Example 1 with Route
use of org.midonet.client.resource.Route in project cloudstack by apache.
the class MidoNetElement method deleteGuestNetworkRouters.
private void deleteGuestNetworkRouters(Network network) {
String accountUuid = getAccountUuid(network);
boolean isVpc = getIsVpc(network);
long id = getRouterId(network, isVpc);
Router tenantRouter = getGuestNetworkRouter(id, accountUuid, isVpc);
// Delete any peer ports corresponding to this router
for (Port peerPort : tenantRouter.getPeerPorts((new MultivaluedMapImpl()))) {
if (peerPort != null && peerPort instanceof RouterPort) {
RouterPort checkPort = (RouterPort) peerPort;
if (checkPort.getType().equals("ExteriorRouter")) {
checkPort.vifId(null).update();
} else if (checkPort.getType().equals("InteriorRouter")) {
checkPort.unlink();
}
checkPort.delete();
} else if (peerPort != null && peerPort instanceof BridgePort) {
BridgePort checkPort = (BridgePort) peerPort;
if (checkPort.getType().equals("ExteriorBridge")) {
checkPort.vifId(null).update();
} else if (checkPort.getType().equals("InteriorBridge")) {
checkPort.unlink();
}
checkPort.delete();
}
}
if (tenantRouter != null) {
// Remove all peer ports if any exist
for (RouterPort p : tenantRouter.getPorts(new MultivaluedMapImpl())) {
if (p.getType().equals("ExteriorRouter")) {
// Set VIF ID to null
p.vifId(null).update();
// the port might have some chains associated with it
}
if (p.getType().equals("InteriorRouter")) {
p.unlink();
}
// Delete port
p.delete();
}
// Remove inbound and outbound filter chains
String accountIdStr = String.valueOf(accountUuid);
String routerName = getRouterName(isVpc, id);
RuleChain pre = api.getChain(tenantRouter.getInboundFilterId());
RuleChain preFilter = getChain(accountIdStr, routerName, RuleChainCode.TR_PREFILTER);
RuleChain preNat = getChain(accountIdStr, routerName, RuleChainCode.TR_PRENAT);
RuleChain post = api.getChain(tenantRouter.getOutboundFilterId());
pre.delete();
preFilter.delete();
preNat.delete();
post.delete();
// Remove routes
for (Route r : tenantRouter.getRoutes(new MultivaluedMapImpl())) {
r.delete();
}
tenantRouter.delete();
}
}
Also used :
BridgePort(org.midonet.client.resource.BridgePort)
RuleChain(org.midonet.client.resource.RuleChain)
RouterPort(org.midonet.client.resource.RouterPort)
BridgePort(org.midonet.client.resource.BridgePort)
Port(org.midonet.client.resource.Port)
Router(org.midonet.client.resource.Router)
MultivaluedMapImpl(com.sun.jersey.core.util.MultivaluedMapImpl)
RouterPort(org.midonet.client.resource.RouterPort)
Route(org.midonet.client.resource.Route)
Example 2 with Route
use of org.midonet.client.resource.Route in project cloudstack by apache.
the class MidoNetElement method release.
@Override
public boolean release(Network network, NicProfile nic, VirtualMachineProfile vm, ReservationContext context) throws ConcurrentOperationException, ResourceUnavailableException {
s_logger.debug("release called with network: " + network.toString() + " nic: " + nic.toString() + " vm: " + vm.toString());
if (!midoInNetwork(network)) {
return false;
}
UUID nicUUID = getNicUUID(nic);
if (nic.getTrafficType() == Networks.TrafficType.Guest || (nic.getTrafficType() == Networks.TrafficType.Public && nic.getBroadcastType() == Networks.BroadcastDomainType.Mido)) {
// Seems like a good place to remove the port in midonet
Bridge netBridge = getOrCreateNetworkBridge(network);
Router providerRouter = api.getRouter(_providerRouterId);
//remove the routes associated with this IP address
for (Route route : providerRouter.getRoutes(new MultivaluedMapImpl())) {
String routeDstAddr = route.getDstNetworkAddr();
if (routeDstAddr != null && routeDstAddr.equals(nic.getIPv4Address())) {
route.delete();
}
}
for (BridgePort p : netBridge.getPorts()) {
UUID vifID = p.getVifId();
if (vifID != null && vifID.equals(nicUUID)) {
// This is the MidoNet port which corresponds to the NIC we are releasing
// Set VIF ID to null
p.vifId(null).update();
// Delete port
p.delete();
}
}
}
return true;
}
Also used :
BridgePort(org.midonet.client.resource.BridgePort)
Router(org.midonet.client.resource.Router)
MultivaluedMapImpl(com.sun.jersey.core.util.MultivaluedMapImpl)
UUID(java.util.UUID)
Bridge(org.midonet.client.resource.Bridge)
Route(org.midonet.client.resource.Route)
Example 3 with Route
use of org.midonet.client.resource.Route in project cloudstack by apache.
