From e70fdbee8b201f58949db272b39fe8be04ea5da6 Mon Sep 17 00:00:00 2001 From: Slawek Kaplonski Date: Fri, 17 Dec 2021 16:53:00 +0100 Subject: [PATCH] Rehome ovs related constants to the separate module Those constants were rehomed from neutron tree to the neutron-lib some time ago. But as it was discussed in the review of those "rehome" patches, it will be better to have them in separate module in the neutron_lib repository. Change-Id: I8495832fccbbdcdfd0f021f76a8cf0926cf08eae --- neutron_lib/constants.py | 208 ---------------- neutron_lib/plugins/ml2/ovs_constants.py | 224 ++++++++++++++++++ ...s-to-separate-module-07ce93971dd1d7dc.yaml | 6 + 3 files changed, 230 insertions(+), 208 deletions(-) create mode 100644 neutron_lib/plugins/ml2/ovs_constants.py create mode 100644 releasenotes/notes/Rehome-ovs-constants-to-separate-module-07ce93971dd1d7dc.yaml diff --git a/neutron_lib/constants.py b/neutron_lib/constants.py index b4f4bcbe3..ff52f64b1 100644 --- a/neutron_lib/constants.py +++ b/neutron_lib/constants.py @@ -682,214 +682,6 @@ ACCESS_SHARED = 'access_as_shared' ACCESS_READONLY = 'access_as_readonly' ACCESS_EXTERNAL = 'access_as_external' -####################### -# OVS related constants -####################### - -# Special vlan_tci value indicating flat network -FLAT_VLAN_TCI = '0x0000/0x1fff' - -# Topic for tunnel notifications between the plugin and agent -TUNNEL = 'tunnel' - -# Name prefixes for veth device or patch port pair linking the integration -# bridge with the physical bridge for a physical network -PEER_INTEGRATION_PREFIX = 'int-' -PEER_PHYSICAL_PREFIX = 'phy-' - -# Nonexistent peer used to create patch ports without associating them, it -# allows to define flows before association -NONEXISTENT_PEER = 'nonexistent-peer' - -# The different types of tunnels -TUNNEL_NETWORK_TYPES = [TYPE_GRE, TYPE_VXLAN, TYPE_GENEVE] - -# --- OpenFlow table IDs - -# --- Integration bridge (int_br) - -LOCAL_SWITCHING = 0 - -# The pyhsical network types of support DVR router -DVR_PHYSICAL_NETWORK_TYPES = [TYPE_VLAN, TYPE_FLAT] - -# Various tables for DVR use of integration bridge flows -DVR_TO_SRC_MAC = 1 -DVR_TO_SRC_MAC_PHYSICAL = 2 -ARP_DVR_MAC_TO_DST_MAC = 3 -ARP_DVR_MAC_TO_DST_MAC_PHYSICAL = 4 -CANARY_TABLE = 23 - -# Table for ARP poison/spoofing prevention rules -ARP_SPOOF_TABLE = 24 - -# Table for MAC spoof filtering -MAC_SPOOF_TABLE = 25 - -# Table to decide whether further filtering is needed -TRANSIENT_TABLE = 60 -LOCAL_MAC_DIRECT = 61 -TRANSIENT_EGRESS_TABLE = 62 - -# Table for DHCP -DHCP_IPV4_TABLE = 77 -DHCP_IPV6_TABLE = 78 - -# Tables used for ovs firewall -BASE_EGRESS_TABLE = 71 -RULES_EGRESS_TABLE = 72 -ACCEPT_OR_INGRESS_TABLE = 73 -BASE_INGRESS_TABLE = 81 -RULES_INGRESS_TABLE = 82 - -OVS_FIREWALL_TABLES = ( - BASE_EGRESS_TABLE, - RULES_EGRESS_TABLE, - ACCEPT_OR_INGRESS_TABLE, - BASE_INGRESS_TABLE, - RULES_INGRESS_TABLE, -) - -# Tables for parties interacting with ovs firewall -ACCEPTED_EGRESS_TRAFFIC_TABLE = 91 -ACCEPTED_INGRESS_TRAFFIC_TABLE = 92 -DROPPED_TRAFFIC_TABLE = 93 -ACCEPTED_EGRESS_TRAFFIC_NORMAL_TABLE = 94 - -INT_BR_ALL_TABLES = ( - LOCAL_SWITCHING, - DVR_TO_SRC_MAC, - DVR_TO_SRC_MAC_PHYSICAL, - CANARY_TABLE, - ARP_SPOOF_TABLE, - MAC_SPOOF_TABLE, - LOCAL_MAC_DIRECT, - TRANSIENT_TABLE, - TRANSIENT_EGRESS_TABLE, - BASE_EGRESS_TABLE, - RULES_EGRESS_TABLE, - ACCEPT_OR_INGRESS_TABLE, - DHCP_IPV4_TABLE, - DHCP_IPV6_TABLE, - BASE_INGRESS_TABLE, - RULES_INGRESS_TABLE, - ACCEPTED_EGRESS_TRAFFIC_TABLE, - ACCEPTED_INGRESS_TRAFFIC_TABLE, - DROPPED_TRAFFIC_TABLE) - -# --- Tunnel bridge (tun_br) - -# Various tables for tunneling flows -DVR_PROCESS = 1 -PATCH_LV_TO_TUN = 2 -GRE_TUN_TO_LV = 3 -VXLAN_TUN_TO_LV = 4 -GENEVE_TUN_TO_LV = 6 - -DVR_NOT_LEARN = 9 -LEARN_FROM_TUN = 10 -UCAST_TO_TUN = 20 -ARP_RESPONDER = 21 -FLOOD_TO_TUN = 22 -# NOTE(vsaienko): transit table used by networking-bagpipe driver to -# mirror traffic to EVPN and standard tunnels to gateway nodes -BAGPIPE_FLOOD_TO_TUN_BROADCAST = 222 - -TUN_BR_ALL_TABLES = ( - LOCAL_SWITCHING, - DVR_PROCESS, - PATCH_LV_TO_TUN, - GRE_TUN_TO_LV, - VXLAN_TUN_TO_LV, - GENEVE_TUN_TO_LV, - DVR_NOT_LEARN, - LEARN_FROM_TUN, - UCAST_TO_TUN, - ARP_RESPONDER, - FLOOD_TO_TUN) - -# --- Physical Bridges (phys_brs) - -# Various tables for DVR use of physical bridge flows -DVR_PROCESS_PHYSICAL = 1 -LOCAL_VLAN_TRANSLATION = 2 -DVR_NOT_LEARN_PHYSICAL = 3 - -PHY_BR_ALL_TABLES = ( - LOCAL_SWITCHING, - DVR_PROCESS_PHYSICAL, - LOCAL_VLAN_TRANSLATION, - DVR_NOT_LEARN_PHYSICAL) - -# --- end of OpenFlow table IDs - -# type for ARP reply in ARP header -ARP_REPLY = '0x2' - -# Map tunnel types to tables number -TUN_TABLE = {TYPE_GRE: GRE_TUN_TO_LV, - TYPE_VXLAN: VXLAN_TUN_TO_LV, - TYPE_GENEVE: GENEVE_TUN_TO_LV} - - -# The default respawn interval for the ovsdb monitor -DEFAULT_OVSDBMON_RESPAWN = 30 - -# Represent invalid OF Port -OFPORT_INVALID = -1 - -ARP_RESPONDER_ACTIONS = ('move:NXM_OF_ETH_SRC[]->NXM_OF_ETH_DST[],' - 