Search in sources :

Example 1 with StaticNat

use of com.cloud.network.rules.StaticNat in project cloudstack by apache.

the class NuageVspElement method applyStaticNats.

@Override
public boolean applyStaticNats(Network config, List<? extends StaticNat> rules) throws ResourceUnavailableException {
    List<VspStaticNat> vspStaticNatDetails = new ArrayList<VspStaticNat>();
    for (StaticNat staticNat : rules) {
        IPAddressVO sourceNatIp = _ipAddressDao.findById(staticNat.getSourceIpAddressId());
        VlanVO sourceNatVlan = _vlanDao.findById(sourceNatIp.getVlanId());
        checkVlanUnderlayCompatibility(sourceNatVlan);
        NicVO nicVO = _nicDao.findByIp4AddressAndNetworkId(staticNat.getDestIpAddress(), staticNat.getNetworkId());
        VspStaticNat vspStaticNat = _nuageVspEntityBuilder.buildVspStaticNat(staticNat.isForRevoke(), sourceNatIp, sourceNatVlan, nicVO);
        vspStaticNatDetails.add(vspStaticNat);
    }
    VspNetwork vspNetwork = _nuageVspEntityBuilder.buildVspNetwork(config);
    HostVO nuageVspHost = _nuageVspManager.getNuageVspHost(config.getPhysicalNetworkId());
    ApplyStaticNatVspCommand cmd = new ApplyStaticNatVspCommand(vspNetwork, vspStaticNatDetails);
    Answer answer = _agentMgr.easySend(nuageVspHost.getId(), cmd);
    if (answer == null || !answer.getResult()) {
        s_logger.error("ApplyStaticNatNuageVspCommand for network " + config.getUuid() + " failed on Nuage VSD " + nuageVspHost.getDetail("hostname"));
        if ((null != answer) && (null != answer.getDetails())) {
            throw new ResourceUnavailableException(answer.getDetails(), Network.class, config.getId());
        }
    }
    return true;
}
Also used : Answer(com.cloud.agent.api.Answer) ApplyStaticNatVspCommand(com.cloud.agent.api.element.ApplyStaticNatVspCommand) ArrayList(java.util.ArrayList) VspStaticNat(net.nuage.vsp.acs.client.api.model.VspStaticNat) ResourceUnavailableException(com.cloud.exception.ResourceUnavailableException) IPAddressVO(com.cloud.network.dao.IPAddressVO) VlanVO(com.cloud.dc.VlanVO) VspNetwork(net.nuage.vsp.acs.client.api.model.VspNetwork) NicVO(com.cloud.vm.NicVO) HostVO(com.cloud.host.HostVO) VspStaticNat(net.nuage.vsp.acs.client.api.model.VspStaticNat) StaticNat(com.cloud.network.rules.StaticNat)

Example 2 with StaticNat

use of com.cloud.network.rules.StaticNat in project cloudstack by apache.

the class MidoNetElement method applyStaticNats.

/**
     * From interface StaticNatServiceProvider
     */
@Override
public boolean applyStaticNats(Network network, List<? extends StaticNat> rules) throws ResourceUnavailableException {
    s_logger.debug("applyStaticNats called with network: " + network.toString());
    if (!midoInNetwork(network)) {
        return false;
    }
    if (!canHandle(network, Service.StaticNat)) {
        return false;
    }
    boolean resources = false;
    Router tenantRouter = null;
    Router providerRouter = null;
    RouterPort[] ports = null;
    RouterPort tenantUplink = null;
    RouterPort providerDownlink = null;
    RuleChain preFilter = null;
    RuleChain preNat = null;
    RuleChain post = null;
    String accountIdStr = getAccountUuid(network);
    String networkUUIDStr = String.valueOf(network.getId());
    for (StaticNat rule : rules) {
        IpAddress sourceIp = _networkModel.getIp(rule.getSourceIpAddressId());
        String sourceIpAddr = sourceIp.getAddress().addr();
        if (resources == false) {
            tenantRouter = getOrCreateGuestNetworkRouter(network);
            providerRouter = api.getRouter(_providerRouterId);
            ports = getOrCreateProviderRouterPorts(tenantRouter, providerRouter);
            tenantUplink = ports[0];
            providerDownlink = ports[1];
            boolean isVpc = getIsVpc(network);
            long id = getRouterId(network, isVpc);
            String routerName = getRouterName(isVpc, id);
            preFilter = getChain(accountIdStr, routerName, RuleChainCode.TR_PREFILTER);
            preNat = getChain(accountIdStr, routerName, RuleChainCode.TR_PRENAT);
            post = api.getChain(tenantRouter.getOutboundFilterId());
            resources = true;
        }
        if (rule.isForRevoke()) {
            removeMidonetStaticNAT(preFilter, preNat, post, sourceIpAddr, rule.getDestIpAddress(), providerRouter);
        } else {
            addMidonetStaticNAT(preFilter, preNat, post, sourceIpAddr, rule.getDestIpAddress(), tenantUplink, providerDownlink, providerRouter, network);
        }
    }
    return true;
}
Also used : RuleChain(org.midonet.client.resource.RuleChain) Router(org.midonet.client.resource.Router) IpAddress(com.cloud.network.IpAddress) PublicIpAddress(com.cloud.network.PublicIpAddress) RouterPort(org.midonet.client.resource.RouterPort) StaticNat(com.cloud.network.rules.StaticNat)

