cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mlsoren...@apache.org
Subject [20/32] git commit: updated refs/heads/resize-root to c02c634
Date Sat, 15 Mar 2014 05:38:51 GMT
findbug fixes, added some comments, bug fixes


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/9a97ba76
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/9a97ba76
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/9a97ba76

Branch: refs/heads/resize-root
Commit: 9a97ba76d382d9f13d2bde73aed6dfdeb4047118
Parents: e487b24
Author: Murali Reddy <muralimmreddy@gmail.com>
Authored: Fri Mar 14 15:51:49 2014 +0530
Committer: Murali Reddy <muralimmreddy@gmail.com>
Committed: Fri Mar 14 16:56:39 2014 +0530

----------------------------------------------------------------------
 .../xen/resource/CitrixResourceBase.java        |  11 +-
 .../cloud/network/guru/OvsGuestNetworkGuru.java |   1 +
 .../network/ovs/OvsNetworkTopologyGuruImpl.java |  21 +-
 .../cloud/network/ovs/OvsTunnelManagerImpl.java |  56 +++--
 .../xenserver/cloudstack_pluginlib.py           | 236 +++++++++++--------
 5 files changed, 193 insertions(+), 132 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/9a97ba76/plugins/hypervisors/xen/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java
----------------------------------------------------------------------
diff --git a/plugins/hypervisors/xen/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java
b/plugins/hypervisors/xen/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java
index 57debc6..d1e1716 100644
--- a/plugins/hypervisors/xen/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java
+++ b/plugins/hypervisors/xen/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java
@@ -1147,7 +1147,11 @@ public abstract class CitrixResourceBase implements ServerResource,
HypervisorRe
         if (vmSpec != null) {
             vifr.otherConfig.put("cloudstack-vm-id", vmSpec.getUuid());
         }
+
+        // OVS plugin looks at network UUID in the vif 'otherconfig' details to group VIF's
& tunnel ports as part of tier
+        // when bridge is setup for distributed routing
         vifr.otherConfig.put("cloudstack-network-id", nic.getNetworkUuid());
+
         vifr.network = getNetwork(conn, nic);
 
         if (nic.getNetworkRateMbps() != null && nic.getNetworkRateMbps().intValue()
!= -1) {
@@ -5285,7 +5289,7 @@ public abstract class CitrixResourceBase implements ServerResource,
HypervisorRe
         Connection conn = getConnection();
         try {
             Network nw = findOrCreateTunnelNetwork(conn, cmd.getBridgeName());
-            String bridgeName = nw.getBridge(conn);;
+            String bridgeName = nw.getBridge(conn);
             String result = callHostPlugin(conn, "ovstunnel", "configure_ovs_bridge_for_network_topology",
"bridge",
                     bridgeName, "config", cmd.getVpcConfigInJson(), "host-id", ((Long)cmd.getHostId()).toString());
                 if (result.startsWith("SUCCESS")) {
@@ -5302,8 +5306,11 @@ public abstract class CitrixResourceBase implements ServerResource,
HypervisorRe
     public Answer execute(OvsVpcRoutingPolicyConfigCommand cmd) {
         Connection conn = getConnection();
         try {
+            Network nw = findOrCreateTunnelNetwork(conn, cmd.getBridgeName());
+            String bridgeName = nw.getBridge(conn);
+
             String result = callHostPlugin(conn, "ovstunnel", "configure_ovs_bridge_for_routing_policies",
"bridge",
-                    cmd.getBridgeName(), "host-id", ((Long)cmd.getHostId()).toString(), "config",
+                    bridgeName, "host-id", ((Long)cmd.getHostId()).toString(), "config",
                     cmd.getVpcConfigInJson());
             if (result.startsWith("SUCCESS")) {
                 return new Answer(cmd, true, result);