'mod_dl_src:%(mac)s,' - 'load:0x2->NXM_OF_ARP_OP[],' - 'move:NXM_NX_ARP_SHA[]->NXM_NX_ARP_THA[],' - 'move:NXM_OF_ARP_SPA[]->NXM_OF_ARP_TPA[],' - 'load:%(mac)#x->NXM_NX_ARP_SHA[],' - 'load:%(ip)#x->NXM_OF_ARP_SPA[],' - 'in_port') - -# Represent ovs status -OVS_RESTARTED = 0 -OVS_NORMAL = 1 -OVS_DEAD = 2 - -EXTENSION_DRIVER_TYPE = 'ovs' - -# ovs datapath types -OVS_DATAPATH_SYSTEM = 'system' -OVS_DATAPATH_NETDEV = 'netdev' -OVS_DPDK_VHOST_USER = 'dpdkvhostuser' -OVS_DPDK_VHOST_USER_CLIENT = 'dpdkvhostuserclient' - -OVS_DPDK_PORT_TYPES = [OVS_DPDK_VHOST_USER, OVS_DPDK_VHOST_USER_CLIENT] - -# default ovs vhost-user socket location -VHOST_USER_SOCKET_DIR = '/var/run/openvswitch' - -MAX_DEVICE_RETRIES = 5 - -# OpenFlow version constants -OPENFLOW10 = "OpenFlow10" -OPENFLOW11 = "OpenFlow11" -OPENFLOW12 = "OpenFlow12" -OPENFLOW13 = "OpenFlow13" -OPENFLOW14 = "OpenFlow14" -OPENFLOW15 = "OpenFlow15" - -OPENFLOW_MAX_PRIORITY = 65535 - -# A placeholder for dead vlans. -DEAD_VLAN_TAG = MAX_VLAN_TAG + 1 - -# callback resource for setting 'bridge_name' in the 'binding:vif_details' -OVS_BRIDGE_NAME = 'ovs_bridge_name' - -# callback resource for notifying to ovsdb handler -OVSDB_RESOURCE = 'ovsdb' - -# Used in ovs port 'external_ids' in order mark it for no cleanup when -# ovs_cleanup script is used. -SKIP_CLEANUP = 'skip_cleanup' - # neutron-dynamic-routing constants MIN_ASNUM = 1 MAX_ASNUM = 65535 diff --git a/neutron_lib/plugins/ml2/ovs_constants.py b/neutron_lib/plugins/ml2/ovs_constants.py new file mode 100644 index 000000000..81589a09c --- /dev/null +++ b/neutron_lib/plugins/ml2/ovs_constants.py @@ -0,0 +1,224 @@ +# Copyright (c) 2021 OpenStack Foundation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +from neutron_lib import constants + +# Special vlan_tci value indicating flat network +FLAT_VLAN_TCI = '0x0000/0x1fff' + +# Topic for tunnel notifications between the plugin and agent +TUNNEL = 'tunnel' + +# Name prefixes for veth device or patch port pair linking the integration +# bridge with the physical bridge for a physical network +PEER_INTEGRATION_PREFIX = 'int-' +PEER_PHYSICAL_PREFIX = 'phy-' + +# Nonexistent peer used to create patch ports without associating them, it +# allows to define flows before association +NONEXISTENT_PEER = 'nonexistent-peer' + +# The different types of tunnels +TUNNEL_NETWORK_TYPES = [ + constants.TYPE_GRE, + constants.TYPE_VXLAN, + constants.TYPE_GENEVE +] + +# --- OpenFlow table IDs + +# --- Integration