Example 3 with StaticNat

use of com.cloud.network.rules.StaticNat in project cloudstack by apache.

the class VirtualNetworkApplianceManagerImpl method finalizeNetworkRulesForNetwork.

protected void finalizeNetworkRulesForNetwork(final Commands cmds, final DomainRouterVO router, final Provider provider, final Long guestNetworkId) {
    s_logger.debug("Resending ipAssoc, port forwarding, load balancing rules as a part of Virtual router start");
    final ArrayList<? extends PublicIpAddress> publicIps = getPublicIpsToApply(router, provider, guestNetworkId);
    final List<FirewallRule> firewallRulesEgress = new ArrayList<FirewallRule>();
    // Fetch firewall Egress rules.
    if (_networkModel.isProviderSupportServiceInNetwork(guestNetworkId, Service.Firewall, provider)) {
        firewallRulesEgress.addAll(_rulesDao.listByNetworkPurposeTrafficType(guestNetworkId, Purpose.Firewall, FirewallRule.TrafficType.Egress));
        // create egress default rule for VR
        createDefaultEgressFirewallRule(firewallRulesEgress, guestNetworkId);
    }
    // Re-apply firewall Egress rules
    s_logger.debug("Found " + firewallRulesEgress.size() + " firewall Egress rule(s) to apply as a part of domR " + router + " start.");
    if (!firewallRulesEgress.isEmpty()) {
        _commandSetupHelper.createFirewallRulesCommands(firewallRulesEgress, router, cmds, guestNetworkId);
    }
    if (publicIps != null && !publicIps.isEmpty()) {
        final List<RemoteAccessVpn> vpns = new ArrayList<RemoteAccessVpn>();
        final List<PortForwardingRule> pfRules = new ArrayList<PortForwardingRule>();
        final List<FirewallRule> staticNatFirewallRules = new ArrayList<FirewallRule>();
        final List<StaticNat> staticNats = new ArrayList<StaticNat>();
        final List<FirewallRule> firewallRulesIngress = new ArrayList<FirewallRule>();
        // StaticNatRules; PFVPN to reapply on domR start)
        for (final PublicIpAddress ip : publicIps) {
            if (_networkModel.isProviderSupportServiceInNetwork(guestNetworkId, Service.PortForwarding, provider)) {
                pfRules.addAll(_pfRulesDao.listForApplication(ip.getId()));
            }
            if (_networkModel.isProviderSupportServiceInNetwork(guestNetworkId, Service.StaticNat, provider)) {
                staticNatFirewallRules.addAll(_rulesDao.listByIpAndPurpose(ip.getId(), Purpose.StaticNat));
            }
            if (_networkModel.isProviderSupportServiceInNetwork(guestNetworkId, Service.Firewall, provider)) {
                firewallRulesIngress.addAll(_rulesDao.listByIpAndPurpose(ip.getId(), Purpose.Firewall));
            }
            if (_networkModel.isProviderSupportServiceInNetwork(guestNetworkId, Service.Vpn, provider)) {
                final RemoteAccessVpn vpn = _vpnDao.findByPublicIpAddress(ip.getId());
                if (vpn != null) {
                    vpns.add(vpn);
                }
            }
            if (_networkModel.isProviderSupportServiceInNetwork(guestNetworkId, Service.StaticNat, provider)) {
                if (ip.isOneToOneNat()) {
                    boolean revoke = false;
                    if (ip.getState() == IpAddress.State.Releasing) {
                        // for ips got struck in releasing state we need to delete the rule not add.
                        s_logger.debug("Rule revoke set to true for the ip " + ip.getAddress() + " becasue it is in releasing state");
                        revoke = true;
                    }
                    final StaticNatImpl staticNat = new StaticNatImpl(ip.getAccountId(), ip.getDomainId(), guestNetworkId, ip.getId(), ip.getVmIp(), revoke);
                    staticNats.add(staticNat);
                }
            }
        }
        // Re-apply static nats
        s_logger.debug("Found " + staticNats.size() + " static nat(s) to apply as a part of domR " + router + " start.");
        if (!staticNats.isEmpty()) {
            _commandSetupHelper.createApplyStaticNatCommands(staticNats, router, cmds, guestNetworkId);
        }
        // Re-apply firewall Ingress rules
        s_logger.debug("Found " + firewallRulesIngress.size() + " firewall Ingress rule(s) to apply as a part of domR " + router + " start.");
        if (!firewallRulesIngress.isEmpty()) {
            _commandSetupHelper.createFirewallRulesCommands(firewallRulesIngress, router, cmds, guestNetworkId);
        }
        // Re-apply port forwarding rules
        s_logger.debug("Found " + pfRules.size() + " port forwarding rule(s) to apply as a part of domR " + router + " start.");
        if (!pfRules.isEmpty()) {
            _commandSetupHelper.createApplyPortForwardingRulesCommands(pfRules, router, cmds, guestNetworkId);
        }
        // Re-apply static nat rules
        s_logger.debug("Found " + staticNatFirewallRules.size() + " static nat rule(s) to apply as a part of domR " + router + " start.");
        if (!staticNatFirewallRules.isEmpty()) {
