Modify L3 Agent for Distributed Routers

This patch is an enhancement to the existing L3 Agent.
This allows the L3 Agent to support distributed routers
by enhancing the router object to function across
multiple nodes.

Utilized two new types of namespaces:

- FIP to handle multiple VM fips and routers per node
- SNAT to handle centralized SNAT per router

Rules and tables are enhanced and added to support routing
across distributed routers without going to a centralized
router.

Finally, a new configuration param 'agent_mode' is introduced
and it controls what the L3 agent can do: the available values
are: 'legacy', 'dvr', 'dvr_snat' (more details inline).

The l3-scheduler uses the newly introduced agent_mode to
determine what L3 agent to select during the scheduling
process.

Partially-Implements: blueprint neutron-ovs-dvr

DocImpact

Change-Id: Icead821bb74372b15aac2e5cefe8ad7f08c037ab
Co-Authored-By: Rajeev Grover <rajeev.grover@hp.com>
This commit is contained in:
Michael Smith 2014-07-22 16:58:26 -07:00
parent 3c037a5869
commit 073aa8104c
4 changed files with 1083 additions and 111 deletions

View File

@ -77,3 +77,14 @@
# Timeout for ovs-vsctl commands. # Timeout for ovs-vsctl commands.
# If the timeout expires, ovs commands will fail with ALARMCLOCK error. # If the timeout expires, ovs commands will fail with ALARMCLOCK error.
# ovs_vsctl_timeout = 10 # ovs_vsctl_timeout = 10
# The working mode for the agent. Allowed values are:
# - legacy: this preserves the existing behavior where the L3 agent is
# deployed on a centralized networking node to provide L3 services
# like DNAT, and SNAT. Use this mode if you do not want to adopt DVR.
# - dvr: this mode enables DVR functionality, and must be used for an L3
# agent that runs on a compute host.
# - dvr_snat: this enables centralized SNAT support in conjunction with
# DVR. This mode must be used for an L3 agent running on a centralized
# node (or in single-host deployments, e.g. devstack).
# agent_mode = legacy