bridge (int_br) + +LOCAL_SWITCHING = 0 + +# The pyhsical network types of support DVR router +DVR_PHYSICAL_NETWORK_TYPES = [constants.TYPE_VLAN, constants.TYPE_FLAT] + +# Various tables for DVR use of integration bridge flows +DVR_TO_SRC_MAC = 1 +DVR_TO_SRC_MAC_PHYSICAL = 2 +ARP_DVR_MAC_TO_DST_MAC = 3 +ARP_DVR_MAC_TO_DST_MAC_PHYSICAL = 4 +CANARY_TABLE = 23 + +# Table for ARP poison/spoofing prevention rules +ARP_SPOOF_TABLE = 24 + +# Table for MAC spoof filtering +MAC_SPOOF_TABLE = 25 + +# Table to decide whether further filtering is needed +TRANSIENT_TABLE = 60 +LOCAL_MAC_DIRECT = 61 +TRANSIENT_EGRESS_TABLE = 62 + +# Table for DHCP +DHCP_IPV4_TABLE = 77 +DHCP_IPV6_TABLE = 78 + +# Tables used for ovs firewall +BASE_EGRESS_TABLE = 71 +RULES_EGRESS_TABLE = 72 +ACCEPT_OR_INGRESS_TABLE = 73 +BASE_INGRESS_TABLE = 81 +RULES_INGRESS_TABLE = 82 + +OVS_FIREWALL_TABLES = ( + BASE_EGRESS_TABLE, + RULES_EGRESS_TABLE, + ACCEPT_OR_INGRESS_TABLE, + BASE_INGRESS_TABLE, + RULES_INGRESS_TABLE, +) + +# Tables for parties interacting with ovs firewall +ACCEPTED_EGRESS_TRAFFIC_TABLE = 91 +ACCEPTED_INGRESS_TRAFFIC_TABLE = 92 +DROPPED_TRAFFIC_TABLE = 93 +ACCEPTED_EGRESS_TRAFFIC_NORMAL_TABLE = 94 + +INT_BR_ALL_TABLES = ( + LOCAL_SWITCHING, + DVR_TO_SRC_MAC, + DVR_TO_SRC_MAC_PHYSICAL, + CANARY_TABLE, + ARP_SPOOF_TABLE, + MAC_SPOOF_TABLE, + LOCAL_MAC_DIRECT, + TRANSIENT_TABLE, + TRANSIENT_EGRESS_TABLE, + BASE_EGRESS_TABLE, + RULES_EGRESS_TABLE, + ACCEPT_OR_INGRESS_TABLE, + DHCP_IPV4_TABLE, + DHCP_IPV6_TABLE, + BASE_INGRESS_TABLE, + RULES_INGRESS_TABLE, + ACCEPTED_EGRESS_TRAFFIC_TABLE, + ACCEPTED_INGRESS_TRAFFIC_TABLE, + DROPPED_TRAFFIC_TABLE) + +# --- Tunnel bridge (tun_br) + +# Various tables for tunneling flows +DVR_PROCESS = 1 +PATCH_LV_TO_TUN = 2 +GRE_TUN_TO_LV = 3 +VXLAN_TUN_TO_LV = 4 +GENEVE_TUN_TO_LV = 6 + +DVR_NOT_LEARN = 9 +LEARN_FROM_TUN = 10 +UCAST_TO_TUN = 20 +ARP_RESPONDER = 21 +FLOOD_TO_TUN = 22 +# NOTE(vsaienko): transit table used by networking-bagpipe driver to +# mirror traffic to EVPN and standard tunnels to gateway nodes +BAGPIPE_FLOOD_TO_TUN_BROADCAST = 222 + +TUN_BR_ALL_TABLES = ( + LOCAL_SWITCHING, + DVR_PROCESS, + PATCH_LV_TO_TUN, + GRE_TUN_TO_LV, + VXLAN_TUN_TO_LV, + GENEVE_TUN_TO_LV, + DVR_NOT_LEARN, + LEARN_FROM_TUN, + UCAST_TO_TUN, + ARP_RESPONDER, + FLOOD_TO_TUN) + +# --- Physical Bridges (phys_brs) + +# Various tables for DVR use of physical bridge flows +DVR_PROCESS_PHYSICAL = 1 +LOCAL_VLAN_TRANSLATION = 2 +DVR_NOT_LEARN_PHYSICAL = 3 + +PHY_BR_ALL_TABLES = ( + LOCAL_SWITCHING, + DVR_PROCESS_PHYSICAL, + LOCAL_VLAN_TRANSLATION, + DVR_NOT_LEARN_PHYSICAL) + +# --- end of OpenFlow table IDs + +# type for ARP reply in ARP header +ARP_REPLY = '0x2' + +# Map tunnel types to tables number +TUN_TABLE = {constants.TYPE_GRE: GRE_TUN_TO_LV, + constants.TYPE_VXLAN: VXLAN_TUN_TO_LV, + constants.TYPE_GENEVE: GENEVE_TUN_TO_LV} + + +# The default respawn interval for the ovsdb monitor +DEFAULT_OVSDBMON_RESPAWN = 30 + +# Represent invalid OF Port +OFPORT_INVALID = -1 + +ARP_RESPONDER_ACTIONS = ('move:NXM_OF_ETH_SRC[]->NXM_OF_ETH_DST[],' + 'mod_dl_src:%(mac)s,' + 'load:0x2->NXM_OF_ARP_OP[],' + 'move:NXM_NX_ARP_SHA[]->NXM_NX_ARP_THA[],' + 'move:NXM_OF_ARP_SPA[]->NXM_OF_ARP_TPA[],' + 'load:%(mac)#x->NXM_NX_ARP_SHA[],' + 'load:%(ip)#x->NXM_OF_ARP_SPA[],' + 'in_port') + +# Represent ovs status +OVS_RESTARTED = 0 +OVS_NORMAL = 1 +OVS_DEAD = 2 + +EXTENSION_DRIVER_TYPE = 'ovs' + +# ovs datapath types +OVS_DATAPATH_SYSTEM = 'system' +OVS_DATAPATH_NETDEV = 'netdev' +OVS_DPDK_VHOST_USER = 'dpdkvhostuser' +OVS_DPDK_VHOST_USER_CLIENT = 'dpdkvhostuserclient' + +OVS_DPDK_PORT_TYPES = [OVS_DPDK_VHOST_USER, OVS_DPDK_VHOST_USER_CLIENT] + +# default ovs vhost-user socket location +VHOST_USER_SOCKET_DIR = '/var/run/openvswitch' + +MAX_DEVICE_RETRIES = 5 + +# OpenFlow version constants +OPENFLOW10 = "OpenFlow10" +OPENFLOW11 = "OpenFlow11" +OPENFLOW12 = "OpenFlow12" +OPENFLOW13 = "OpenFlow13" +OPENFLOW14 = "OpenFlow14" +OPENFLOW15 = "OpenFlow15" + +OPENFLOW_MAX_PRIORITY = 65535 + +# A placeholder for dead vlans. +DEAD_VLAN_TAG = constants.MAX_VLAN_TAG + 1 + +# callback resource for setting 'bridge_name' in the 'binding:vif_details' +OVS_BRIDGE_NAME = 'ovs_bridge_name' + +# callback resource for notifying to ovsdb handler +OVSDB_RESOURCE = 'ovsdb' + +# Used in ovs port 'external_ids' in order mark it for no cleanup when +# ovs_cleanup script is used. +SKIP_CLEANUP = 'skip_cleanup' diff --git a/releasenotes/notes/Rehome-ovs-constants-to-separate-module-07ce93971dd1d7dc.yaml b/releasenotes/notes/Rehome-ovs-constants-to-separate-module-07ce93971dd1d7dc.yaml new file mode 100644 index 000000000..26627ad4e --- /dev/null +++ b/releasenotes/notes/Rehome-ovs-constants-to-separate-module-07ce93971dd1d7dc.yaml @@ -0,0 +1,6 @@ +--- +other: + - | + Openvswitch related constants are moved from the + ``neutron_lib.constants`` module to the own module + ``neutron_lib.plugins.ml2.ovs_constants``.