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/9a97ba76/plugins/network-elements/ovs/src/com/cloud/network/guru/OvsGuestNetworkGuru.java
----------------------------------------------------------------------
diff --git a/plugins/network-elements/ovs/src/com/cloud/network/guru/OvsGuestNetworkGuru.java
b/plugins/network-elements/ovs/src/com/cloud/network/guru/OvsGuestNetworkGuru.java
index 9d2efe6..de74108 100644
--- a/plugins/network-elements/ovs/src/com/cloud/network/guru/OvsGuestNetworkGuru.java
+++ b/plugins/network-elements/ovs/src/com/cloud/network/guru/OvsGuestNetworkGuru.java
@@ -151,6 +151,7 @@ public class OvsGuestNetworkGuru extends GuestNetworkGuru {
 
         implemented.setBroadcastDomainType(BroadcastDomainType.Vswitch);
 
+        // for the networks that are part of VPC enabled for distributed routing use scheme
vs://vpcid.GRE key for network
         if (network.getVpcId() != null && isVpcEnabledForDistributedRouter(network.getVpcId()))
{
             String keyStr = BroadcastDomainType.getValue(implemented.getBroadcastUri());
             Long vpcid= network.getVpcId();

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/9a97ba76/plugins/network-elements/ovs/src/com/cloud/network/ovs/OvsNetworkTopologyGuruImpl.java
----------------------------------------------------------------------
diff --git a/plugins/network-elements/ovs/src/com/cloud/network/ovs/OvsNetworkTopologyGuruImpl.java
b/plugins/network-elements/ovs/src/com/cloud/network/ovs/OvsNetworkTopologyGuruImpl.java
index 740df80..ab08d26 100644
--- a/plugins/network-elements/ovs/src/com/cloud/network/ovs/OvsNetworkTopologyGuruImpl.java
+++ b/plugins/network-elements/ovs/src/com/cloud/network/ovs/OvsNetworkTopologyGuruImpl.java
@@ -91,6 +91,9 @@ public class OvsNetworkTopologyGuruImpl extends ManagerBase implements OvsNetwor
         return vpcHostIds;
     }
 
+    /**
+     * get the list of VPC id's of the vpc's for which one or more VM's from the VPC are
running on the host
+     */
     @Override
     public List<Long> getVpcOnHost(long hostId) {
         List<Long> vpcIds = new ArrayList<>();
@@ -109,6 +112,9 @@ public class OvsNetworkTopologyGuruImpl extends ManagerBase implements
OvsNetwor
         return vpcIds;
     }
 
+    /**
+     * get the list of all active Vm id's in a network
+     */
     @Override
     public List<Long> getAllActiveVmsInNetwork(long networkId) {
         List <Long> vmIds = new ArrayList<>();
@@ -117,7 +123,6 @@ public class OvsNetworkTopologyGuruImpl extends ManagerBase implements
OvsNetwor
                 VirtualMachine.State.Migrating);
         // Find routers for the network
         List<DomainRouterVO> routers = _routerDao.findByNetwork(networkId);
-        List<VMInstanceVO> ins = new ArrayList<VMInstanceVO>();
 
         if (vms != null) {
             for (UserVmVO vm : vms) {
@@ -132,6 +137,9 @@ public class OvsNetworkTopologyGuruImpl extends ManagerBase implements
OvsNetwor
         return  vmIds;
     }
 
+    /**
+     * get the list of all active Vm id's in the VPC for all ther tiers
+     */
     @Override
     public List<Long> getAllActiveVmsInVpc(long vpcId) {
 
@@ -148,6 +156,9 @@ public class OvsNetworkTopologyGuruImpl extends ManagerBase implements
OvsNetwor
         return vmIds;
     }
 
+    /**
+     * get the list of all Vm id's in the VPC for all the tiers that are running on the host
+     */
     @Override
     public List<Long> getActiveVmsInVpcOnHost(long vpcId, long hostId) {
         Set<Long> vmIdsSet = new HashSet<>();
@@ -163,6 +174,9 @@ public class OvsNetworkTopologyGuruImpl extends ManagerBase implements
OvsNetwor
         return vmIds;
     }
 