View File

@ -28,7 +28,6 @@ from neutron.agent.linux import external_process
from neutron.agent.linux import interface from neutron.agent.linux import interface
from neutron.agent.linux import ip_lib from neutron.agent.linux import ip_lib
from neutron.agent.linux import iptables_manager from neutron.agent.linux import iptables_manager
from neutron.agent.linux import ovs_lib # noqa
from neutron.agent.linux import ra from neutron.agent.linux import ra
from neutron.agent import rpc as agent_rpc from neutron.agent import rpc as agent_rpc
from neutron.common import config as common_config from neutron.common import config as common_config
@ -53,6 +52,18 @@ LOG = logging.getLogger(__name__)
NS_PREFIX = 'qrouter-' NS_PREFIX = 'qrouter-'
INTERNAL_DEV_PREFIX = 'qr-' INTERNAL_DEV_PREFIX = 'qr-'
EXTERNAL_DEV_PREFIX = 'qg-' EXTERNAL_DEV_PREFIX = 'qg-'
SNAT_INT_DEV_PREFIX = 'sg-'
FIP_NS_PREFIX = 'fip-'
SNAT_NS_PREFIX = 'snat-'
FIP_2_ROUTER_DEV_PREFIX = 'fpr-'
ROUTER_2_FIP_DEV_PREFIX = 'rfp-'
FIP_EXT_DEV_PREFIX = 'fg-'
FIP_LL_PREFIX = '169.254.30.'
# Route Table index for FIPs
FIP_RT_TBL = 16
# Rule priority range for FIPs
FIP_PR_START = 32768
FIP_PR_END = FIP_PR_START + 40000
RPC_LOOP_INTERVAL = 1 RPC_LOOP_INTERVAL = 1
FLOATING_IP_CIDR_SUFFIX = '/32' FLOATING_IP_CIDR_SUFFIX = '/32'
# Lower value is higher priority # Lower value is higher priority
@ -67,6 +78,10 @@ class L3PluginApi(n_rpc.RpcProxy):
API version history: API version history:
1.0 - Initial version. 1.0 - Initial version.
1.1 - Floating IP operational status updates 1.1 - Floating IP operational status updates
1.2 - DVR support: new L3 plugin methods added.
- get_ports_by_subnet
- get_agent_gateway_port
Needed by the agent when operating in DVR/DVR_SNAT mode
""" """
@ -105,6 +120,22 @@ class L3PluginApi(n_rpc.RpcProxy):
topic=self.topic, topic=self.topic,
version='1.1') version='1.1')
def get_ports_by_subnet(self, context, subnet_id):
"""Retrieve ports by subnet id."""
return self.call(context,
self.make_msg('get_ports_by_subnet', host=self.host,
subnet_id=subnet_id),
topic=self.topic,
version='1.2')
def get_agent_gateway_port(self, context, fip_net):
"""Get or create an agent_gateway_port."""
return self.call(context,
self.make_msg('get_agent_gateway_port',
network_id=fip_net, host=self.host),
topic=self.topic,
version='1.2')
class RouterInfo(object): class RouterInfo(object):
@ -114,7 +145,9 @@ class RouterInfo(object):
self._snat_enabled = None self._snat_enabled = None
self._snat_action = None self._snat_action = None
self.internal_ports = [] self.internal_ports = []
self.snat_ports = []
self.floating_ips = set() self.floating_ips = set()
self.floating_ips_dict = {}
self.root_helper = root_helper self.root_helper = root_helper
self.use_namespaces = use_namespaces self.use_namespaces = use_namespaces
# Invoke the setter for establishing initial SNAT action # Invoke the setter for establishing initial SNAT action
@ -125,6 +158,12 @@ class RouterInfo(object):
#FIXME(danwent): use_ipv6=True, #FIXME(danwent): use_ipv6=True,
namespace=self.ns_name) namespace=self.ns_name)
self.routes = [] self.routes = []
# DVR Data
# Linklocal router to floating IP addr
self.rtr_2_fip = None
# Linklocal floating to router IP addr
self.fip_2_rtr = None
self.dist_fip_count = 0
@property @property
def router(self): def router(self):
@ -301,10 +340,27 @@ class L3NATAgent(firewall_l3_agent.FWaaSL3AgentRpcCallback, manager.Manager):
It was previously a list of routers in dict format. It was previously a list of routers in dict format.
It is now a list of router IDs only. It is now a list of router IDs only.
Per rpc versioning rules, it is backwards compatible. Per rpc versioning rules, it is backwards compatible.
1.2 - DVR support: new L3 agent methods added.
- add_arp_entry
- del_arp_entry
Needed by the L3 service when dealing with DVR
""" """
RPC_API_VERSION = '1.1' RPC_API_VERSION = '1.2'
OPTS = [ OPTS = [
cfg.StrOpt('agent_mode', default='legacy',
help=_("The working mode for the agent. Allowed modes are: "
"'legacy' - this preserves the existing behavior "
"where the L3 agent is deployed on a centralized "
"networking node to provide L3 services like DNAT, "
"and SNAT. Use this mode if you do not want to "
"adopt DVR. 'dvr' - this mode enables DVR "
"functionality and must be used for an L3 agent "
"that runs on a compute host. 'dvr_snat' - this "
"enables centralized SNAT support in conjunction "
"with DVR. This mode must be used for an L3 agent "
"running on a centralized node (or in single-host "
"deployments, e.g. devstack)")),
cfg.StrOpt('external_network_bridge', default='br-ex', cfg.StrOpt('external_network_bridge', default='br-ex',
help=_("Name of bridge used for external network " help=_("Name of bridge used for external network "
"traffic.")), "traffic.")),
@ -366,6 +422,12 @@ class L3NATAgent(firewall_l3_agent.FWaaSL3AgentRpcCallback, manager.Manager):
self._clean_stale_namespaces = self.conf.use_namespaces self._clean_stale_namespaces = self.conf.use_namespaces
# dvr data
self.agent_gateway_port = None
self.agent_fip_count = 0
self.local_ips = set(range(2, 251))
self.fip_priorities = set(range(FIP_PR_START, FIP_PR_END))
self._queue = RouterProcessingQueue() self._queue = RouterProcessingQueue()
super(L3NATAgent, self).__init__(conf=self.conf) super(L3NATAgent, self).__init__(conf=self.conf)
@ -425,41 +487,89 @@ class L3NATAgent(firewall_l3_agent.FWaaSL3AgentRpcCallback, manager.Manager):
one attempt will be made to delete them. one attempt will be made to delete them.
""" """
for ns in router_namespaces: for ns in router_namespaces:
if self.conf.enable_metadata_proxy:
self._destroy_metadata_proxy(ns[len(NS_PREFIX):], ns)
ra.disable_ipv6_ra(ns[len(NS_PREFIX):], ns, self.root_helper) ra.disable_ipv6_ra(ns[len(NS_PREFIX):], ns, self.root_helper)
try: try:
self._destroy_router_namespace(ns) self._destroy_namespace(ns)
except RuntimeError: except RuntimeError:
LOG.exception(_('Failed to destroy stale router namespace ' LOG.exception(_('Failed to destroy stale router namespace '
'%s'), ns) '%s'), ns)
self._clean_stale_namespaces = False self._clean_stale_namespaces = False
def _destroy_router_namespace(self, namespace): def _destroy_namespace(self, ns):
ns_ip = ip_lib.IPWrapper(self.root_helper, namespace=namespace) if ns.startswith(NS_PREFIX):
if self.conf.enable_metadata_proxy:
self._destroy_metadata_proxy(ns[len(NS_PREFIX):], ns)
self._destroy_router_namespace(ns)
elif ns.startswith(FIP_NS_PREFIX):
self._destroy_fip_namespace(ns)
elif ns.startswith(SNAT_NS_PREFIX):
self._destroy_snat_namespace(ns)
def _delete_namespace(self, ns_ip, ns):
try:
ns_ip.netns.delete(ns)
except RuntimeError:
msg = _('Failed trying to delete namespace: %s') % ns
LOG.exception(msg)
def _destroy_snat_namespace(self, ns):
ns_ip = ip_lib.IPWrapper(self.root_helper, namespace=ns)
# delete internal interfaces
for d in ns_ip.get_devices(exclude_loopback=True):
if d.name.startswith(SNAT_INT_DEV_PREFIX):
LOG.debug('Unplugging DVR device %s', d.name)
self.driver.unplug(d.name, namespace=ns,
prefix=SNAT_INT_DEV_PREFIX)
# TODO(mrsmith): delete ext-gw-port
LOG.debug('DVR: destroy snat ns: %s', ns)
if self.conf.router_delete_namespaces:
self._delete_namespace(ns_ip, ns)
def _destroy_fip_namespace(self, ns):
ns_ip = ip_lib.IPWrapper(self.root_helper, namespace=ns)
for d in ns_ip.get_devices(exclude_loopback=True):
if d.name.startswith(FIP_2_ROUTER_DEV_PREFIX):
# internal link between IRs and FIP NS
# TODO(mrsmith): remove IR interfaces (IP pool?)
pass
elif d.name.startswith(FIP_EXT_DEV_PREFIX):
# single port from FIP NS to br-ext
# TODO(mrsmith): remove br-ext interface
LOG.debug('DVR: unplug: %s', d.name)
self.driver.unplug(d.name,
bridge=self.conf.external_network_bridge,
namespace=ns,
prefix=FIP_EXT_DEV_PREFIX)
LOG.debug('DVR: destroy fip ns: %s', ns)
# TODO(mrsmith): add LOG warn if fip count != 0
if self.conf.router_delete_namespaces:
self._delete_namespace(ns_ip, ns)
self.agent_gateway_port = None
def _destroy_router_namespace(self, ns):
ns_ip = ip_lib.IPWrapper(self.root_helper, namespace=ns)
for d in ns_ip.get_devices(exclude_loopback=True): for d in ns_ip.get_devices(exclude_loopback=True):
if d.name.startswith(INTERNAL_DEV_PREFIX): if d.name.startswith(INTERNAL_DEV_PREFIX):
# device is on default bridge # device is on default bridge
self.driver.unplug(d.name, namespace=namespace, self.driver.unplug(d.name, namespace=ns,
prefix=INTERNAL_DEV_PREFIX) prefix=INTERNAL_DEV_PREFIX)
elif d.name.startswith(EXTERNAL_DEV_PREFIX): elif d.name.startswith(EXTERNAL_DEV_PREFIX):
self.driver.unplug(d.name, self.driver.unplug(d.name,
bridge=self.conf.external_network_bridge, bridge=self.conf.external_network_bridge,
namespace=namespace, namespace=ns,
prefix=EXTERNAL_DEV_PREFIX) prefix=EXTERNAL_DEV_PREFIX)
if self.conf.router_delete_namespaces: if self.conf.router_delete_namespaces:
try: self._delete_namespace(ns_ip, ns)
ns_ip.netns.delete(namespace)
except RuntimeError: def _create_namespace(self, name):
msg = _('Failed trying to delete namespace: %s') ip_wrapper_root = ip_lib.IPWrapper(self.root_helper)
LOG.exception(msg % namespace) ip_wrapper = ip_wrapper_root.ensure_namespace(name)
ip_wrapper.netns.execute(['sysctl', '-w', 'net.ipv4.ip_forward=1'])
def _create_router_namespace(self, ri): def _create_router_namespace(self, ri):
ip_wrapper_root = ip_lib.IPWrapper(self.root_helper) self._create_namespace(ri.ns_name)
ip_wrapper = ip_wrapper_root.ensure_namespace(ri.ns_name)
ip_wrapper.netns.execute(['sysctl', '-w', 'net.ipv4.ip_forward=1'])
def _fetch_external_net_id(self, force=False): def _fetch_external_net_id(self, force=False):
"""Find UUID of single external network for this agent.""" """Find UUID of single external network for this agent."""
@ -553,6 +663,24 @@ class L3NATAgent(firewall_l3_agent.FWaaSL3AgentRpcCallback, manager.Manager):
ns_name) ns_name)
pm.disable() pm.disable()
def _set_subnet_arp_info(self, ri, port):
"""Set ARP info retrieved from Plugin for existing ports."""
if 'id' not in port['subnet'] or not ri.router['distributed']:
return
subnet_id = port['subnet']['id']
subnet_ports = (
self.plugin_rpc.get_ports_by_subnet(self.context,
subnet_id))
for p in subnet_ports:
if (p['device_owner'] not in (
l3_constants.DEVICE_OWNER_ROUTER_INTF,
l3_constants.DEVICE_OWNER_DVR_INTERFACE)):
for fixed_ip in p['fixed_ips']:
self._update_arp_entry(ri, fixed_ip['ip_address'],
p['mac_address'],
subnet_id, 'add')
def _set_subnet_info(self, port): def _set_subnet_info(self, port):
ips = port['fixed_ips'] ips = port['fixed_ips']
if not ips: if not ips:
@ -570,9 +698,13 @@ class L3NATAgent(firewall_l3_agent.FWaaSL3AgentRpcCallback, manager.Manager):
return [ip_dev.name for ip_dev in ip_devs] return [ip_dev.name for ip_dev in ip_devs]
def process_router(self, ri): def process_router(self, ri):
# TODO(mrsmith) - we shouldn't need to check here
if 'distributed' not in ri.router:
ri.router['distributed'] = False
ri.iptables_manager.defer_apply_on() ri.iptables_manager.defer_apply_on()
ex_gw_port = self._get_ex_gw_port(ri) ex_gw_port = self._get_ex_gw_port(ri)
internal_ports = ri.router.get(l3_constants.INTERFACE_KEY, []) internal_ports = ri.router.get(l3_constants.INTERFACE_KEY, [])
snat_ports = ri.router.get(l3_constants.SNAT_ROUTER_INTF_KEY, [])
existing_port_ids = set([p['id'] for p in ri.internal_ports]) existing_port_ids = set([p['id'] for p in ri.internal_ports])
current_port_ids = set([p['id'] for p in internal_ports current_port_ids = set([p['id'] for p in internal_ports
if p['admin_state_up']]) if p['admin_state_up']])
@ -586,15 +718,15 @@ class L3NATAgent(firewall_l3_agent.FWaaSL3AgentRpcCallback, manager.Manager):
old_ipv6_port = False old_ipv6_port = False
for p in new_ports: for p in new_ports:
self._set_subnet_info(p) self._set_subnet_info(p)
self.internal_network_added(ri, p['network_id'], p['id'], self.internal_network_added(ri, p)
p['ip_cidr'], p['mac_address'])
ri.internal_ports.append(p) ri.internal_ports.append(p)
self._set_subnet_arp_info(ri, p)
if (not new_ipv6_port and if (not new_ipv6_port and
netaddr.IPNetwork(p['subnet']['cidr']).version == 6): netaddr.IPNetwork(p['subnet']['cidr']).version == 6):
new_ipv6_port = True new_ipv6_port = True
for p in old_ports: for p in old_ports:
self.internal_network_removed(ri, p['id'], p['ip_cidr']) self.internal_network_removed(ri, p)
ri.internal_ports.remove(p) ri.internal_ports.remove(p)
if (not old_ipv6_port and if (not old_ipv6_port and
netaddr.IPNetwork(p['subnet']['cidr']).version == 6): netaddr.IPNetwork(p['subnet']['cidr']).version == 6):
@ -653,6 +785,8 @@ class L3NATAgent(firewall_l3_agent.FWaaSL3AgentRpcCallback, manager.Manager):
# Process static routes for router # Process static routes for router
self.routes_updated(ri) self.routes_updated(ri)
# Process SNAT rules for external gateway # Process SNAT rules for external gateway
if (not ri.router['distributed'] or
ex_gw_port and ri.router['gw_port_host'] == self.host):
ri.perform_snat_action(self._handle_router_snat_rules, ri.perform_snat_action(self._handle_router_snat_rules,
internal_cidrs, interface_name) internal_cidrs, interface_name)
@ -684,6 +818,7 @@ class L3NATAgent(firewall_l3_agent.FWaaSL3AgentRpcCallback, manager.Manager):
# Update ex_gw_port and enable_snat on the router info cache # Update ex_gw_port and enable_snat on the router info cache
ri.ex_gw_port = ex_gw_port ri.ex_gw_port = ex_gw_port
ri.snat_ports = snat_ports
ri.enable_snat = ri.router.get('enable_snat') ri.enable_snat = ri.router.get('enable_snat')
def _handle_router_snat_rules(self, ri, ex_gw_port, internal_cidrs, def _handle_router_snat_rules(self, ri, ex_gw_port, internal_cidrs,
@ -692,13 +827,19 @@ class L3NATAgent(firewall_l3_agent.FWaaSL3AgentRpcCallback, manager.Manager):