the class MidoNetElement method prepare.
@Override
public boolean prepare(Network network, NicProfile nic, VirtualMachineProfile vm, DeployDestination dest, ReservationContext context) throws ConcurrentOperationException, ResourceUnavailableException, InsufficientCapacityException {
s_logger.debug("prepare called with network: " + network.toString() + " nic: " + nic.toString() + " vm: " + vm.toString());
if (!midoInNetwork(network)) {
return false;
}
if (nic.getTrafficType() == Networks.TrafficType.Guest && !canHandle(network, Service.StaticNat)) {
return false;
}
if (nic.getTrafficType() == Networks.TrafficType.Guest || nic.getTrafficType() == Networks.TrafficType.Public && nic.getBroadcastType() == Networks.BroadcastDomainType.Mido) {
Bridge netBridge = getOrCreateNetworkBridge(network);
if (nic.getTrafficType() == Networks.TrafficType.Public && vm.getVirtualMachine().getType() != VirtualMachine.Type.DomainRouter) {
// Get provider router
Router providerRouter = api.getRouter(_providerRouterId);
Port[] ports = getOrCreatePublicBridgePorts(nic, netBridge, providerRouter);
RouterPort providerDownlink = (RouterPort) ports[1];
// Set route from router to bridge for this particular IP. Prepare
// is called in both starting a new VM and restarting a VM, so the
// NIC may
boolean routeExists = false;
for (Route route : providerRouter.getRoutes(new MultivaluedMapImpl())) {
String ip4 = route.getDstNetworkAddr();
if (ip4 != null && ip4.equals(nic.getIPv4Address())) {
routeExists = true;
break;
}
}
if (!routeExists) {
providerRouter.addRoute().type("Normal").weight(100).srcNetworkAddr("0.0.0.0").srcNetworkLength(0).dstNetworkAddr(nic.getIPv4Address()).dstNetworkLength(32).nextHopPort(providerDownlink.getId()).nextHopGateway(null).create();
}
}
// Add port on bridge
// returns wrapper resource of port
BridgePort newPort = netBridge.addExteriorPort().create();
// Set MidoNet port VIF ID to UUID of nic
UUID nicUUID = getNicUUID(nic);
newPort.vifId(nicUUID).update();
}
return true;
}
Also used :
BridgePort(org.midonet.client.resource.BridgePort)
RouterPort(org.midonet.client.resource.RouterPort)
BridgePort(org.midonet.client.resource.BridgePort)
Port(org.midonet.client.resource.Port)
Router(org.midonet.client.resource.Router)
MultivaluedMapImpl(com.sun.jersey.core.util.MultivaluedMapImpl)
UUID(java.util.UUID)
Bridge(org.midonet.client.resource.Bridge)
RouterPort(org.midonet.client.resource.RouterPort)
Route(org.midonet.client.resource.Route)
Example 4 with Route
use of org.midonet.client.resource.Route in project cloudstack by apache.
the class MidoNetElement method applyPFRules.