+    /**
+     * get the list of all Vm id's in the network that are running on the host
+     */
     @Override
     public List<Long> getActiveVmsInNetworkOnHost(long networkId, long hostId) {
         List <Long> vmIds = new ArrayList<>();
@@ -171,7 +185,6 @@ public class OvsNetworkTopologyGuruImpl extends ManagerBase implements
OvsNetwor
                 VirtualMachine.State.Migrating);
         // Find routers for the network
         List<DomainRouterVO> routers = _routerDao.findByNetwork(networkId);
-        List<VMInstanceVO> ins = new ArrayList<VMInstanceVO>();
 
         if (vms != null) {
             for (UserVmVO vm : vms) {
@@ -188,13 +201,15 @@ public class OvsNetworkTopologyGuruImpl extends ManagerBase implements
OvsNetwor
         return  vmIds;
     }
 
+    /**
+     * get the list of all Vpc id's in which, a VM has a nic in the network that is part
of VPC
+     */
     @Override
     public List<Long> getVpcIdsVmIsPartOf(long vmId) {
         List<Long> vpcIds = new ArrayList<>();
         List<NicVO> nics = _nicDao.listByVmId(vmId);
         if (nics == null)
             return null;
-
         for (Nic nic: nics) {
             Network network = _networkDao.findById(nic.getNetworkId());
             if (network != null && network.getTrafficType() == Networks.TrafficType.Guest
&& network.getVpcId() != null) {

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/9a97ba76/plugins/network-elements/ovs/src/com/cloud/network/ovs/OvsTunnelManagerImpl.java
----------------------------------------------------------------------
diff --git a/plugins/network-elements/ovs/src/com/cloud/network/ovs/OvsTunnelManagerImpl.java
b/plugins/network-elements/ovs/src/com/cloud/network/ovs/OvsTunnelManagerImpl.java
index 30088aa..21e9058 100644
--- a/plugins/network-elements/ovs/src/com/cloud/network/ovs/OvsTunnelManagerImpl.java
+++ b/plugins/network-elements/ovs/src/com/cloud/network/ovs/OvsTunnelManagerImpl.java
@@ -665,7 +665,6 @@ public class OvsTunnelManagerImpl extends ManagerBase implements OvsTunnelManage
     public boolean postStateTransitionEvent(VirtualMachine.State oldState, VirtualMachine.Event
event,
                                             VirtualMachine.State newState, VirtualMachine
vm,
                                             boolean status, Object opaque) {
-
         if (!status) {
             return false;
         }
@@ -720,7 +719,7 @@ public class OvsTunnelManagerImpl extends ManagerBase implements OvsTunnelManage
 
     public boolean sendVpcTopologyChangeUpdate(OvsVpcPhysicalTopologyConfigCommand updateCmd,
long hostId, String bridgeName) {
         try {
-            s_logger.debug("Sending VPC topology update to the host " + hostId);
+            s_logger.debug("Sending VPC topology change update to the host " + hostId);
             updateCmd.setHostId(hostId);
             updateCmd.setBridgeName(bridgeName);
             Answer ans = _agentMgr.send(hostId, updateCmd);
@@ -732,7 +731,7 @@ public class OvsTunnelManagerImpl extends ManagerBase implements OvsTunnelManage
                 return false;
             }
         } catch (Exception e) {
-            s_logger.debug("Failed to updated the host " + hostId + " with latest VPC topology."
);
+            s_logger.debug("Failed to updated the host " + hostId + " with latest VPC topology.",
e );
             return false;
         }
     }
@@ -797,6 +796,7 @@ public class OvsTunnelManagerImpl extends ManagerBase implements OvsTunnelManage
                     vmInstance.getHostId(), vmNics.toArray(new OvsVpcPhysicalTopologyConfigCommand.Nic[vmNics.size()]));
             vms.add(vm);
         }
+
         return new OvsVpcPhysicalTopologyConfigCommand(
                 hosts.toArray(new OvsVpcPhysicalTopologyConfigCommand.Host[hosts.size()]),
                 tiers.toArray(new OvsVpcPhysicalTopologyConfigCommand.Tier[tiers.size()]),
@@ -804,47 +804,58 @@ public class OvsTunnelManagerImpl extends ManagerBase implements OvsTunnelManage
                 vpc.getCidr());
     }
 