# This is safe because if use_namespaces is set as False # This is safe because if use_namespaces is set as False
# then the agent can only configure one router, otherwise # then the agent can only configure one router, otherwise
# each router's SNAT rules will be in their own namespace # each router's SNAT rules will be in their own namespace
ri.iptables_manager.ipv4['nat'].empty_chain('POSTROUTING') if ri.router['distributed']:
ri.iptables_manager.ipv4['nat'].empty_chain('snat') iptables_manager = ri.snat_iptables_manager
else:
iptables_manager = ri.iptables_manager
iptables_manager.ipv4['nat'].empty_chain('POSTROUTING')
iptables_manager.ipv4['nat'].empty_chain('snat')
if not ri.router['distributed']:
# Add back the jump to float-snat # Add back the jump to float-snat
ri.iptables_manager.ipv4['nat'].add_rule('snat', '-j $float-snat') iptables_manager.ipv4['nat'].add_rule('snat', '-j $float-snat')
# And add them back if the action if add_rules # And add them back if the action is add_rules
if action == 'add_rules' and ex_gw_port: if action == 'add_rules' and ex_gw_port:
# ex_gw_port should not be None in this case # ex_gw_port should not be None in this case
# NAT rules are added only if ex_gw_port has an IPv4 address # NAT rules are added only if ex_gw_port has an IPv4 address
@ -709,8 +850,31 @@ class L3NATAgent(firewall_l3_agent.FWaaSL3AgentRpcCallback, manager.Manager):
internal_cidrs, internal_cidrs,
interface_name) interface_name)
for rule in rules: for rule in rules:
ri.iptables_manager.ipv4['nat'].add_rule(*rule) iptables_manager.ipv4['nat'].add_rule(*rule)
break break
iptables_manager.apply()
def _handle_router_fip_nat_rules(self, ri, interface_name, action):
"""Configures NAT rules for Floating IPs for DVR.
Remove all the rules. This is safe because if
use_namespaces is set as False then the agent can
only configure one router, otherwise each router's
NAT rules will be in their own namespace.
"""
ri.iptables_manager.ipv4['nat'].empty_chain('POSTROUTING')
ri.iptables_manager.ipv4['nat'].empty_chain('snat')
# Add back the jump to float-snat
ri.iptables_manager.ipv4['nat'].add_rule('snat', '-j $float-snat')
# And add them back if the action is add_rules
if action == 'add_rules' and interface_name:
rule = ('POSTROUTING', '! -i %(interface_name)s '
'! -o %(interface_name)s -m conntrack ! '
'--ctstate DNAT -j ACCEPT' %
{'interface_name': interface_name})
ri.iptables_manager.ipv4['nat'].add_rule(*rule)
ri.iptables_manager.apply() ri.iptables_manager.apply()
def process_router_floating_ip_nat_rules(self, ri): def process_router_floating_ip_nat_rules(self, ri):
@ -721,8 +885,9 @@ class L3NATAgent(firewall_l3_agent.FWaaSL3AgentRpcCallback, manager.Manager):
# Clear out all iptables rules for floating ips # Clear out all iptables rules for floating ips
ri.iptables_manager.ipv4['nat'].clear_rules_by_tag('floating_ip') ri.iptables_manager.ipv4['nat'].clear_rules_by_tag('floating_ip')
floating_ips = self.get_floating_ips(ri)
# Loop once to ensure that floating ips are configured. # Loop once to ensure that floating ips are configured.
for fip in ri.router.get(l3_constants.FLOATINGIP_KEY, []): for fip in floating_ips:
# Rebuild iptables rules for the floating ip. # Rebuild iptables rules for the floating ip.
fixed = fip['fixed_ip_address'] fixed = fip['fixed_ip_address']
fip_ip = fip['floating_ip_address'] fip_ip = fip['floating_ip_address']
@ -739,14 +904,33 @@ class L3NATAgent(firewall_l3_agent.FWaaSL3AgentRpcCallback, manager.Manager):
those that should not longer be configured. those that should not longer be configured.
""" """
fip_statuses = {} fip_statuses = {}
floating_ips = ri.router.get(l3_constants.FLOATINGIP_KEY, [])
if ri.router['distributed']:
# filter out only FIPs for this host/agent
floating_ips = [i for i in floating_ips if i['host'] == self.host]
if floating_ips and self.agent_gateway_port is None:
self._create_agent_gateway_port(ri, floating_ips[0]
['floating_network_id'])
if self.agent_gateway_port:
if floating_ips and ri.dist_fip_count == 0:
self.create_rtr_2_fip_link(ri, floating_ips[0]
['floating_network_id'])
interface_name = self.get_rtr_int_device_name(ri.router_id)
else:
# there are no fips or agent port, no work to do
return fip_statuses
else:
interface_name = self.get_external_device_name(ex_gw_port['id']) interface_name = self.get_external_device_name(ex_gw_port['id'])
device = ip_lib.IPDevice(interface_name, self.root_helper, device = ip_lib.IPDevice(interface_name, self.root_helper,
namespace=ri.ns_name) namespace=ri.ns_name)
existing_cidrs = set([addr['cidr'] for addr in device.addr.list()]) existing_cidrs = set([addr['cidr'] for addr in device.addr.list()])
new_cidrs = set() new_cidrs = set()
# Loop once to ensure that floating ips are configured. # Loop once to ensure that floating ips are configured.
for fip in ri.router.get(l3_constants.FLOATINGIP_KEY, []): for fip in floating_ips:
fip_ip = fip['floating_ip_address'] fip_ip = fip['floating_ip_address']
ip_cidr = str(fip_ip) + FLOATING_IP_CIDR_SUFFIX ip_cidr = str(fip_ip) + FLOATING_IP_CIDR_SUFFIX
@ -765,10 +949,15 @@ class L3NATAgent(firewall_l3_agent.FWaaSL3AgentRpcCallback, manager.Manager):
LOG.warn(_("Unable to configure IP address for " LOG.warn(_("Unable to configure IP address for "
"floating IP: %s"), fip['id']) "floating IP: %s"), fip['id'])
continue continue
if ri.router['distributed']:
# Special Handling for DVR - update FIP namespace
# and ri.namespace to handle DVR based FIP
self.floating_ip_added_dist(ri, fip)
else:
# As GARP is processed in a distinct thread the call below # As GARP is processed in a distinct thread the call below
# won't raise an exception to be handled. # won't raise an exception to be handled.
self._send_gratuitous_arp_packet( self._send_gratuitous_arp_packet(
ri, interface_name, fip_ip) ri.ns_name, interface_name, fip_ip)
fip_statuses[fip['id']] = ( fip_statuses[fip['id']] = (
l3_constants.FLOATINGIP_STATUS_ACTIVE) l3_constants.FLOATINGIP_STATUS_ACTIVE)
@ -777,26 +966,48 @@ class L3NATAgent(firewall_l3_agent.FWaaSL3AgentRpcCallback, manager.Manager):
if ip_cidr.endswith(FLOATING_IP_CIDR_SUFFIX): if ip_cidr.endswith(FLOATING_IP_CIDR_SUFFIX):
net = netaddr.IPNetwork(ip_cidr) net = netaddr.IPNetwork(ip_cidr)
device.addr.delete(net.version, ip_cidr) device.addr.delete(net.version, ip_cidr)
if ri.router['distributed']:
self.floating_ip_removed_dist(ri, ip_cidr)
return fip_statuses return fip_statuses
def _get_ex_gw_port(self, ri): def _get_ex_gw_port(self, ri):
return ri.router.get('gw_port') return ri.router.get('gw_port')
def _arping(self, ri, interface_name, ip_address): def _arping(self, ns_name, interface_name, ip_address, distributed=False):
if distributed:
device = ip_lib.IPDevice(interface_name, self.root_helper,
namespace=ns_name)
ip_cidr = str(ip_address) + FLOATING_IP_CIDR_SUFFIX
net = netaddr.IPNetwork(ip_cidr)
device.addr.add(net.version, ip_cidr, str(net.broadcast))
arping_cmd = ['arping', '-A', arping_cmd = ['arping', '-A',
'-I', interface_name, '-I', interface_name,
'-c', self.conf.send_arp_for_ha, '-c', self.conf.send_arp_for_ha,
ip_address] ip_address]
try: try:
ip_wrapper = ip_lib.IPWrapper(self.root_helper, ip_wrapper = ip_lib.IPWrapper(self.root_helper,
namespace=ri.ns_name) namespace=ns_name)
ip_wrapper.netns.execute(arping_cmd, check_exit_code=True) ip_wrapper.netns.execute(arping_cmd, check_exit_code=True)
except Exception as e: except Exception as e:
LOG.error(_("Failed sending gratuitous ARP: %s"), str(e)) LOG.error(_("Failed sending gratuitous ARP: %s"), str(e))
if distributed:
device.addr.delete(net.version, ip_cidr)
def _send_gratuitous_arp_packet(self, ri, interface_name, ip_address): def _send_gratuitous_arp_packet(self, ns_name, interface_name, ip_address,
distributed=False):
if self.conf.send_arp_for_ha > 0: if self.conf.send_arp_for_ha > 0:
eventlet.spawn_n(self._arping, ri, interface_name, ip_address) eventlet.spawn_n(self._arping, ns_name, interface_name, ip_address,
distributed)
def get_internal_port(self, ri, subnet_id):
"""Return internal router port based on subnet_id."""
router_ports = ri.router.get(l3_constants.INTERFACE_KEY, [])
for port in router_ports:
fips = port['fixed_ips']
for f in fips:
if f['subnet_id'] == subnet_id:
return port
def get_internal_device_name(self, port_id): def get_internal_device_name(self, port_id):
return (INTERNAL_DEV_PREFIX + port_id)[:self.driver.DEV_NAME_LEN] return (INTERNAL_DEV_PREFIX + port_id)[:self.driver.DEV_NAME_LEN]
@ -804,38 +1015,184 @@ class L3NATAgent(firewall_l3_agent.FWaaSL3AgentRpcCallback, manager.Manager):
def get_external_device_name(self, port_id): def get_external_device_name(self, port_id):
return (EXTERNAL_DEV_PREFIX + port_id)[:self.driver.DEV_NAME_LEN] return (EXTERNAL_DEV_PREFIX + port_id)[:self.driver.DEV_NAME_LEN]
def get_fip_ext_device_name(self, port_id):
return (FIP_EXT_DEV_PREFIX + port_id)[:self.driver.DEV_NAME_LEN]
def get_rtr_int_device_name(self, router_id):
return (ROUTER_2_FIP_DEV_PREFIX + router_id)[:self.driver.DEV_NAME_LEN]
def get_fip_int_device_name(self, router_id):
return (FIP_2_ROUTER_DEV_PREFIX + router_id)[:self.driver.DEV_NAME_LEN]
def get_snat_int_device_name(self, port_id):
return (SNAT_INT_DEV_PREFIX + port_id)[:self.driver.DEV_NAME_LEN]
def get_fip_ns_name(self, ext_net_id):
return (FIP_NS_PREFIX + ext_net_id)
def get_snat_ns_name(self, router_id):
return (SNAT_NS_PREFIX + router_id)
def get_snat_interfaces(self, ri):
return ri.router.get(l3_constants.SNAT_ROUTER_INTF_KEY, [])
def get_floating_ips(self, ri):
"""Filter Floating IPs to be hosted on this agent."""
floating_ips = ri.router.get(l3_constants.FLOATINGIP_KEY, [])
if ri.router['distributed']:
floating_ips = [i for i in floating_ips if i['host'] == self.host]
return floating_ips
def _map_internal_interfaces(self, ri, int_port, snat_ports):
"""Return the SNAT port for the given internal interface port."""
fixed_ip = int_port['fixed_ips'][0]
subnet_id = fixed_ip['subnet_id']
match_port = [p for p in snat_ports if
p['fixed_ips'][0]['subnet_id'] == subnet_id]
if match_port:
return match_port[0]
else:
LOG.error(_('DVR: no map match_port found!'))
def _create_dvr_gateway(self, ri, ex_gw_port, gw_interface_name,
internal_cidrs, snat_ports):
"""Create SNAT namespace."""
snat_ns_name = self.get_snat_ns_name(ri.router['id'])
self._create_namespace(snat_ns_name)
# connect snat_ports to br_int from SNAT namespace
for port in snat_ports:
# create interface_name
self._set_subnet_info(port)
interface_name = self.get_snat_int_device_name(port['id'])
self._internal_network_added(snat_ns_name, port['network_id'],
port['id'], port['ip_cidr'],
port['mac_address'], interface_name,
SNAT_INT_DEV_PREFIX)
self._external_gateway_added(ri, ex_gw_port, gw_interface_name,
internal_cidrs, snat_ns_name,
preserve_ips=[])
ri.snat_iptables_manager = (
iptables_manager.IptablesManager(
root_helper=self.root_helper, namespace=snat_ns_name
)
)
def external_gateway_added(self, ri, ex_gw_port, def external_gateway_added(self, ri, ex_gw_port,
interface_name, internal_cidrs): interface_name, internal_cidrs):
if ri.router['distributed']:
ip_wrapr = ip_lib.IPWrapper(self.root_helper, namespace=ri.ns_name)
ip_wrapr.netns.execute(['sysctl', '-w',
'net.ipv4.conf.all.send_redirects=0'])
snat_ports = self.get_snat_interfaces(ri)
for p in ri.internal_ports:
gateway = self._map_internal_interfaces(ri, p, snat_ports)
id_name = self.get_internal_device_name(p['id'])
if gateway:
self._snat_redirect_add(ri, gateway['fixed_ips'][0]
['ip_address'], p, id_name)
self.driver.plug(ex_gw_port['network_id'], if self.conf.agent_mode == 'dvr_snat' and (
ex_gw_port['id'], interface_name, ri.router['gw_port_host'] == self.host):
ex_gw_port['mac_address'], if snat_ports:
bridge=self.conf.external_network_bridge, self._create_dvr_gateway(ri, ex_gw_port,
namespace=ri.ns_name, interface_name,
prefix=EXTERNAL_DEV_PREFIX) internal_cidrs, snat_ports)
for port in snat_ports:
for ip in port['fixed_ips']:
self._update_arp_entry(ri, ip['ip_address'],
port['mac_address'],
ip['subnet_id'], 'add')
return
# Compute a list of addresses this router is supposed to have. # Compute a list of addresses this router is supposed to have.
# This avoids unnecessarily removing those addresses and # This avoids unnecessarily removing those addresses and
# causing a momentarily network outage. # causing a momentarily network outage.
floating_ips = ri.router.get(l3_constants.FLOATINGIP_KEY, []) floating_ips = self.get_floating_ips(ri)
preserve_ips = [ip['floating_ip_address'] + FLOATING_IP_CIDR_SUFFIX preserve_ips = [ip['floating_ip_address'] + FLOATING_IP_CIDR_SUFFIX
for ip in floating_ips] for ip in floating_ips]
self._external_gateway_added(ri, ex_gw_port, interface_name,
internal_cidrs, ri.ns_name,
preserve_ips)
def _external_gateway_added(self, ri, ex_gw_port, interface_name,
internal_cidrs, ns_name, preserve_ips):
if not ip_lib.device_exists(interface_name,
root_helper=self.root_helper,
namespace=ns_name):
self.driver.plug(ex_gw_port['network_id'],
ex_gw_port['id'], interface_name,
ex_gw_port['mac_address'],
bridge=self.conf.external_network_bridge,
namespace=ns_name,
prefix=EXTERNAL_DEV_PREFIX)
self.driver.init_l3(interface_name, [ex_gw_port['ip_cidr']], self.driver.init_l3(interface_name, [ex_gw_port['ip_cidr']],
namespace=ri.ns_name, namespace=ns_name,
gateway=ex_gw_port['subnet'].get('gateway_ip'), gateway=ex_gw_port['subnet'].get('gateway_ip'),
extra_subnets=ex_gw_port.get('extra_subnets', []), extra_subnets=ex_gw_port.get('extra_subnets', []),
preserve_ips=preserve_ips) preserve_ips=preserve_ips)
ip_address = ex_gw_port['ip_cidr'].split('/')[0] ip_address = ex_gw_port['ip_cidr'].split('/')[0]
self._send_gratuitous_arp_packet(ri, interface_name, ip_address) self._send_gratuitous_arp_packet(ns_name,