            final List<StaticNatRule> staticNatRules = new ArrayList<StaticNatRule>();
            for (final FirewallRule rule : staticNatFirewallRules) {
                staticNatRules.add(_rulesMgr.buildStaticNatRule(rule, false));
            }
            _commandSetupHelper.createApplyStaticNatRulesCommands(staticNatRules, router, cmds, guestNetworkId);
        }
        // Re-apply vpn rules
        s_logger.debug("Found " + vpns.size() + " vpn(s) to apply as a part of domR " + router + " start.");
        if (!vpns.isEmpty()) {
            for (final RemoteAccessVpn vpn : vpns) {
                _commandSetupHelper.createApplyVpnCommands(true, vpn, router, cmds);
            }
        }
        final List<LoadBalancerVO> lbs = _loadBalancerDao.listByNetworkIdAndScheme(guestNetworkId, Scheme.Public);
        final List<LoadBalancingRule> lbRules = new ArrayList<LoadBalancingRule>();
        if (_networkModel.isProviderSupportServiceInNetwork(guestNetworkId, Service.Lb, provider)) {
            // Re-apply load balancing rules
            for (final LoadBalancerVO lb : lbs) {
                final List<LbDestination> dstList = _lbMgr.getExistingDestinations(lb.getId());
                final List<LbStickinessPolicy> policyList = _lbMgr.getStickinessPolicies(lb.getId());
                final List<LbHealthCheckPolicy> hcPolicyList = _lbMgr.getHealthCheckPolicies(lb.getId());
                final Ip sourceIp = _networkModel.getPublicIpAddress(lb.getSourceIpAddressId()).getAddress();
                final LbSslCert sslCert = _lbMgr.getLbSslCert(lb.getId());
                final LoadBalancingRule loadBalancing = new LoadBalancingRule(lb, dstList, policyList, hcPolicyList, sourceIp, sslCert, lb.getLbProtocol());
                lbRules.add(loadBalancing);
            }
        }
        s_logger.debug("Found " + lbRules.size() + " load balancing rule(s) to apply as a part of domR " + router + " start.");
        if (!lbRules.isEmpty()) {
            _commandSetupHelper.createApplyLoadBalancingRulesCommands(lbRules, router, cmds, guestNetworkId);
        }
    }
    // Reapply dhcp and dns configuration.
    final Network guestNetwork = _networkDao.findById(guestNetworkId);
    if (guestNetwork.getGuestType() == GuestType.Shared && _networkModel.isProviderSupportServiceInNetwork(guestNetworkId, Service.Dhcp, provider)) {
        final Map<Network.Capability, String> dhcpCapabilities = _networkSvc.getNetworkOfferingServiceCapabilities(_networkOfferingDao.findById(_networkDao.findById(guestNetworkId).getNetworkOfferingId()), Service.Dhcp);
        final String supportsMultipleSubnets = dhcpCapabilities.get(Network.Capability.DhcpAccrossMultipleSubnets);
        if (supportsMultipleSubnets != null && Boolean.valueOf(supportsMultipleSubnets)) {
            final List<NicIpAliasVO> revokedIpAliasVOs = _nicIpAliasDao.listByNetworkIdAndState(guestNetworkId, NicIpAlias.State.revoked);
            s_logger.debug("Found" + revokedIpAliasVOs.size() + "ip Aliases to revoke on the router as a part of dhcp configuration");
            removeRevokedIpAliasFromDb(revokedIpAliasVOs);
            final List<NicIpAliasVO> aliasVOs = _nicIpAliasDao.listByNetworkIdAndState(guestNetworkId, NicIpAlias.State.active);
            s_logger.debug("Found" + aliasVOs.size() + "ip Aliases to apply on the router as a part of dhcp configuration");
            final List<IpAliasTO> activeIpAliasTOs = new ArrayList<IpAliasTO>();
            for (final NicIpAliasVO aliasVO : aliasVOs) {
                activeIpAliasTOs.add(new IpAliasTO(aliasVO.getIp4Address(), aliasVO.getNetmask(), aliasVO.getAliasCount().toString()));
            }
            if (activeIpAliasTOs.size() != 0) {
                _commandSetupHelper.createIpAlias(router, activeIpAliasTOs, guestNetworkId, cmds);
                _commandSetupHelper.configDnsMasq(router, _networkDao.findById(guestNetworkId), cmds);
            }
        }
    }
}
Also used : LoadBalancingRule(com.cloud.network.lb.LoadBalancingRule) PublicIp(com.cloud.network.addr.PublicIp) Ip(com.cloud.utils.net.Ip) ArrayList(java.util.ArrayList) LoadBalancerVO(com.cloud.network.dao.LoadBalancerVO) LbStickinessPolicy(com.cloud.network.lb.LoadBalancingRule.LbStickinessPolicy) StaticNatRule(com.cloud.network.rules.StaticNatRule) NicIpAliasVO(com.cloud.vm.dao.NicIpAliasVO) LbDestination(com.cloud.network.lb.LoadBalancingRule.LbDestination) PublicIpAddress(com.cloud.network.PublicIpAddress) Network(com.cloud.network.Network) FirewallRule(com.cloud.network.rules.FirewallRule) LbSslCert(com.cloud.network.lb.LoadBalancingRule.LbSslCert) PortForwardingRule(com.cloud.network.rules.PortForwardingRule) StaticNat(com.cloud.network.rules.StaticNat) StaticNatImpl(com.cloud.network.rules.StaticNatImpl) LbHealthCheckPolicy(com.cloud.network.lb.LoadBalancingRule.LbHealthCheckPolicy) IpAliasTO(com.cloud.agent.api.routing.IpAliasTO) RemoteAccessVpn(com.cloud.network.RemoteAccessVpn)