-    // Subscriber to ACL replace events. On acl replace event, if the vpc is enabled for
distributed routing
-    // send the ACL update to all the hosts on which VPC spans
+    // Subscriber to ACL replace events. On acl replace event, if the vpc for the tier is
enabled for
+    // distributed routing send the ACL update to all the hosts on which VPC spans
     public class NetworkAclEventsSubscriber implements MessageSubscriber {
         @Override
         public void onPublishMessage(String senderAddress, String subject, Object args) {
-            NetworkVO network = (NetworkVO) args;
-            String bridgeName=generateBridgeNameForVpc(network.getVpcId());
-            if (network.getVpcId() != null & isVpcEnabledForDistributedRouter(network.getVpcId()))
{
-                long vpcId = network.getVpcId();
-                OvsVpcRoutingPolicyConfigCommand cmd = prepareVpcRoutingPolicyUpdate(vpcId);
-                List<Long> vpcSpannedHostIds = _ovsNetworkToplogyGuru.getVpcSpannedHosts(vpcId);
-                for (Long id: vpcSpannedHostIds) {
-                    if (!sendVpcRoutingPolicyChangeUpdate(cmd, id, bridgeName)) {
-                        s_logger.debug("Failed to send VPC routing policy change update to
host : " + id +
-                                ". But moving on with sending the host updates to the rest
of the hosts.");
+            try {
+                NetworkVO network = (NetworkVO) args;
+                String bridgeName=generateBridgeNameForVpc(network.getVpcId());
+                if (network.getVpcId() != null & isVpcEnabledForDistributedRouter(network.getVpcId()))
{
+                    long vpcId = network.getVpcId();
+                    OvsVpcRoutingPolicyConfigCommand cmd = prepareVpcRoutingPolicyUpdate(vpcId);
+                    List<Long> vpcSpannedHostIds = _ovsNetworkToplogyGuru.getVpcSpannedHosts(vpcId);
+                    for (Long id: vpcSpannedHostIds) {
+                        if (!sendVpcRoutingPolicyChangeUpdate(cmd, id, bridgeName)) {
+                            s_logger.debug("Failed to send VPC routing policy change update
to host : " + id +
+                                    ". But moving on with sending the updates to the rest
of the hosts.");
+                        }
                     }
                 }
+            } catch (Exception e) {
+                s_logger.debug("Failed to send VPC routing policy change updates all hosts
in vpc", e);
             }
         }
     }
 
     private OvsVpcRoutingPolicyConfigCommand prepareVpcRoutingPolicyUpdate(long vpcId) {
-        VpcVO vpc = _vpcDao.findById(vpcId);
-        assert (vpc != null): "invalid vpc id";
+
         List<OvsVpcRoutingPolicyConfigCommand.Acl> acls = new ArrayList<>();
         List<OvsVpcRoutingPolicyConfigCommand.Tier> tiers = new ArrayList<>();
 
+        VpcVO vpc = _vpcDao.findById(vpcId);
         List<? extends Network> vpcNetworks =  _vpcMgr.getVpcNetworks(vpcId);
+        assert (vpc != null && (vpcNetworks != null && !vpcNetworks.isEmpty())):
"invalid vpc id";
+
         for (Network network : vpcNetworks) {
             Long networkAclId = network.getNetworkACLId();
+            if (networkAclId == null)
+                continue;
             NetworkACLVO networkAcl = _networkACLDao.findById(networkAclId);
 