@Override
public boolean applyPFRules(Network network, List<PortForwardingRule> rules) throws ResourceUnavailableException {
s_logger.debug("applyPFRules called with network " + network.toString());
if (!midoInNetwork(network)) {
return false;
}
if (!canHandle(network, Service.PortForwarding)) {
return false;
}
String accountIdStr = getAccountUuid(network);
String networkUUIDStr = String.valueOf(network.getId());
RuleChain preNat = getChain(accountIdStr, networkUUIDStr, RuleChainCode.TR_PRENAT);
RuleChain postNat = getChain(accountIdStr, networkUUIDStr, RuleChainCode.TR_POST);
RuleChain preFilter = getChain(accountIdStr, networkUUIDStr, RuleChainCode.TR_PREFILTER);
Router providerRouter = api.getRouter(_providerRouterId);
Router tenantRouter = getOrCreateGuestNetworkRouter(network);
RouterPort[] ports = getOrCreateProviderRouterPorts(tenantRouter, providerRouter);
RouterPort providerDownlink = ports[1];
// Rules in the preNat table
Map<String, Rule> existingPreNatRules = new HashMap<String, Rule>();
for (Rule existingRule : preNat.getRules()) {
// The "port forwarding" rules we're interested in are dnat rules where src / dst ports are specified
if (existingRule.getType().equals(DtoRule.DNAT) && existingRule.getTpDst() != null) {
String ruleString = new SimpleFirewallRule(existingRule).toStringArray()[0];
existingPreNatRules.put(ruleString, existingRule);
}
}
/*
* Counts of rules associated with an IP address. Use this to check
* how many rules we have of a given IP address. When it reaches 0,
* we can delete the route associated with it.
*/
Map<String, Integer> ipRuleCounts = new HashMap<String, Integer>();
for (Rule rule : preNat.getRules()) {
String ip = rule.getNwDstAddress();
if (ip != null && rule.getNwDstLength() == 32) {
if (ipRuleCounts.containsKey(ip)) {
ipRuleCounts.put(ip, new Integer(ipRuleCounts.get(ip).intValue() + 1));
} else {
ipRuleCounts.put(ip, new Integer(1));
}
}
}
/*
* Routes associated with IP. When we delete all the rules associated
* with a given IP, we can delete the route associated with it.
*/
Map<String, Route> routes = new HashMap<String, Route>();
for (Route route : providerRouter.getRoutes(new MultivaluedMapImpl())) {
String ip = route.getDstNetworkAddr();
if (ip != null && route.getDstNetworkLength() == 32) {
routes.put(ip, route);
}
}
for (PortForwardingRule rule : rules) {
IpAddress dstIp = _networkModel.getIp(rule.getSourceIpAddressId());
PortForwardingRuleTO ruleTO = new PortForwardingRuleTO(rule, null, dstIp.getAddress().addr());
SimpleFirewallRule fwRule = new SimpleFirewallRule(ruleTO);
String[] ruleStrings = fwRule.toStringArray();
if (rule.getState() == FirewallRule.State.Revoke) {
/*
* Lookup in existingRules, delete if present
* We need to delete from both the preNat table and the
* postNat table.
*/
for (String revokeRuleString : ruleStrings) {
Rule foundPreNatRule = existingPreNatRules.get(revokeRuleString);
if (foundPreNatRule != null) {
String ip = foundPreNatRule.getNwDstAddress();
// is this the last rule associated with this IP?
Integer cnt = ipRuleCounts.get(ip);
if (cnt != null) {
if (cnt == 1) {
ipRuleCounts.remove(ip);
// no more rules for this IP. delete the route.