interface_name, ip_address)
def agent_gateway_added(self, ns_name, ex_gw_port,
interface_name):
"""Add Floating IP gateway port to FIP namespace."""
if not ip_lib.device_exists(interface_name,
root_helper=self.root_helper,
namespace=ns_name):
self.driver.plug(ex_gw_port['network_id'],
ex_gw_port['id'], interface_name,
ex_gw_port['mac_address'],
bridge=self.conf.external_network_bridge,
namespace=ns_name,
prefix=FIP_EXT_DEV_PREFIX)
self.driver.init_l3(interface_name, [ex_gw_port['ip_cidr']],
namespace=ns_name)
ip_address = ex_gw_port['ip_cidr'].split('/')[0]
self._send_gratuitous_arp_packet(ns_name, interface_name, ip_address)
gw_ip = ex_gw_port['subnet']['gateway_ip']
if gw_ip:
ipd = ip_lib.IPDevice(interface_name, self.root_helper,
namespace=ns_name)
ipd.route.add_gateway(gw_ip)
cmd = ['sysctl', '-w', 'net.ipv4.conf.%s.proxy_arp=1' % interface_name]
ip_wrapper = ip_lib.IPWrapper(self.root_helper, namespace=ns_name)
ip_wrapper.netns.execute(cmd, check_exit_code=False)
def internal_ns_interface_added(self, ip_cidr,
interface_name, ns_name):
ip_wrapper = ip_lib.IPWrapper(self.root_helper, namespace=ns_name)
ip_wrapper.netns.execute(['ip', 'addr', 'add',
ip_cidr, 'dev', interface_name])
def external_gateway_removed(self, ri, ex_gw_port, def external_gateway_removed(self, ri, ex_gw_port,
interface_name, internal_cidrs): interface_name, internal_cidrs):
if ri.router['distributed']:
for p in ri.internal_ports:
internal_interface = self.get_internal_device_name(p['id'])
self._snat_redirect_remove(ri, p, internal_interface)
if self.conf.agent_mode == 'dvr_snat' and (
ex_gw_port['binding:host_id'] == self.host):
ns_name = self.get_snat_ns_name(ri.router['id'])
else:
# not hosting agent - no work to do
LOG.debug('DVR: CSNAT not hosted: %s', ex_gw_port)
return
else:
ns_name = ri.ns_name
self.driver.unplug(interface_name, self.driver.unplug(interface_name,
bridge=self.conf.external_network_bridge, bridge=self.conf.external_network_bridge,
namespace=ri.ns_name, namespace=ns_name,
prefix=EXTERNAL_DEV_PREFIX) prefix=EXTERNAL_DEV_PREFIX)
if ri.router['distributed']:
self._destroy_snat_namespace(ns_name)
def metadata_filter_rules(self): def metadata_filter_rules(self):
rules = [] rules = []
@ -863,23 +1220,100 @@ class L3NATAgent(firewall_l3_agent.FWaaSL3AgentRpcCallback, manager.Manager):
rules.extend(self.internal_network_nat_rules(ex_gw_ip, cidr)) rules.extend(self.internal_network_nat_rules(ex_gw_ip, cidr))
return rules return rules
def internal_network_added(self, ri, network_id, port_id, def _snat_redirect_add(self, ri, gateway, sn_port, sn_int):
internal_cidr, mac_address): """Adds rules and routes for SNAT redirection."""
interface_name = self.get_internal_device_name(port_id) try:
snat_idx = netaddr.IPNetwork(sn_port['ip_cidr']).value
ns_ipr = ip_lib.IpRule(self.root_helper, namespace=ri.ns_name)
ns_ipd = ip_lib.IPDevice(sn_int, self.root_helper,
namespace=ri.ns_name)
ns_ipd.route.add_gateway(gateway, table=snat_idx)
ns_ipr.add_rule_from(sn_port['ip_cidr'], snat_idx, snat_idx)
ns_ipr.netns.execute(['sysctl', '-w', 'net.ipv4.conf.%s.'
'send_redirects=0' % sn_int])
except Exception:
LOG.exception(_('DVR: error adding redirection logic'))
def _snat_redirect_remove(self, ri, sn_port, sn_int):
"""Removes rules and routes for SNAT redirection."""
try:
snat_idx = netaddr.IPNetwork(sn_port['ip_cidr']).value
ns_ipr = ip_lib.IpRule(self.root_helper, namespace=ri.ns_name)
ns_ipd = ip_lib.IPDevice(sn_int, self.root_helper,
namespace=ri.ns_name)
ns_ipd.route.delete_gateway(table=snat_idx)
ns_ipr.delete_rule_priority(snat_idx)
except Exception:
LOG.exception(_('DVR: removed snat failed'))
def _internal_network_added(self, ns_name, network_id, port_id,
internal_cidr, mac_address,
interface_name, prefix):
if not ip_lib.device_exists(interface_name, if not ip_lib.device_exists(interface_name,
root_helper=self.root_helper, root_helper=self.root_helper,
namespace=ri.ns_name): namespace=ns_name):
self.driver.plug(network_id, port_id, interface_name, mac_address, self.driver.plug(network_id, port_id, interface_name, mac_address,
namespace=ri.ns_name, namespace=ns_name,
prefix=INTERNAL_DEV_PREFIX) prefix=prefix)
self.driver.init_l3(interface_name, [internal_cidr], self.driver.init_l3(interface_name, [internal_cidr],
namespace=ri.ns_name) namespace=ns_name)
ip_address = internal_cidr.split('/')[0] ip_address = internal_cidr.split('/')[0]
self._send_gratuitous_arp_packet(ri, interface_name, ip_address) self._send_gratuitous_arp_packet(ns_name, interface_name, ip_address)
def internal_network_added(self, ri, port):
network_id = port['network_id']
port_id = port['id']
internal_cidr = port['ip_cidr']
mac_address = port['mac_address']
def internal_network_removed(self, ri, port_id, internal_cidr):
interface_name = self.get_internal_device_name(port_id) interface_name = self.get_internal_device_name(port_id)
self._internal_network_added(ri.ns_name, network_id, port_id,
internal_cidr, mac_address,
interface_name, INTERNAL_DEV_PREFIX)
ex_gw_port = self._get_ex_gw_port(ri)
if ri.router['distributed'] and ex_gw_port:
snat_ports = self.get_snat_interfaces(ri)
snat_ip = self._map_internal_interfaces(ri, port, snat_ports)
if snat_ip:
self._snat_redirect_add(ri, snat_ip['fixed_ips'][0]
['ip_address'], port, interface_name)
if self.conf.agent_mode == 'dvr_snat' and (
ri.router['gw_port_host'] == self.host):
ns_name = self.get_snat_ns_name(ri.router['id'])
for port in snat_ports:
self._set_subnet_info(port)
interface_name = self.get_snat_int_device_name(port['id'])
self._internal_network_added(ns_name, port['network_id'],
port['id'], internal_cidr,
port['mac_address'],
interface_name,
SNAT_INT_DEV_PREFIX)
def internal_network_removed(self, ri, port):
port_id = port['id']
interface_name = self.get_internal_device_name(port_id)
if ri.router['distributed'] and ri.ex_gw_port:
# DVR handling code for SNAT
self._snat_redirect_remove(ri, port, interface_name)
if self.conf.agent_mode == 'dvr_snat' and (
ri.ex_gw_port['binding:host_id'] == self.host):
snat_port = self._map_internal_interfaces(ri, port,
ri.snat_ports)
if snat_port:
snat_interface = (
self.get_snat_int_device_name(snat_port['id'])
)
ns_name = self.get_snat_ns_name(ri.router['id'])
prefix = SNAT_INT_DEV_PREFIX
if ip_lib.device_exists(snat_interface,
root_helper=self.root_helper,
namespace=ns_name):
self.driver.unplug(snat_interface, namespace=ns_name,
prefix=prefix)
if ip_lib.device_exists(interface_name, if ip_lib.device_exists(interface_name,
root_helper=self.root_helper, root_helper=self.root_helper,
namespace=ri.ns_name): namespace=ri.ns_name):
@ -891,6 +1325,118 @@ class L3NATAgent(firewall_l3_agent.FWaaSL3AgentRpcCallback, manager.Manager):
(internal_cidr, ex_gw_ip))] (internal_cidr, ex_gw_ip))]
return rules return rules
def _create_agent_gateway_port(self, ri, network_id):
"""Create Floating IP gateway port.
Request port creation from Plugin then creates
Floating IP namespace and adds gateway port.
"""
self.agent_gateway_port = (
self.plugin_rpc.get_agent_gateway_port(
self.context, network_id))
if 'subnet' not in self.agent_gateway_port:
LOG.error(_('Missing subnet/agent_gateway_port'))
return
self._set_subnet_info(self.agent_gateway_port)
# add fip-namespace and agent_gateway_port
fip_ns_name = (
self.get_fip_ns_name(str(network_id)))
self._create_namespace(fip_ns_name)
interface_name = (
self.get_fip_ext_device_name(self.agent_gateway_port['id']))
self.agent_gateway_added(fip_ns_name, self.agent_gateway_port,
interface_name)
def create_rtr_2_fip_link(self, ri, network_id):
"""Create interface between router and Floating IP namespace."""
rtr_2_fip_name = self.get_rtr_int_device_name(ri.router_id)
fip_2_rtr_name = self.get_fip_int_device_name(ri.router_id)
fip_ns_name = self.get_fip_ns_name(str(network_id))
# add link local IP to interface
if ri.rtr_2_fip is None:
ri.rtr_2_fip = FIP_LL_PREFIX + str(self.local_ips.pop())
if ri.fip_2_rtr is None:
ri.fip_2_rtr = FIP_LL_PREFIX + str(self.local_ips.pop())
ip_wrapper = ip_lib.IPWrapper(self.root_helper,
namespace=ri.ns_name)
int_dev = ip_wrapper.add_veth(rtr_2_fip_name,
fip_2_rtr_name, fip_ns_name)
self.internal_ns_interface_added(ri.rtr_2_fip + '/31',
rtr_2_fip_name, ri.ns_name)
self.internal_ns_interface_added(ri.fip_2_rtr + '/31',
fip_2_rtr_name, fip_ns_name)
int_dev[0].link.set_up()
int_dev[1].link.set_up()
# add default route for the link local interface
device = ip_lib.IPDevice(rtr_2_fip_name, self.root_helper,
namespace=ri.ns_name)
device.route.add_gateway(ri.fip_2_rtr, table=FIP_RT_TBL)
#setup the NAT rules and chains
self._handle_router_fip_nat_rules(ri, rtr_2_fip_name, 'add_rules')
def floating_ip_added_dist(self, ri, fip):
"""Add floating IP to FIP namespace."""
floating_ip = fip['floating_ip_address']
fixed_ip = fip['fixed_ip_address']
rule_pr = self.fip_priorities.pop()
ri.floating_ips_dict[floating_ip] = rule_pr
fip_2_rtr_name = self.get_fip_int_device_name(ri.router_id)
ip_rule = ip_lib.IpRule(self.root_helper, namespace=ri.ns_name)
ip_rule.add_rule_from(fixed_ip, FIP_RT_TBL, rule_pr)
#Add routing rule in fip namespace
fip_cidr = str(floating_ip) + FLOATING_IP_CIDR_SUFFIX
fip_ns_name = self.get_fip_ns_name(str(fip['floating_network_id']))
device = ip_lib.IPDevice(fip_2_rtr_name, self.root_helper,
namespace=fip_ns_name)
device.route.add_route(fip_cidr, ri.rtr_2_fip)
interface_name = (
self.get_fip_ext_device_name(self.agent_gateway_port['id']))
self._send_gratuitous_arp_packet(fip_ns_name,
interface_name, floating_ip,
distributed=True)
# update internal structures
self.agent_fip_count = self.agent_fip_count + 1
ri.dist_fip_count = ri.dist_fip_count + 1
def floating_ip_removed_dist(self, ri, fip_cidr):
"""Remove floating IP from FIP namespace."""
floating_ip = fip_cidr.split('/')[0]
rtr_2_fip_name = self.get_rtr_int_device_name(ri.router_id)
fip_2_rtr_name = self.get_fip_int_device_name(ri.router_id)
fip_ns_name = self.get_fip_ns_name(str(self._fetch_external_net_id()))
ip_rule_rtr = ip_lib.IpRule(self.root_helper, namespace=ri.ns_name)
if floating_ip in ri.floating_ips_dict:
rule_pr = ri.floating_ips_dict[floating_ip]
#TODO(rajeev): Handle else case - exception/log?
else:
rule_pr = None
ip_rule_rtr.delete_rule_priority(rule_pr)
self.fip_priorities.add(rule_pr)
device = ip_lib.IPDevice(fip_2_rtr_name, self.root_helper,
namespace=fip_ns_name)
device.route.delete_route(fip_cidr, ri.rtr_2_fip)
# check if this is the last FIP for this router
ri.dist_fip_count = ri.dist_fip_count - 1
if ri.dist_fip_count == 0:
#remove default route entry
device = ip_lib.IPDevice(rtr_2_fip_name, self.root_helper,
namespace=ri.ns_name)
device.route.delete_gateway(ri.fip_2_rtr, table=FIP_RT_TBL)
self.local_ips.add(ri.rtr_2_fip.rsplit('.', 1)[1])
ri.rtr_2_fip = None
self.local_ips.add(ri.fip_2_rtr.rsplit('.', 1)[1])
ri.fip_2_rtr = None
# TODO(mrsmith): remove interface
# clean up fip-namespace if this is the last FIP
self.agent_fip_count = self.agent_fip_count - 1
if self.agent_fip_count == 0:
self._destroy_fip_namespace(fip_ns_name)
def floating_forward_rules(self, floating_ip, fixed_ip): def floating_forward_rules(self, floating_ip, fixed_ip):
return [('PREROUTING', '-d %s -j DNAT --to %s' % return [('PREROUTING', '-d %s -j DNAT --to %s' %
(floating_ip, fixed_ip)), (floating_ip, fixed_ip)),
@ -905,6 +1451,46 @@ class L3NATAgent(firewall_l3_agent.FWaaSL3AgentRpcCallback, manager.Manager):
update = RouterUpdate(router_id, PRIORITY_RPC, action=DELETE_ROUTER) update = RouterUpdate(router_id, PRIORITY_RPC, action=DELETE_ROUTER)
self._queue.add(update) self._queue.add(update)
def _update_arp_entry(self, ri, ip, mac, subnet_id, operation):
"""Add or delete arp entry into router namespace."""
port = self.get_internal_port(ri, subnet_id)
if 'id' in port:
ip_cidr = str(ip) + '/32'
try:
# TODO(mrsmith): optimize the calls below for bulk calls
net = netaddr.IPNetwork(ip_cidr)
interface_name = self.get_internal_device_name(port['id'])
device = ip_lib.IPDevice(interface_name, self.root_helper,
namespace=ri.ns_name)
if operation == 'add':
device.neigh.add(net.version, ip, mac)
elif operation == 'delete':
device.neigh.delete(net.version, ip, mac)
except Exception:
LOG.exception(_("DVR: Failed updating arp entry"))
self.fullsync = True
def add_arp_entry(self, context, payload):
"""Add arp entry into router namespace. Called from RPC."""
arp_table = payload['arp_table']
router_id = payload['router_id']
ip = arp_table['ip_address']
mac = arp_table['mac_address']
subnet_id = arp_table['subnet_id']
ri = self.router_info.get(router_id)
self._update_arp_entry(ri, ip, mac, subnet_id, 'add')
def del_arp_entry(self, context, payload):
"""Delete arp entry from router namespace. Called from RPC."""
arp_table = payload['arp_table']
router_id = payload['router_id']
ip = arp_table['ip_address']
mac = arp_table['mac_address']
subnet_id = arp_table['subnet_id']
ri = self.router_info.get(router_id)
if ri:
self._update_arp_entry(ri, ip, mac, subnet_id, 'delete')
def routers_updated(self, context, routers): def routers_updated(self, context, routers):
"""Deal with routers modification and creation RPC message.""" """Deal with routers modification and creation RPC message."""
LOG.debug(_('Got routers updated notification :%s'), routers) LOG.debug(_('Got routers updated notification :%s'), routers)
@ -1115,6 +1701,7 @@ class L3NATAgentWithStateReport(L3NATAgent):
'host': host, 'host': host,
'topic': topics.L3_AGENT, 'topic': topics.L3_AGENT,
'configurations': { 'configurations': {
'agent_mode': self.conf.agent_mode,
'use_namespaces': self.conf.use_namespaces, 'use_namespaces': self.conf.use_namespaces,
'router_id': self.conf.router_id, 'router_id': self.conf.router_id,
'handle_internal_only_routers': 'handle_internal_only_routers':