             List<OvsVpcRoutingPolicyConfigCommand.AclItem> aclItems = new ArrayList<>();
             List<NetworkACLItemVO> aclItemVos = _networkACLItemDao.listByACL(networkAclId);
             for (NetworkACLItemVO aclItem : aclItemVos) {
                 String[] sourceCidrs = aclItem.getSourceCidrList().toArray(new String[aclItem.getSourceCidrList().size()]);
+
                 aclItems.add(new OvsVpcRoutingPolicyConfigCommand.AclItem(
                         aclItem.getNumber(), aclItem.getUuid(), aclItem.getAction().name(),
                         aclItem.getTrafficType().name(),
-                        aclItem.getSourcePortStart().toString(), aclItem.getSourcePortEnd().toString(),
-                        aclItem.getProtocol(), sourceCidrs));
+                        ((aclItem.getSourcePortStart() != null) ?aclItem.getSourcePortStart().toString()
:null),
+                        ((aclItem.getSourcePortEnd() != null) ?aclItem.getSourcePortEnd().toString()
:null),
+                        aclItem.getProtocol(),
+                        sourceCidrs));
             }
 
             OvsVpcRoutingPolicyConfigCommand.Acl acl = new OvsVpcRoutingPolicyConfigCommand.Acl(networkAcl.getUuid(),
@@ -862,10 +873,9 @@ public class OvsTunnelManagerImpl extends ManagerBase implements OvsTunnelManage
         return cmd;
     }
 
-
     public boolean sendVpcRoutingPolicyChangeUpdate(OvsVpcRoutingPolicyConfigCommand updateCmd,
long hostId, String bridgeName) {
         try {
-            s_logger.debug("Sending VPC routing policy change update to the host " + hostId);
+            s_logger.debug("Sending VPC routing policies change update to the host " + hostId);
             updateCmd.setHostId(hostId);
             updateCmd.setBridgeName(bridgeName);
             Answer ans = _agentMgr.send(hostId, updateCmd);
@@ -873,11 +883,11 @@ public class OvsTunnelManagerImpl extends ManagerBase implements OvsTunnelManage
                 s_logger.debug("Successfully updated the host " + hostId + " with latest
VPC routing policies." );
                 return true;
             }  else {
-                s_logger.debug("Failed to update the host " + hostId + " with latest routing
policy." );
+                s_logger.debug("Failed to update the host " + hostId + " with latest routing
policies." );
                 return false;
             }
         } catch (Exception e) {
-            s_logger.debug("Failed to updated the host " + hostId + " with latest routing
policy." );
+            s_logger.debug("Failed to updated the host " + hostId + " with latest routing
policies due to" , e );
             return false;
         }
     }

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/9a97ba76/scripts/vm/hypervisor/xenserver/cloudstack_pluginlib.py
----------------------------------------------------------------------
diff --git a/scripts/vm/hypervisor/xenserver/cloudstack_pluginlib.py b/scripts/vm/hypervisor/xenserver/cloudstack_pluginlib.py
index 1c9d513..4ebb435 100644
--- a/scripts/vm/hypervisor/xenserver/cloudstack_pluginlib.py
+++ b/scripts/vm/hypervisor/xenserver/cloudstack_pluginlib.py
@@ -321,62 +321,66 @@ def configure_bridge_for_network_topology(bridge, this_host_id, json_config):
         logging.debug("WARNING:Can't find VPC info in json config file")
         return "FAILURE:IMPROPER_JSON_CONFG_FILE"
 