Example 4 with StaticNat

use of com.cloud.network.rules.StaticNat in project cloudstack by apache.

the class BigSwitchBcfElement method applyStaticNats.

@Override
public boolean applyStaticNats(Network network, List<? extends StaticNat> rules) throws ResourceUnavailableException {
    bcfUtilsInit();
    _bcfUtils.listACLbyNetwork(network);
    Vpc vpc = null;
    if (network.getVpcId() != null) {
        vpc = _vpcDao.acquireInLockTable(network.getVpcId());
    }
    String tenantId;
    if (vpc != null) {
        tenantId = vpc.getUuid();
        _vpcDao.releaseFromLockTable(vpc.getId());
    } else {
        // use account in CS as tenant in BSN
        // use network uuid as tenantId for non-VPC networks
        tenantId = network.getUuid();
    }
    for (StaticNat rule : rules) {
        String srcIp = _ipAddressDao.findById(rule.getSourceIpAddressId()).getAddress().addr();
        String dstIp = rule.getDestIpAddress();
        String mac = rule.getSourceMacAddress();
        if (!rule.isForRevoke()) {
            s_logger.debug("BCF enables static NAT for public IP: " + srcIp + " private IP " + dstIp + " mac " + mac);
            CreateBcfStaticNatCommand cmd = new CreateBcfStaticNatCommand(tenantId, network.getUuid(), dstIp, srcIp, mac);
            _bcfUtils.sendBcfCommandWithNetworkSyncCheck(cmd, network);
        } else {
            s_logger.debug("BCF removes static NAT for public IP: " + srcIp + " private IP " + dstIp + " mac " + mac);
            DeleteBcfStaticNatCommand cmd = new DeleteBcfStaticNatCommand(tenantId, srcIp);
            _bcfUtils.sendBcfCommandWithNetworkSyncCheck(cmd, network);
        }
    }
    return true;
}
Also used : DeleteBcfStaticNatCommand(com.cloud.agent.api.DeleteBcfStaticNatCommand) CreateBcfStaticNatCommand(com.cloud.agent.api.CreateBcfStaticNatCommand) Vpc(com.cloud.network.vpc.Vpc) StaticNat(com.cloud.network.rules.StaticNat)

Example 5 with StaticNat

use of com.cloud.network.rules.StaticNat in project cloudstack by apache.

the class NetscalerElement method applyStaticNats.