View File

@ -92,7 +92,7 @@ class TestVPNAgent(base.BaseTestCase):
def test_get_namespace(self): def test_get_namespace(self):
router_id = _uuid() router_id = _uuid()
ri = l3_agent.RouterInfo(router_id, self.conf.root_helper, ri = l3_agent.RouterInfo(router_id, self.conf.root_helper,
self.conf.use_namespaces, None) self.conf.use_namespaces, {})
self.agent.router_info = {router_id: ri} self.agent.router_info = {router_id: ri}
namespace = self.agent.get_namespace(router_id) namespace = self.agent.get_namespace(router_id)
self.assertTrue(namespace.endswith(router_id)) self.assertTrue(namespace.endswith(router_id))
@ -101,7 +101,7 @@ class TestVPNAgent(base.BaseTestCase):
def test_add_nat_rule(self): def test_add_nat_rule(self):
router_id = _uuid() router_id = _uuid()
ri = l3_agent.RouterInfo(router_id, self.conf.root_helper, ri = l3_agent.RouterInfo(router_id, self.conf.root_helper,
self.conf.use_namespaces, None) self.conf.use_namespaces, {})
iptables = mock.Mock() iptables = mock.Mock()
ri.iptables_manager.ipv4['nat'] = iptables ri.iptables_manager.ipv4['nat'] = iptables
self.agent.router_info = {router_id: ri} self.agent.router_info = {router_id: ri}
@ -121,7 +121,7 @@ class TestVPNAgent(base.BaseTestCase):
def test_remove_rule(self): def test_remove_rule(self):
router_id = _uuid() router_id = _uuid()
ri = l3_agent.RouterInfo(router_id, self.conf.root_helper, ri = l3_agent.RouterInfo(router_id, self.conf.root_helper,
self.conf.use_namespaces, None) self.conf.use_namespaces, {})
iptables = mock.Mock() iptables = mock.Mock()
ri.iptables_manager.ipv4['nat'] = iptables ri.iptables_manager.ipv4['nat'] = iptables
self.agent.router_info = {router_id: ri} self.agent.router_info = {router_id: ri}
@ -140,7 +140,7 @@ class TestVPNAgent(base.BaseTestCase):
def test_iptables_apply(self): def test_iptables_apply(self):
router_id = _uuid() router_id = _uuid()
ri = l3_agent.RouterInfo(router_id, self.conf.root_helper, ri = l3_agent.RouterInfo(router_id, self.conf.root_helper,
self.conf.use_namespaces, None) self.conf.use_namespaces, {})
iptables = mock.Mock() iptables = mock.Mock()
ri.iptables_manager = iptables ri.iptables_manager = iptables
self.agent.router_info = {router_id: ri} self.agent.router_info = {router_id: ri}
@ -168,12 +168,13 @@ class TestVPNAgent(base.BaseTestCase):
'neutron.agent.linux.iptables_manager.IptablesManager').start() 'neutron.agent.linux.iptables_manager.IptablesManager').start()
router_id = _uuid() router_id = _uuid()
ri = l3_agent.RouterInfo(router_id, self.conf.root_helper, ri = l3_agent.RouterInfo(router_id, self.conf.root_helper,
self.conf.use_namespaces, None) self.conf.use_namespaces, {})
ri.router = { ri.router = {
'id': _uuid(), 'id': _uuid(),
'admin_state_up': True, 'admin_state_up': True,
'routes': [], 'routes': [],
'external_gateway_info': {}} 'external_gateway_info': {},
'distributed': False}
device = mock.Mock() device = mock.Mock()
self.agent.router_info = {router_id: ri} self.agent.router_info = {router_id: ri}
self.agent.devices = [device] self.agent.devices = [device]