-    # get the list of Vm's in the VPC from the JSON config
-    this_host_vms = get_vms_on_host(vpconfig, this_host_id)
-
-    for vm in this_host_vms:
-        for nic in vm.nics:
-            mac_addr = nic.macaddress
-            ip = nic.ipaddress
-            vif_name = get_vif_name_from_macaddress(mac_addr)
-            of_port = get_ofport_for_vif(vif_name)
-            network = get_network_details(vpconfig, nic.networkuuid)
-
-            # Add flow rule in L2 look up table, if the destination mac = MAC of the nic
send packet on the found OFPORT
-            add_mac_lookup_table_entry(bridge, mac_addr, of_port)
-
-            # Add flow rule in L3 look up table: if the destination IP = VM's IP then modify
the packet
-            # to set DST MAC = VM's MAC, SRC MAC=tier gateway MAC and send to egress table
-            add_ip_lookup_table_entry(bridge, ip, network.gatewaymac, mac_addr)
-
-            # Add flow entry to send with intra tier traffic from the NIC to L2 lookup path)
-            action_str = "table=0, in_port=%s," %of_port + " ip, nw_dst=%s," %network.cidr
+ " actions=resubmit(,1)"
-            addflow = [OFCTL_PATH, "add-flow", bridge, action_str]
-            do_cmd(addflow)
-
-            #add flow entry to send inter-tier traffic from the NIC to egress ACL table(to
L3 lookup path)
-            action_str = "table=0, in_port=%s," % of_port + " ip, dl_dst=%s," %network.gatewaymac
+\
-                         "nw_dst=%s," %vpconfig.cidr + "actions=resubmit(,3)"
-            addflow = [OFCTL_PATH, "add-flow", bridge, action_str]
-
-            do_cmd(addflow)
-
-    # get the list of hosts on which VPC spans from the JSON config
-    vpc_spanning_hosts = vpconfig.hosts
-
-    for host in vpc_spanning_hosts:
-        if str(this_host_id) == str(host.hostid):
-            continue
-        other_host_vms = get_vms_on_host(vpconfig, host.hostid)
-        for vm in other_host_vms:
+    try:
+        # get the list of Vm's in the VPC from the JSON config
+        this_host_vms = get_vms_on_host(vpconfig, this_host_id)
+
+        for vm in this_host_vms:
             for nic in vm.nics:
                 mac_addr = nic.macaddress
                 ip = nic.ipaddress
+                vif_name = get_vif_name_from_macaddress(mac_addr)
+                of_port = get_ofport_for_vif(vif_name)
                 network = get_network_details(vpconfig, nic.networkuuid)
-                gre_key = network.grekey
 
-                # generate tunnel name from tunnel naming convention
-                tunnel_name = "t%s-%s-%s" % (gre_key, this_host_id, host.hostid)
-                of_port = get_ofport_for_vif(tunnel_name)
-
-                # Add flow rule in L2 look up table, if the destination mac = MAC of the
nic send packet tunnel port
+                # Add flow rule in L2 look up table, if the destination mac = MAC of the
nic send packet on the found OFPORT
                 add_mac_lookup_table_entry(bridge, mac_addr, of_port)
 
-                # Add flow tule in L3 look up table: if the destination IP = VM's IP then
modify the packet
-                # set DST MAC = VM's MAC, SRC MAC=tier gateway MAC and send to egress table
+                # Add flow rule in L3 look up table: if the destination IP = VM's IP then
modify the packet
+                # to set DST MAC = VM's MAC, SRC MAC=tier gateway MAC and send to egress
table
                 add_ip_lookup_table_entry(bridge, ip, network.gatewaymac, mac_addr)
 
-    return "SUCCESS: successfully configured bridge as per the VPC topology"
+                # Add flow entry to send with intra tier traffic from the NIC to L2 lookup
path)
+                action_str = "table=0, in_port=%s," %of_port + " ip, nw_dst=%s," %network.cidr
+ " actions=resubmit(,1)"
+                addflow = [OFCTL_PATH, "add-flow", bridge, action_str]
+                do_cmd(addflow)
+
+                #add flow entry to send inter-tier traffic from the NIC to egress ACL table(to
L3 lookup path)
+                action_str = "table=0, in_port=%s," % of_port + " ip, dl_dst=%s," %network.gatewaymac
+\
+                             "nw_dst=%s," %vpconfig.cidr + "actions=resubmit(,3)"
+                addflow = [OFCTL_PATH, "add-flow", bridge, action_str]
+
+                do_cmd(addflow)
+
+        # get the list of hosts on which VPC spans from the JSON config
+        vpc_spanning_hosts = vpconfig.hosts
+
+        for host in vpc_spanning_hosts:
+            if str(this_host_id) == str(host.hostid):
+                continue
+            other_host_vms = get_vms_on_host(vpconfig, host.hostid)
+            for vm in other_host_vms:
+                for nic in vm.nics:
+                    mac_addr = nic.macaddress
+                    ip = nic.ipaddress
+                    network = get_network_details(vpconfig, nic.networkuuid)
+                    gre_key = network.grekey
+
+                    # generate tunnel name from tunnel naming convention
+                    tunnel_name = "t%s-%s-%s" % (gre_key, this_host_id, host.hostid)
+                    of_port = get_ofport_for_vif(tunnel_name)
+
+                    # Add flow rule in L2 look up table, if the destination mac = MAC of
the nic send packet tunnel port
+                    add_mac_lookup_table_entry(bridge, mac_addr, of_port)
+
+                    # Add flow tule in L3 look up table: if the destination IP = VM's IP
then modify the packet
+                    # set DST MAC = VM's MAC, SRC MAC=tier gateway MAC and send to egress
table
+                    add_ip_lookup_table_entry(bridge, ip, network.gatewaymac, mac_addr)
+
+        return "SUCCESS: successfully configured bridge as per the VPC topology"
+    except:
+        logging.debug("An unexpected error occurred while configuring bridge as per VPC topology.")
+        raise
 