Route route = routes.remove(ip);
route.delete();
} else {
ipRuleCounts.put(ip, new Integer(ipRuleCounts.get(ip).intValue() - 1));
}
}
foundPreNatRule.delete();
}
}
} else if (rule.getState() == FirewallRule.State.Add) {
for (int i = 0; i < ruleStrings.length; i++) {
String ruleString = ruleStrings[i];
Rule foundRule = existingPreNatRules.get(ruleString);
if (foundRule == null) {
String vmIp = ruleTO.getDstIp();
String publicIp = dstIp.getAddress().addr();
int privPortStart = ruleTO.getDstPortRange()[0];
int privPortEnd = ruleTO.getDstPortRange()[1];
int pubPortStart = ruleTO.getSrcPortRange()[0];
int pubPortEnd = ruleTO.getSrcPortRange()[1];
DtoRule.DtoNatTarget[] preTargets = new DtoRule.DtoNatTarget[] { new DtoRule.DtoNatTarget(vmIp, vmIp, privPortStart, privPortEnd) };
Rule preNatRule = preNat.addRule().type(DtoRule.DNAT).flowAction(DtoRule.Accept).nwDstAddress(publicIp).nwDstLength(32).tpDst(new DtoRange(pubPortStart, pubPortEnd)).natTargets(preTargets).nwProto(SimpleFirewallRule.stringToProtocolNumber(rule.getProtocol())).position(1);
Integer cnt = ipRuleCounts.get(publicIp);
if (cnt != null) {
ipRuleCounts.put(publicIp, new Integer(cnt.intValue() + 1));
} else {
ipRuleCounts.put(publicIp, new Integer(1));
}
String preNatRuleStr = new SimpleFirewallRule(preNatRule).toStringArray()[0];
existingPreNatRules.put(preNatRuleStr, preNatRule);
preNatRule.create();
if (routes.get(publicIp) == null) {
Route route = providerRouter.addRoute().type("Normal").weight(100).srcNetworkAddr("0.0.0.0").srcNetworkLength(0).dstNetworkAddr(publicIp).dstNetworkLength(32).nextHopPort(providerDownlink.getId());
route.create();
routes.put(publicIp, route);
}
// default firewall rule
if (canHandle(network, Service.Firewall)) {
boolean defaultBlock = false;
for (Rule filterRule : preFilter.getRules()) {
String pfDstIp = filterRule.getNwDstAddress();
if (pfDstIp != null && filterRule.getNwDstAddress().equals(publicIp)) {
defaultBlock = true;
break;
}
}
if (!defaultBlock) {
preFilter.addRule().type(DtoRule.Drop).nwDstAddress(publicIp).nwDstLength(32).create();
}
}
}
}
}
}
return true;
}
Also used :
DtoRange(org.midonet.client.dto.DtoRule.DtoRange)
PortForwardingRuleTO(com.cloud.agent.api.to.PortForwardingRuleTO)
HashMap(java.util.HashMap)
DtoRule(org.midonet.client.dto.DtoRule)
Router(org.midonet.client.resource.Router)
MultivaluedMapImpl(com.sun.jersey.core.util.MultivaluedMapImpl)
PortForwardingRule(com.cloud.network.rules.PortForwardingRule)
RuleChain(org.midonet.client.resource.RuleChain)
IpAddress(com.cloud.network.IpAddress)
PublicIpAddress(com.cloud.network.PublicIpAddress)
Rule(org.midonet.client.resource.Rule)
PortForwardingRule(com.cloud.network.rules.PortForwardingRule)
FirewallRule(com.cloud.network.rules.FirewallRule)
DtoRule(org.midonet.client.dto.DtoRule)
RouterPort(org.midonet.client.resource.RouterPort)
Route(org.midonet.client.resource.Route)
Aggregations
MultivaluedMapImpl (com.sun.jersey.core.util.MultivaluedMapImpl)4
Route (org.midonet.client.resource.Route)4
Router (org.midonet.client.resource.Router)4
BridgePort (org.midonet.client.resource.BridgePort)3
RouterPort (org.midonet.client.resource.RouterPort)3
UUID (java.util.UUID)2
Bridge (org.midonet.client.resource.Bridge)2
Port (org.midonet.client.resource.Port)2
RuleChain (org.midonet.client.resource.RuleChain)2
PortForwardingRuleTO (com.cloud.agent.api.to.PortForwardingRuleTO)1
IpAddress (com.cloud.network.IpAddress)1
PublicIpAddress (com.cloud.network.PublicIpAddress)1
FirewallRule (com.cloud.network.rules.FirewallRule)1
PortForwardingRule (com.cloud.network.rules.PortForwardingRule)1
HashMap (java.util.HashMap)1
DtoRule (org.midonet.client.dto.DtoRule)1
DtoRange (org.midonet.client.dto.DtoRule.DtoRange)1
Rule (org.midonet.client.resource.Rule)1