@Override
public boolean applyStaticNats(Network config, List<? extends StaticNat> rules) throws ResourceUnavailableException {
    if (!canHandle(config, Service.StaticNat)) {
        return false;
    }
    boolean multiNetScalerDeployment = Boolean.valueOf(_configDao.getValue(Config.EIPWithMultipleNetScalersEnabled.key()));
    try {
        if (!multiNetScalerDeployment) {
            String errMsg;
            ExternalLoadBalancerDeviceVO lbDevice = getExternalLoadBalancerForNetwork(config);
            if (lbDevice == null) {
                try {
                    lbDevice = allocateLoadBalancerForNetwork(config);
                } catch (Exception e) {
                    errMsg = "Could not allocate a NetSclaer load balancer for configuring static NAT rules due to" + e.getMessage();
                    s_logger.error(errMsg);
                    throw new ResourceUnavailableException(errMsg, this.getClass(), 0);
                }
            }
            if (!isNetscalerDevice(lbDevice.getDeviceName())) {
                errMsg = "There are no NetScaler load balancer assigned for this network. So NetScaler element will not be handling the static nat rules.";
                s_logger.error(errMsg);
                throw new ResourceUnavailableException(errMsg, this.getClass(), 0);
            }
            SetStaticNatRulesAnswer answer = null;
            List<StaticNatRuleTO> rulesTO = null;
            if (rules != null) {
                rulesTO = new ArrayList<StaticNatRuleTO>();
                for (StaticNat rule : rules) {
                    IpAddress sourceIp = _networkMgr.getIp(rule.getSourceIpAddressId());
                    StaticNatRuleTO ruleTO = new StaticNatRuleTO(0, sourceIp.getAddress().addr(), null, null, rule.getDestIpAddress(), null, null, null, rule.isForRevoke(), false);
                    rulesTO.add(ruleTO);
                }
            }
            SetStaticNatRulesCommand cmd = new SetStaticNatRulesCommand(rulesTO, null);
            answer = (SetStaticNatRulesAnswer) _agentMgr.send(lbDevice.getHostId(), cmd);
            if (answer == null) {
                return false;
            } else {
                return answer.getResult();
            }
        } else {
            if (rules != null) {
                for (StaticNat rule : rules) {
                    // validate if EIP rule can be configured.
                    ExternalLoadBalancerDeviceVO lbDevice = getNetScalerForEIP(rule);
                    if (lbDevice == null) {
                        String errMsg = "There is no NetScaler device configured to perform EIP to guest IP address: " + rule.getDestIpAddress();
                        s_logger.error(errMsg);
                        throw new ResourceUnavailableException(errMsg, this.getClass(), 0);
                    }
                    List<StaticNatRuleTO> rulesTO = new ArrayList<StaticNatRuleTO>();
                    IpAddress sourceIp = _networkMgr.getIp(rule.getSourceIpAddressId());
                    StaticNatRuleTO ruleTO = new StaticNatRuleTO(0, sourceIp.getAddress().addr(), null, null, rule.getDestIpAddress(), null, null, null, rule.isForRevoke(), false);
                    rulesTO.add(ruleTO);