View File

@ -37,6 +37,7 @@ _uuid = uuidutils.generate_uuid
HOSTNAME = 'myhost' HOSTNAME = 'myhost'
FAKE_ID = _uuid() FAKE_ID = _uuid()
FAKE_ID_2 = _uuid() FAKE_ID_2 = _uuid()
FIP_PRI = 32768
class TestExclusiveRouterProcessor(base.BaseTestCase): class TestExclusiveRouterProcessor(base.BaseTestCase):
@ -165,6 +166,14 @@ class TestBasicRouterOperations(base.BaseTestCase):
self.mock_ip = mock.MagicMock() self.mock_ip = mock.MagicMock()
ip_cls.return_value = self.mock_ip ip_cls.return_value = self.mock_ip
ip_rule = mock.patch('neutron.agent.linux.ip_lib.IpRule').start()
self.mock_rule = mock.MagicMock()
ip_rule.return_value = self.mock_rule
ip_dev = mock.patch('neutron.agent.linux.ip_lib.IPDevice').start()
self.mock_ip_dev = mock.MagicMock()
ip_dev.return_value = self.mock_ip_dev
self.l3pluginApi_cls_p = mock.patch( self.l3pluginApi_cls_p = mock.patch(
'neutron.agent.l3_agent.L3PluginApi') 'neutron.agent.l3_agent.L3PluginApi')
l3pluginApi_cls = self.l3pluginApi_cls_p.start() l3pluginApi_cls = self.l3pluginApi_cls_p.start()
@ -175,6 +184,8 @@ class TestBasicRouterOperations(base.BaseTestCase):
'neutron.openstack.common.loopingcall.FixedIntervalLoopingCall') 'neutron.openstack.common.loopingcall.FixedIntervalLoopingCall')
self.looping_call_p.start() self.looping_call_p.start()
self.subnet_id_list = []
def test__sync_routers_task_raise_exception(self): def test__sync_routers_task_raise_exception(self):
agent = l3_agent.L3NATAgent(HOSTNAME, self.conf) agent = l3_agent.L3NATAgent(HOSTNAME, self.conf)
self.plugin_api.get_routers.side_effect = Exception() self.plugin_api.get_routers.side_effect = Exception()
@ -192,7 +203,7 @@ class TestBasicRouterOperations(base.BaseTestCase):
def test_router_info_create(self): def test_router_info_create(self):
id = _uuid() id = _uuid()
ri = l3_agent.RouterInfo(id, self.conf.root_helper, ri = l3_agent.RouterInfo(id, self.conf.root_helper,
self.conf.use_namespaces, None) self.conf.use_namespaces, {})
self.assertTrue(ri.ns_name.endswith(id)) self.assertTrue(ri.ns_name.endswith(id))
@ -221,24 +232,28 @@ class TestBasicRouterOperations(base.BaseTestCase):
port_id = _uuid() port_id = _uuid()
router_id = _uuid() router_id = _uuid()
network_id = _uuid() network_id = _uuid()
router = self._prepare_router_data(num_internal_ports=2)
router_id = router['id']
ri = l3_agent.RouterInfo(router_id, self.conf.root_helper, ri = l3_agent.RouterInfo(router_id, self.conf.root_helper,
self.conf.use_namespaces, None) self.conf.use_namespaces, router=router)
agent = l3_agent.L3NATAgent(HOSTNAME, self.conf) agent = l3_agent.L3NATAgent(HOSTNAME, self.conf)
cidr = '99.0.1.9/24' cidr = '99.0.1.9/24'
mac = 'ca:fe:de:ad:be:ef' mac = 'ca:fe:de:ad:be:ef'
port = {'network_id': network_id,
'id': port_id, 'ip_cidr': cidr,
'mac_address': mac}
interface_name = agent.get_internal_device_name(port_id) interface_name = agent.get_internal_device_name(port_id)
if action == 'add': if action == 'add':
self.device_exists.return_value = False self.device_exists.return_value = False
agent.internal_network_added(ri, network_id, agent.internal_network_added(ri, port)
port_id, cidr, mac)
self.assertEqual(self.mock_driver.plug.call_count, 1) self.assertEqual(self.mock_driver.plug.call_count, 1)
self.assertEqual(self.mock_driver.init_l3.call_count, 1) self.assertEqual(self.mock_driver.init_l3.call_count, 1)
self.send_arp.assert_called_once_with(ri, interface_name, self.send_arp.assert_called_once_with(ri.ns_name, interface_name,
'99.0.1.9') '99.0.1.9')
elif action == 'remove': elif action == 'remove':
self.device_exists.return_value = True self.device_exists.return_value = True
agent.internal_network_removed(ri, port_id, cidr) agent.internal_network_removed(ri, port)
self.assertEqual(self.mock_driver.unplug.call_count, 1) self.assertEqual(self.mock_driver.unplug.call_count, 1)
else: else:
raise Exception("Invalid action %s" % action) raise Exception("Invalid action %s" % action)
@ -250,9 +265,9 @@ class TestBasicRouterOperations(base.BaseTestCase):
self._test_internal_network_action('remove') self._test_internal_network_action('remove')
def _test_external_gateway_action(self, action): def _test_external_gateway_action(self, action):
router_id = _uuid() router = self._prepare_router_data(num_internal_ports=2)
ri = l3_agent.RouterInfo(router_id, self.conf.root_helper, ri = l3_agent.RouterInfo(router['id'], self.conf.root_helper,
self.conf.use_namespaces, None) self.conf.use_namespaces, router=router)
agent = l3_agent.L3NATAgent(HOSTNAME, self.conf) agent = l3_agent.L3NATAgent(HOSTNAME, self.conf)
internal_cidrs = ['100.0.1.0/24', '200.74.0.0/16'] internal_cidrs = ['100.0.1.0/24', '200.74.0.0/16']
ex_gw_port = {'fixed_ips': [{'ip_address': '20.0.0.30', ex_gw_port = {'fixed_ips': [{'ip_address': '20.0.0.30',
@ -267,17 +282,19 @@ class TestBasicRouterOperations(base.BaseTestCase):
if action == 'add': if action == 'add':
self.device_exists.return_value = False self.device_exists.return_value = False
ri.router = mock.Mock() fake_fip = {'floatingips': [{'id': _uuid(),
ri.router.get.return_value = [{'floating_ip_address': 'floating_ip_address': '192.168.1.34',
'192.168.1.34'}] 'fixed_ip_address': '192.168.0.1',
'port_id': _uuid()}]}
router[l3_constants.FLOATINGIP_KEY] = fake_fip['floatingips']
agent.external_gateway_added(ri, ex_gw_port, agent.external_gateway_added(ri, ex_gw_port,
interface_name, internal_cidrs) interface_name, internal_cidrs)
self.assertEqual(self.mock_driver.plug.call_count, 1) self.assertEqual(self.mock_driver.plug.call_count, 1)
self.assertEqual(self.mock_driver.init_l3.call_count, 1) self.assertEqual(self.mock_driver.init_l3.call_count, 1)
self.send_arp.assert_called_once_with(ri, interface_name, self.send_arp.assert_called_once_with(ri.ns_name, interface_name,
'20.0.0.30') '20.0.0.30')
kwargs = {'preserve_ips': ['192.168.1.34/32'], kwargs = {'preserve_ips': ['192.168.1.34/32'],
'namespace': 'qrouter-' + router_id, 'namespace': 'qrouter-' + router['id'],
'gateway': '20.0.0.1', 'gateway': '20.0.0.1',
'extra_subnets': [{'cidr': '172.16.0.0/24'}]} 'extra_subnets': [{'cidr': '172.16.0.0/24'}]}
self.mock_driver.init_l3.assert_called_with(interface_name, self.mock_driver.init_l3.assert_called_with(interface_name,
@ -301,7 +318,7 @@ class TestBasicRouterOperations(base.BaseTestCase):
router_id = _uuid() router_id = _uuid()
ri = l3_agent.RouterInfo(router_id, self.conf.root_helper, ri = l3_agent.RouterInfo(router_id, self.conf.root_helper,
self.conf.use_namespaces, None) self.conf.use_namespaces, {})
agent = l3_agent.L3NATAgent(HOSTNAME, self.conf) agent = l3_agent.L3NATAgent(HOSTNAME, self.conf)
floating_ip = '20.0.0.101' floating_ip = '20.0.0.101'
interface_name = agent.get_external_device_name(router_id) interface_name = agent.get_external_device_name(router_id)
@ -335,7 +352,7 @@ class TestBasicRouterOperations(base.BaseTestCase):
router_id = _uuid() router_id = _uuid()
ri = l3_agent.RouterInfo(router_id, self.conf.root_helper, ri = l3_agent.RouterInfo(router_id, self.conf.root_helper,
self.conf.use_namespaces, self.conf.use_namespaces,
None) {})
agent = l3_agent.L3NATAgent(HOSTNAME, self.conf) agent = l3_agent.L3NATAgent(HOSTNAME, self.conf)
fake_route1 = {'destination': '135.207.0.0/16', fake_route1 = {'destination': '135.207.0.0/16',
@ -383,7 +400,7 @@ class TestBasicRouterOperations(base.BaseTestCase):
ri = l3_agent.RouterInfo(router_id, self.conf.root_helper, ri = l3_agent.RouterInfo(router_id, self.conf.root_helper,
self.conf.use_namespaces, self.conf.use_namespaces,
None) {})
ri.router = {} ri.router = {}
fake_old_routes = [] fake_old_routes = []
@ -446,7 +463,8 @@ class TestBasicRouterOperations(base.BaseTestCase):
self.assertIn(r.rule, expected_rules) self.assertIn(r.rule, expected_rules)
@staticmethod @staticmethod
def _router_append_interface(router, count=1, ip_version=4, def _router_append_interface(router, subnet_id_list=[], count=1,
ip_version=4,
ra_mode=None, addr_mode=None): ra_mode=None, addr_mode=None):
if ip_version == 4: if ip_version == 4:
ip_pool = '35.4.%i.4' ip_pool = '35.4.%i.4'
@ -465,12 +483,17 @@ class TestBasicRouterOperations(base.BaseTestCase):
for p in interfaces]) for p in interfaces])
for i in range(current, current + count): for i in range(current, current + count):
if subnet_id_list:
subnet_id_list.append(_uuid())
subnet_id = subnet_id_list[i]
else:
subnet_id = _uuid()
interfaces.append( interfaces.append(
{'id': _uuid(), {'id': _uuid(),
'network_id': _uuid(), 'network_id': _uuid(),
'admin_state_up': True, 'admin_state_up': True,
'fixed_ips': [{'ip_address': ip_pool % i, 'fixed_ips': [{'ip_address': ip_pool % i,
'subnet_id': _uuid()}], 'subnet_id': subnet_id}],
'mac_address': 'ca:fe:de:ad:be:ef', 'mac_address': 'ca:fe:de:ad:be:ef',
'subnet': {'cidr': cidr_pool % i, 'subnet': {'cidr': cidr_pool % i,
'gateway_ip': gw_pool % i, 'gateway_ip': gw_pool % i,
@ -497,20 +520,159 @@ class TestBasicRouterOperations(base.BaseTestCase):
'subnet_id': _uuid()}], 'subnet_id': _uuid()}],
'subnet': {'cidr': cidr, 'subnet': {'cidr': cidr,
'gateway_ip': gateway_ip}} 'gateway_ip': gateway_ip}}
int_ports = []
self.subnet_id_list = []
for i in range(num_internal_ports):
self.subnet_id_list.append(_uuid())
subnet_id = self.subnet_id_list[i]
int_ports.append({'id': _uuid(),
'network_id': _uuid(),
'admin_state_up': True,
'fixed_ips': [{'ip_address': '35.4.%s.4' % i,
'subnet_id': subnet_id}],
'mac_address': 'ca:fe:de:ad:be:ef',
'subnet': {'cidr': '35.4.%s.0/24' % i,
'gateway_ip': '35.4.%s.1' % i}})
router = { router = {
'id': router_id, 'id': router_id,
'distributed': False,
l3_constants.INTERFACE_KEY: [], l3_constants.INTERFACE_KEY: [],
'routes': [], 'routes': [],
'gw_port': ex_gw_port} 'gw_port': ex_gw_port}
self._router_append_interface(router, count=num_internal_ports, self._router_append_interface(router, self.subnet_id_list,
count=num_internal_ports,
ip_version=ip_version) ip_version=ip_version)
if enable_snat is not None: if enable_snat is not None:
router['enable_snat'] = enable_snat router['enable_snat'] = enable_snat
return router return router
def test_process_router(self): def test__map_internal_interfaces(self):
agent = l3_agent.L3NATAgent(HOSTNAME, self.conf)
router = self._prepare_router_data(num_internal_ports=4)
ri = l3_agent.RouterInfo(router['id'], self.conf.root_helper,
self.conf.use_namespaces, router=router)