 def get_acl(vpcconfig, required_acl_id):
     acls = vpcconfig.acls
@@ -392,60 +396,84 @@ def configure_ovs_bridge_for_routing_policies(bridge, json_config):
         logging.debug("WARNING:Can't find VPC info in json config file")
         return "FAILURE:IMPROPER_JSON_CONFG_FILE"
 
-    # First flush current egress ACL's before re-applying the ACL's
-    del_flows(bridge, table=3)
-
-    egress_rules_added = False
-    ingress_rules_added = False
-
-    tiers = vpconfig.tiers
-    for tier in tiers:
-        tier_cidr = tier.cidr
-        acl = get_acl(vpconfig, tier.aclid)
-        acl_items = acl.aclitems
-
-        for acl_item in acl_items:
-            number = acl_item.number
-            action = acl_item.action
-            direction = acl_item.direction
-            source_port_start = acl_item.sourceportstart
-            source_port_end = acl_item.sourceportend
-            protocol = acl_item.protocol
-            source_cidrs = acl_item.sourcecidrs
-            acl_priority = 1000 + number
-            for source_cidr in source_cidrs:
-                if direction is "ingress":
-                    ingress_rules_added = True
-                    # add flow rule to do action (allow/deny) for flows where source IP of
the packet is in
-                    # source_cidr and destination ip is in tier_cidr
-                    port = source_port_start
-                    while (port < source_port_end):
-                        if action is "deny":
-                            add_flow(bridge, priority= acl_priority, table=5, nw_src=source_cidr,
nw_dst=tier_cidr, tp_dst=port,
-                                     nw_proto=protocol, actions='drop')
-                        if action is "allow":
-                            add_flow(bridge, priority= acl_priority,table=5, nw_src=source_cidr,
nw_dst=tier_cidr, tp_dst=port,
-                                     nw_proto=protocol, actions='resubmit(,1)')
-                        port = port + 1
-
-                elif direction in "egress":
-                    egress_rules_added = True
-                    # add flow rule to do action (allow/deny) for flows where destination
IP of the packet is in
-                    # source_cidr and source ip is in tier_cidr
-                    port = source_port_start
-                    while (port < source_port_end):
-                        if action is "deny":
-                            add_flow(bridge, priority= acl_priority, table=5, nw_src=tier_cidr,
nw_dst=source_cidr, tp_dst=port,
-                                     nw_proto=protocol, actions='drop')
-                        if action is "allow":
-                            add_flow(bridge, priority= acl_priority, table=5, nw_src=tier_cidr,
nw_dst=source_cidr, tp_dst=port,
-                                     nw_proto=protocol, actions='resubmit(,1)')
-                        port = port + 1
-
-    if egress_rules_added is False:
-        # add a default rule in egress table to forward packet to L3 lookup table
-        add_flow(bridge, priority=0, table=3, actions='resubmit(,4)')
-
-    if ingress_rules_added is False:
-        # add a default rule in egress table drop packets
-        add_flow(bridge, priority=0, table=5, actions='drop')
\ No newline at end of file
+    try:
+        # First flush current egress ACL's before re-applying the ACL's
+        del_flows(bridge, table=3)
+
+        egress_rules_added = False
+        ingress_rules_added = False
+
+        tiers = vpconfig.tiers
+        for tier in tiers:
+            tier_cidr = tier.cidr
+            acl = get_acl(vpconfig, tier.aclid)
+            acl_items = acl.aclitems
+
+            for acl_item in acl_items:
+                number = acl_item.number
+                action = acl_item.action
+                direction = acl_item.direction
+                source_port_start = acl_item.sourceportstart
+                source_port_end = acl_item.sourceportend