                    SetStaticNatRulesCommand cmd = new SetStaticNatRulesCommand(rulesTO, null);
                    // send commands to configure INAT rule on the NetScaler
                    // device
                    SetStaticNatRulesAnswer answer = (SetStaticNatRulesAnswer) _agentMgr.send(lbDevice.getHostId(), cmd);
                    if (answer == null) {
                        String errMsg = "Failed to configure INAT rule on NetScaler device " + lbDevice.getHostId();
                        s_logger.error(errMsg);
                        throw new ResourceUnavailableException(errMsg, this.getClass(), 0);
                    }
                }
                return true;
            }
        }
        return true;
    } catch (Exception e) {
        s_logger.error("Failed to configure StaticNat rule due to " + e.getMessage());
        return false;
    }
}
Also used : StaticNatRuleTO(com.cloud.agent.api.to.StaticNatRuleTO) SetStaticNatRulesCommand(com.cloud.agent.api.routing.SetStaticNatRulesCommand) ArrayList(java.util.ArrayList) AgentUnavailableException(com.cloud.exception.AgentUnavailableException) JSONException(org.json.JSONException) InsufficientCapacityException(com.cloud.exception.InsufficientCapacityException) ServerApiException(org.apache.cloudstack.api.ServerApiException) ResourceUnavailableException(com.cloud.exception.ResourceUnavailableException) CloudRuntimeException(com.cloud.utils.exception.CloudRuntimeException) InsufficientNetworkCapacityException(com.cloud.exception.InsufficientNetworkCapacityException) InvalidParameterValueException(com.cloud.exception.InvalidParameterValueException) ConcurrentOperationException(com.cloud.exception.ConcurrentOperationException) ConfigurationException(javax.naming.ConfigurationException) StaticNat(com.cloud.network.rules.StaticNat) ExternalLoadBalancerDeviceVO(com.cloud.network.dao.ExternalLoadBalancerDeviceVO) ResourceUnavailableException(com.cloud.exception.ResourceUnavailableException) IpAddress(com.cloud.network.IpAddress) PublicIpAddress(com.cloud.network.PublicIpAddress) SetStaticNatRulesAnswer(com.cloud.agent.api.routing.SetStaticNatRulesAnswer)

Aggregations

StaticNat (com.cloud.network.rules.StaticNat)17 ArrayList (java.util.ArrayList)14 PublicIpAddress (com.cloud.network.PublicIpAddress)9 IpAddress (com.cloud.network.IpAddress)8 StaticNatRuleTO (com.cloud.agent.api.to.StaticNatRuleTO)7 HostVO (com.cloud.host.HostVO)6 SetStaticNatRulesCommand (com.cloud.agent.api.routing.SetStaticNatRulesCommand)5 ResourceUnavailableException (com.cloud.exception.ResourceUnavailableException)5 PublicIp (com.cloud.network.addr.PublicIp)5 IPAddressVO (com.cloud.network.dao.IPAddressVO)4 StaticNatImpl (com.cloud.network.rules.StaticNatImpl)4 Ip (com.cloud.utils.net.Ip)4 Answer (com.cloud.agent.api.Answer)3 StaticNatServiceProvider (com.cloud.network.element.StaticNatServiceProvider)3 ConfigureStaticNatRulesOnLogicalRouterAnswer (com.cloud.agent.api.ConfigureStaticNatRulesOnLogicalRouterAnswer)2 ConfigureStaticNatRulesOnLogicalRouterCommand (com.cloud.agent.api.ConfigureStaticNatRulesOnLogicalRouterCommand)2 DataCenterVO (com.cloud.dc.DataCenterVO)2 VlanVO (com.cloud.dc.VlanVO)2 Network (com.cloud.network.Network)2 NiciraNvpDeviceVO (com.cloud.network.NiciraNvpDeviceVO)2