test_port = {'mac_address': '00:12:23:34:45:56',
'fixed_ips': [{'subnet_id': self.subnet_id_list[0],
'ip_address': '101.12.13.14'}]}
internal_ports = ri.router.get(l3_constants.INTERFACE_KEY, [])
# test valid case
res_port = agent._map_internal_interfaces(ri,
internal_ports[0],
[test_port])
self.assertEqual(test_port, res_port)
# test invalid case
test_port['fixed_ips'][0]['subnet_id'] = 1234
res_ip = agent._map_internal_interfaces(ri,
internal_ports[0],
[test_port])
self.assertNotEqual(test_port, res_ip)
self.assertIsNone(res_ip)
def test_get_internal_port(self):
agent = l3_agent.L3NATAgent(HOSTNAME, self.conf)
router = self._prepare_router_data(num_internal_ports=4)
ri = l3_agent.RouterInfo(router['id'], self.conf.root_helper,
self.conf.use_namespaces, router=router)
# Test Basic cases
port = agent.get_internal_port(ri, self.subnet_id_list[0])
fips = port.get('fixed_ips', [])
subnet_id = fips[0]['subnet_id']
self.assertEqual(self.subnet_id_list[0], subnet_id)
port = agent.get_internal_port(ri, self.subnet_id_list[1])
fips = port.get('fixed_ips', [])
subnet_id = fips[0]['subnet_id']
self.assertEqual(self.subnet_id_list[1], subnet_id)
port = agent.get_internal_port(ri, self.subnet_id_list[3])
fips = port.get('fixed_ips', [])
subnet_id = fips[0]['subnet_id']
self.assertEqual(self.subnet_id_list[3], subnet_id)
# Test miss cases
no_port = agent.get_internal_port(ri, FAKE_ID)
self.assertIsNone(no_port)
port = agent.get_internal_port(ri, self.subnet_id_list[0])
fips = port.get('fixed_ips', [])
subnet_id = fips[0]['subnet_id']
self.assertNotEqual(self.subnet_id_list[3], subnet_id)
def test__set_subnet_arp_info(self):
agent = l3_agent.L3NATAgent(HOSTNAME, self.conf)
router = self._prepare_router_data(num_internal_ports=2)
router['distributed'] = True
ri = l3_agent.RouterInfo(router['id'], self.conf.root_helper,
self.conf.use_namespaces, router=router)
ports = ri.router.get(l3_constants.INTERFACE_KEY, [])
test_ports = [{'mac_address': '00:11:22:33:44:55',
'device_owner': 'network:dhcp',
'subnet_id': self.subnet_id_list[0],
'fixed_ips': [{'ip_address': '1.2.3.4'}]}]
self.plugin_api.get_ports_by_subnet.return_value = test_ports
# Test basic case
ports[0]['subnet']['id'] = self.subnet_id_list[0]
agent._set_subnet_arp_info(ri, ports[0])
self.mock_ip_dev.neigh.add.assert_called_once_with(
4, '1.2.3.4', '00:11:22:33:44:55')
# Test negative case
router['distributed'] = False
agent._set_subnet_arp_info(ri, ports[0])
self.mock_ip_dev.neigh.add.never_called()
def test_add_arp_entry(self):
agent = l3_agent.L3NATAgent(HOSTNAME, self.conf)
router = self._prepare_router_data(num_internal_ports=2)
arp_table = {'ip_address': '1.7.23.11',
'mac_address': '00:11:22:33:44:55',
'subnet_id': self.subnet_id_list[0]}
payload = {'arp_table': arp_table, 'router_id': router['id']}
agent._router_added(router['id'], router)
agent.add_arp_entry(None, payload)
agent.router_deleted(None, router['id'])
self.mock_ip_dev.neigh.add.assert_called_once_with(
4, '1.7.23.11', '00:11:22:33:44:55')
def test_del_arp_entry(self):
agent = l3_agent.L3NATAgent(HOSTNAME, self.conf)
router = self._prepare_router_data(num_internal_ports=2)
arp_table = {'ip_address': '1.5.25.15',
'mac_address': '00:44:33:22:11:55',
'subnet_id': self.subnet_id_list[0]}
payload = {'arp_table': arp_table, 'router_id': router['id']}
agent._router_added(router['id'], router)
# first add the entry
agent.add_arp_entry(None, payload)
# now delete it
agent.del_arp_entry(None, payload)
self.mock_ip_dev.neigh.delete.assert_called_once_with(
4, '1.5.25.15', '00:44:33:22:11:55')
agent.router_deleted(None, router['id'])
def test_process_cent_router(self):
router = self._prepare_router_data()
ri = l3_agent.RouterInfo(router['id'], self.conf.root_helper,
self.conf.use_namespaces, router=router)
self._test_process_router(ri)
def test_process_dist_router(self):
router = self._prepare_router_data()
ri = l3_agent.RouterInfo(router['id'], self.conf.root_helper,
self.conf.use_namespaces, router=router)
ri.router['distributed'] = True
ri.router['_snat_router_interfaces'] = [{
'fixed_ips': [{'subnet_id': self.subnet_id_list[0],
'ip_address': '1.2.3.4'}]}]
ri.router['gw_port_host'] = None
self._test_process_router(ri)
def _test_process_router(self, ri):
router = ri.router
agent = l3_agent.L3NATAgent(HOSTNAME, self.conf) agent = l3_agent.L3NATAgent(HOSTNAME, self.conf)
fake_fip_id = 'fake_fip_id' fake_fip_id = 'fake_fip_id'
agent.process_router_floating_ip_addresses = mock.Mock() agent.process_router_floating_ip_addresses = mock.Mock()
@ -518,14 +680,11 @@ class TestBasicRouterOperations(base.BaseTestCase):
agent.process_router_floating_ip_addresses.return_value = { agent.process_router_floating_ip_addresses.return_value = {
fake_fip_id: 'ACTIVE'} fake_fip_id: 'ACTIVE'}
agent.external_gateway_added = mock.Mock() agent.external_gateway_added = mock.Mock()
router = self._prepare_router_data()
fake_floatingips1 = {'floatingips': [ fake_floatingips1 = {'floatingips': [
{'id': fake_fip_id, {'id': fake_fip_id,
'floating_ip_address': '8.8.8.8', 'floating_ip_address': '8.8.8.8',
'fixed_ip_address': '7.7.7.7', 'fixed_ip_address': '7.7.7.7',
'port_id': _uuid()}]} 'port_id': _uuid()}]}
ri = l3_agent.RouterInfo(router['id'], self.conf.root_helper,
self.conf.use_namespaces, router=router)
agent.process_router(ri) agent.process_router(ri)
ex_gw_port = agent._get_ex_gw_port(ri) ex_gw_port = agent._get_ex_gw_port(ri)
agent.process_router_floating_ip_addresses.assert_called_with( agent.process_router_floating_ip_addresses.assert_called_with(
@ -566,21 +725,13 @@ class TestBasicRouterOperations(base.BaseTestCase):
self.assertFalse(agent.process_router_floating_ip_nat_rules.called) self.assertFalse(agent.process_router_floating_ip_nat_rules.called)
@mock.patch('neutron.agent.linux.ip_lib.IPDevice') @mock.patch('neutron.agent.linux.ip_lib.IPDevice')
def test_process_router_floating_ip_addresses_add(self, IPDevice): def _test_process_router_floating_ip_addresses_add(self, ri,
fip_id = _uuid() agent, IPDevice):
fip = { floating_ips = ri.router.get(l3_constants.FLOATINGIP_KEY, [])
'id': fip_id, 'port_id': _uuid(), fip_id = floating_ips[0]['id']
'floating_ip_address': '15.1.2.3',
'fixed_ip_address': '192.168.0.1'
}
IPDevice.return_value = device = mock.Mock() IPDevice.return_value = device = mock.Mock()
device.addr.list.return_value = [] device.addr.list.return_value = []
ri.iptables_manager.ipv4['nat'] = mock.MagicMock()
ri = mock.MagicMock()
ri.router.get.return_value = [fip]
agent = l3_agent.L3NATAgent(HOSTNAME, self.conf)
fip_statuses = agent.process_router_floating_ip_addresses( fip_statuses = agent.process_router_floating_ip_addresses(
ri, {'id': _uuid()}) ri, {'id': _uuid()})
@ -597,6 +748,7 @@ class TestBasicRouterOperations(base.BaseTestCase):
ri = mock.MagicMock() ri = mock.MagicMock()
ri.router.get.return_value = [fip] ri.router.get.return_value = [fip]
ri.router['distributed'].__nonzero__ = lambda self: False
agent = l3_agent.L3NATAgent(HOSTNAME, self.conf) agent = l3_agent.L3NATAgent(HOSTNAME, self.conf)
@ -608,6 +760,50 @@ class TestBasicRouterOperations(base.BaseTestCase):
for chain, rule in rules: for chain, rule in rules:
nat.add_rule.assert_any_call(chain, rule, tag='floating_ip') nat.add_rule.assert_any_call(chain, rule, tag='floating_ip')
def test_process_router_cent_floating_ip_add(self):
fake_floatingips = {'floatingips': [
{'id': _uuid(),
'floating_ip_address': '15.1.2.3',
'fixed_ip_address': '192.168.0.1',
'port_id': _uuid()}]}
router = self._prepare_router_data(enable_snat=True)
router[l3_constants.FLOATINGIP_KEY] = fake_floatingips['floatingips']
ri = l3_agent.RouterInfo(router['id'], self.conf.root_helper,
self.conf.use_namespaces, router=router)
ri.iptables_manager.ipv4['nat'] = mock.MagicMock()
agent = l3_agent.L3NATAgent(HOSTNAME, self.conf)
self._test_process_router_floating_ip_addresses_add(ri, agent)
def test_process_router_dist_floating_ip_add(self):
fake_floatingips = {'floatingips': [
{'id': _uuid(),
'host': HOSTNAME,
'floating_ip_address': '15.1.2.3',
'fixed_ip_address': '192.168.0.1',
'floating_network_id': _uuid(),
'port_id': _uuid()}]}
router = self._prepare_router_data(enable_snat=True)
router[l3_constants.FLOATINGIP_KEY] = fake_floatingips['floatingips']
router['distributed'] = True
ri = l3_agent.RouterInfo(router['id'], self.conf.root_helper,
self.conf.use_namespaces, router=router)
ri.iptables_manager.ipv4['nat'] = mock.MagicMock()
agent = l3_agent.L3NATAgent(HOSTNAME, self.conf)
agent.host = HOSTNAME
agent.agent_gateway_port = (
{'fixed_ips': [{'ip_address': '20.0.0.30',
'subnet_id': _uuid()}],
'subnet': {'gateway_ip': '20.0.0.1'},
'id': _uuid(),
'network_id': _uuid(),
'mac_address': 'ca:fe:de:ad:be:ef',
'ip_cidr': '20.0.0.30/24'}
)
self._test_process_router_floating_ip_addresses_add(ri, agent)
# TODO(mrsmith): refactor for DVR cases
@mock.patch('neutron.agent.linux.ip_lib.IPDevice') @mock.patch('neutron.agent.linux.ip_lib.IPDevice')
def test_process_router_floating_ip_addresses_remove(self, IPDevice): def test_process_router_floating_ip_addresses_remove(self, IPDevice):
IPDevice.return_value = device = mock.Mock() IPDevice.return_value = device = mock.Mock()
@ -615,6 +811,7 @@ class TestBasicRouterOperations(base.BaseTestCase):
ri = mock.MagicMock() ri = mock.MagicMock()
ri.router.get.return_value = [] ri.router.get.return_value = []
ri.router['distributed'].__nonzero__ = lambda self: False
agent = l3_agent.L3NATAgent(HOSTNAME, self.conf) agent = l3_agent.L3NATAgent(HOSTNAME, self.conf)
@ -647,6 +844,7 @@ class TestBasicRouterOperations(base.BaseTestCase):
IPDevice.return_value = device = mock.Mock() IPDevice.return_value = device = mock.Mock()
device.addr.list.return_value = [{'cidr': '15.1.2.3/32'}] device.addr.list.return_value = [{'cidr': '15.1.2.3/32'}]
ri = mock.MagicMock() ri = mock.MagicMock()
ri.router['distributed'].__nonzero__ = lambda self: False
ri.router.get.return_value = [fip] ri.router.get.return_value = [fip]
@ -693,6 +891,7 @@ class TestBasicRouterOperations(base.BaseTestCase):
} }
ri = mock.MagicMock() ri = mock.MagicMock()
ri.router.get.return_value = [fip] ri.router.get.return_value = [fip]
ri.router['distributed'].__nonzero__ = lambda self: False
agent = l3_agent.L3NATAgent(HOSTNAME, self.conf) agent = l3_agent.L3NATAgent(HOSTNAME, self.conf)