+                protocol = acl_item.protocol
+                source_cidrs = acl_item.sourcecidrs
+                acl_priority = 1000 + number
+                for source_cidr in source_cidrs:
+                    if direction is "ingress":
+                        ingress_rules_added = True
+
+                        if source_port_start is None and source_port_end is None:
+                            if action is "deny":
+                                add_flow(bridge, priority= acl_priority, table=5, nw_src=source_cidr,
nw_dst=tier_cidr,
+                                         nw_proto=protocol, actions='drop')
+                            if action is "allow":
+                                add_flow(bridge, priority= acl_priority,table=5, nw_src=source_cidr,
nw_dst=tier_cidr,
+                                         nw_proto=protocol, actions='resubmit(,1)')
+                            continue
+
+                        # add flow rule to do action (allow/deny) for flows where source
IP of the packet is in
+                        # source_cidr and destination ip is in tier_cidr
+                        port = source_port_start
+                        while (port < source_port_end):
+                            if action is "deny":
+                                add_flow(bridge, priority= acl_priority, table=5, nw_src=source_cidr,
nw_dst=tier_cidr, tp_dst=port,
+                                         nw_proto=protocol, actions='drop')
+                            if action is "allow":
+                                add_flow(bridge, priority= acl_priority,table=5, nw_src=source_cidr,
nw_dst=tier_cidr, tp_dst=port,
+                                         nw_proto=protocol, actions='resubmit(,1)')
+                            port = port + 1
+
+                    elif direction in "egress":
+                        egress_rules_added = True
+
+                        if source_port_start is None and source_port_end is None:
+                            if action is "deny":
+                                add_flow(bridge, priority= acl_priority, table=3, nw_src=source_cidr,
nw_dst=tier_cidr,
+                                         nw_proto=protocol, actions='drop')
+                            if action is "allow":
+                                add_flow(bridge, priority= acl_priority,table=3, nw_src=source_cidr,
nw_dst=tier_cidr,
+                                         nw_proto=protocol, actions='resubmit(,1)')
+                            continue
+
+                        # add flow rule to do action (allow/deny) for flows where destination
IP of the packet is in
+                        # source_cidr and source ip is in tier_cidr
+                        port = source_port_start
+                        while (port < source_port_end):
+                            if action is "deny":
+                                add_flow(bridge, priority= acl_priority, table=3, nw_src=tier_cidr,
nw_dst=source_cidr, tp_dst=port,
+                                         nw_proto=protocol, actions='drop')
+                            if action is "allow":
+                                add_flow(bridge, priority= acl_priority, table=3, nw_src=tier_cidr,
nw_dst=source_cidr, tp_dst=port,
+                                         nw_proto=protocol, actions='resubmit(,1)')
+                            port = port + 1
+
+        if egress_rules_added is False:
+            # add a default rule in egress table to forward packet to L3 lookup table
+            add_flow(bridge, priority=0, table=3, actions='resubmit(,4)')
+
+        if ingress_rules_added is False:
+            # add a default rule in egress table drop packets
+            add_flow(bridge, priority=0, table=5, actions='drop')
+    except:
+        logging.debug("An unexpected error occurred while configuring bridge as per VPC's
routing policies.")
+        raise
\ No newline at end of file


Mime
View raw message