaticNatRulesAnswer answer = (SetStaticNatRulesAnswer) _agentMgr.send(lbDevice.getHostId(), cmd);
if (answer == null) {
String errMsg = "Failed to configure INAT rule on NetScaler device " + lbDevice.getHostId();
s_logger.error(errMsg);
throw new ResourceUnavailableException(errMsg, this.getClass(), 0);
}
}
return true;
}
}
return true;
} catch (Exception e) {
s_logger.error("Failed to configure StaticNat rule due to " + e.getMessage());
return false;
}
}
Aggregations