@ -1035,6 +1234,7 @@ class TestBasicRouterOperations(base.BaseTestCase):
agent = l3_agent.L3NATAgent(HOSTNAME, self.conf) agent = l3_agent.L3NATAgent(HOSTNAME, self.conf)
ri = mock.MagicMock() ri = mock.MagicMock()
port = {'fixed_ips': [{'ip_address': '192.168.1.4'}]} port = {'fixed_ips': [{'ip_address': '192.168.1.4'}]}
ri.router = {'distributed': False}
agent._handle_router_snat_rules(ri, port, [], "iface", "add_rules") agent._handle_router_snat_rules(ri, port, [], "iface", "add_rules")
@ -1051,9 +1251,10 @@ class TestBasicRouterOperations(base.BaseTestCase):
def test_handle_router_snat_rules_add_rules(self): def test_handle_router_snat_rules_add_rules(self):
agent = l3_agent.L3NATAgent(HOSTNAME, self.conf) agent = l3_agent.L3NATAgent(HOSTNAME, self.conf)
ri = l3_agent.RouterInfo(_uuid(), self.conf.root_helper, ri = l3_agent.RouterInfo(_uuid(), self.conf.root_helper,
self.conf.use_namespaces, None) self.conf.use_namespaces, {})
ex_gw_port = {'fixed_ips': [{'ip_address': '192.168.1.4'}]} ex_gw_port = {'fixed_ips': [{'ip_address': '192.168.1.4'}]}
internal_cidrs = ['10.0.0.0/24'] internal_cidrs = ['10.0.0.0/24']
ri.router = {'distributed': False}
agent._handle_router_snat_rules(ri, ex_gw_port, internal_cidrs, agent._handle_router_snat_rules(ri, ex_gw_port, internal_cidrs,
"iface", "add_rules") "iface", "add_rules")
@ -1116,11 +1317,7 @@ class TestBasicRouterOperations(base.BaseTestCase):
self.assertFalse(external_gateway_removed.called) self.assertFalse(external_gateway_removed.called)
self.assertFalse(internal_network_removed.called) self.assertFalse(internal_network_removed.called)
internal_network_added.assert_called_once_with( internal_network_added.assert_called_once_with(
ri, ri, internal_port)
internal_port['network_id'],
internal_port['id'],
internal_port['ip_cidr'],
internal_port['mac_address'])
self.assertEqual(self.mock_driver.unplug.call_count, self.assertEqual(self.mock_driver.unplug.call_count,
len(stale_devnames)) len(stale_devnames))
calls = [mock.call(stale_devname, calls = [mock.call(stale_devname,
@ -1193,11 +1390,32 @@ class TestBasicRouterOperations(base.BaseTestCase):
'enable_snat': True, 'enable_snat': True,
'routes': [], 'routes': [],
'gw_port': ex_gw_port} 'gw_port': ex_gw_port}
router['distributed'] = False
agent._router_added(router['id'], router) agent._router_added(router['id'], router)
agent.router_deleted(None, router['id']) agent.router_deleted(None, router['id'])
agent._process_router_delete() agent._process_router_delete()
self.assertFalse(list(agent.removed_routers)) self.assertFalse(list(agent.removed_routers))
def test_destroy_fip_namespace(self):
class FakeDev(object):
def __init__(self, name):
self.name = name
namespaces = ['qrouter-foo', 'qrouter-bar']
self.mock_ip.get_namespaces.return_value = namespaces
self.mock_ip.get_devices.return_value = [FakeDev('fr-aaaa'),
FakeDev('fg-aaaa')]
agent = l3_agent.L3NATAgent(HOSTNAME, self.conf)
agent._destroy_fip_namespace(namespaces[0])
# TODO(mrsmith): update for fr interface
self.assertEqual(self.mock_driver.unplug.call_count, 1)
self.mock_driver.unplug.assert_called_with('fg-aaaa', bridge='br-ex',
prefix='fg-',
namespace='qrouter-foo')
def test_destroy_router_namespace_skips_ns_removal(self): def test_destroy_router_namespace_skips_ns_removal(self):
agent = l3_agent.L3NATAgent(HOSTNAME, self.conf) agent = l3_agent.L3NATAgent(HOSTNAME, self.conf)
agent._destroy_router_namespace("fakens") agent._destroy_router_namespace("fakens")
@ -1216,7 +1434,8 @@ class TestBasicRouterOperations(base.BaseTestCase):
router_id = _uuid() router_id = _uuid()
router = {'id': _uuid(), router = {'id': _uuid(),
'external_gateway_info': {}, 'external_gateway_info': {},
'routes': []} 'routes': [],
'distributed': False}
with mock.patch.object( with mock.patch.object(
agent, '_destroy_metadata_proxy') as destroy_proxy: agent, '_destroy_metadata_proxy') as destroy_proxy:
with mock.patch.object( with mock.patch.object(
@ -1439,7 +1658,8 @@ class TestBasicRouterOperations(base.BaseTestCase):
self.conf.set_override('router_id', None) self.conf.set_override('router_id', None)
stale_namespaces = [l3_agent.NS_PREFIX + 'cccc', stale_namespaces = [l3_agent.NS_PREFIX + 'cccc',
l3_agent.NS_PREFIX + 'eeeee'] l3_agent.NS_PREFIX + 'eeeee']
router_list = [{'id': 'foo'}, {'id': 'aaaa'}] router_list = [{'id': 'foo', 'distributed': False},
{'id': 'aaaa', 'distributed': False}]
other_namespaces = ['qdhcp-aabbcc', 'unknown'] other_namespaces = ['qdhcp-aabbcc', 'unknown']
self._cleanup_namespace_test(stale_namespaces, self._cleanup_namespace_test(stale_namespaces,
@ -1451,13 +1671,166 @@ class TestBasicRouterOperations(base.BaseTestCase):
stale_namespaces = [l3_agent.NS_PREFIX + 'cccc', stale_namespaces = [l3_agent.NS_PREFIX + 'cccc',
l3_agent.NS_PREFIX + 'eeeee', l3_agent.NS_PREFIX + 'eeeee',
l3_agent.NS_PREFIX + self.conf.router_id] l3_agent.NS_PREFIX + self.conf.router_id]
router_list = [{'id': 'foo'}, {'id': 'aaaa'}] router_list = [{'id': 'foo', 'distributed': False},
{'id': 'aaaa', 'distributed': False}]
other_namespaces = ['qdhcp-aabbcc', 'unknown'] other_namespaces = ['qdhcp-aabbcc', 'unknown']
self._cleanup_namespace_test(stale_namespaces, self._cleanup_namespace_test(stale_namespaces,
router_list, router_list,
other_namespaces) other_namespaces)
def test_create_dvr_gateway(self):
agent = l3_agent.L3NATAgent(HOSTNAME, self.conf)
router = self._prepare_router_data()
ri = l3_agent.RouterInfo(router['id'], self.conf.root_helper,
self.conf.use_namespaces, router=router)
port_id = _uuid()
dvr_gw_port = {'fixed_ips': [{'ip_address': '20.0.0.30',
'subnet_id': _uuid()}],
'subnet': {'gateway_ip': '20.0.0.1'},
'id': port_id,
'network_id': _uuid(),
'mac_address': 'ca:fe:de:ad:be:ef',
'ip_cidr': '20.0.0.30/24'}
snat_ports = [{'subnet': {'cidr': '152.2.0.0/16',
'gateway_ip': '152.2.0.1',
'id': _uuid()},
'network_id': _uuid(),
'device_owner': 'network:router_centralized_snat',
'ip_cidr': '152.2.0.13/16',
'mac_address': 'fa:16:3e:80:8d:80',
'fixed_ips': [{'subnet_id': _uuid(),
'ip_address': '152.2.0.13'}],
'id': _uuid(), 'device_id': _uuid()},
{'subnet': {'cidr': '152.10.0.0/16',
'gateway_ip': '152.10.0.1',
'id': _uuid()},
'network_id': _uuid(),
'device_owner': 'network:router_centralized_snat',
'ip_cidr': '152.10.0.13/16',
'mac_address': 'fa:16:3e:80:8d:80',
'fixed_ips': [{'subnet_id': _uuid(),
'ip_address': '152.10.0.13'}],
'id': _uuid(), 'device_id': _uuid()}]
interface_name = agent.get_snat_int_device_name(port_id)
internal_cidrs = None
self.device_exists.return_value = False
agent._create_dvr_gateway(ri, dvr_gw_port, interface_name,
internal_cidrs, snat_ports)
# check 2 internal ports are plugged
# check 1 ext-gw-port is plugged
self.assertEqual(self.mock_driver.plug.call_count, 3)
self.assertEqual(self.mock_driver.init_l3.call_count, 3)
def test_agent_gateway_added(self):
agent = l3_agent.L3NATAgent(HOSTNAME, self.conf)
network_id = _uuid()
port_id = _uuid()
agent_gw_port = {'fixed_ips': [{'ip_address': '20.0.0.30',
'subnet_id': _uuid()}],
'subnet': {'gateway_ip': '20.0.0.1'},
'id': port_id,
'network_id': network_id,
'mac_address': 'ca:fe:de:ad:be:ef',
'ip_cidr': '20.0.0.30/24'}
fip_ns_name = (
agent.get_fip_ns_name(str(network_id)))
interface_name = (
agent.get_fip_ext_device_name(port_id))
self.device_exists.return_value = False
agent.agent_gateway_added(fip_ns_name, agent_gw_port,
interface_name)
self.assertEqual(self.mock_driver.plug.call_count, 1)
self.assertEqual(self.mock_driver.init_l3.call_count, 1)
if self.conf.use_namespaces:
self.send_arp.assert_called_once_with(fip_ns_name, interface_name,
'20.0.0.30')
else:
self.utils_exec.assert_any_call(
check_exit_code=True, root_helper=self.conf.root_helper)
def test_create_rtr_2_fip_link(self):
agent = l3_agent.L3NATAgent(HOSTNAME, self.conf)
router = self._prepare_router_data()
fip = {'id': _uuid(),
'host': HOSTNAME,
'floating_ip_address': '15.1.2.3',
'fixed_ip_address': '192.168.0.1',
'floating_network_id': _uuid(),
'port_id': _uuid()}
ri = l3_agent.RouterInfo(router['id'], self.conf.root_helper,
self.conf.use_namespaces, router=router)
rtr_2_fip_name = agent.get_rtr_int_device_name(ri.router_id)
fip_2_rtr_name = agent.get_fip_int_device_name(ri.router_id)
fip_ns_name = agent.get_fip_ns_name(str(fip['floating_network_id']))
agent.create_rtr_2_fip_link(ri, fip['floating_network_id'])
self.mock_ip.add_veth.assert_called_with(rtr_2_fip_name,
fip_2_rtr_name, fip_ns_name)
# TODO(mrsmith): add more aasserts -
self.mock_ip_dev.route.add_gateway.assert_called_once_with(
ri.fip_2_rtr, table=16)
# TODO(mrsmith): test _create_agent_gateway_port
def test_floating_ip_added_dist(self):
agent = l3_agent.L3NATAgent(HOSTNAME, self.conf)
router = self._prepare_router_data()
ri = l3_agent.RouterInfo(router['id'], self.conf.root_helper,
self.conf.use_namespaces, router=router)
agent_gw_port = {'fixed_ips': [{'ip_address': '20.0.0.30',
'subnet_id': _uuid()}],
'subnet': {'gateway_ip': '20.0.0.1'},
'id': _uuid(),
'network_id': _uuid(),
'mac_address': 'ca:fe:de:ad:be:ef',
'ip_cidr': '20.0.0.30/24'}
fip = {'id': _uuid(),
'host': HOSTNAME,
'floating_ip_address': '15.1.2.3',
'fixed_ip_address': '192.168.0.1',
'floating_network_id': _uuid(),
'port_id': _uuid()}
agent.agent_gateway_port = agent_gw_port
agent.floating_ip_added_dist(ri, fip)
self.mock_rule.add_rule_from.assert_called_with('192.168.0.1',
16, FIP_PRI)
# TODO(mrsmith): add more asserts
def test_floating_ip_removed_dist(self):
agent = l3_agent.L3NATAgent(HOSTNAME, self.conf)
router = self._prepare_router_data()
agent_gw_port = {'fixed_ips': [{'ip_address': '20.0.0.30',
'subnet_id': _uuid()}],
'subnet': {'gateway_ip': '20.0.0.1'},
'id': _uuid(),
'network_id': _uuid(),
'mac_address': 'ca:fe:de:ad:be:ef',
'ip_cidr': '20.0.0.30/24'}
fip_cidr = '11.22.33.44/24'
ri = l3_agent.RouterInfo(router['id'], self.conf.root_helper,
self.conf.use_namespaces, router=router)
ri.dist_fip_count = 2
ri.floating_ips_dict['11.22.33.44'] = FIP_PRI
agent.agent_gateway_port = agent_gw_port
agent.floating_ip_removed_dist(ri, fip_cidr)
self.mock_rule.delete_rule_priority.assert_called_with(FIP_PRI)
self.mock_ip_dev.route.delete_route.assert_called_with(fip_cidr,
ri.rtr_2_fip)
# TODO(mrsmith): test ri.dist_fip_count == 0
# TODO(mrsmith): test agent_fip_count == 0 case
class TestL3AgentEventHandler(base.BaseTestCase): class TestL3AgentEventHandler(base.BaseTestCase):