NSXv: Add DNAT rules for the interfaces of the shared routers
When updating floating ips on shared routers, we should add the relevant nat rules on all the interfaces of the other routers sharing the same edge, to allow routing between them using the floating ip Change-Id: I9864bdf58c9cb7181549c91000b0c325bf5f0ff2
This commit is contained in:
parent
7b216ebf78
commit
50ef5957fc
@ -101,10 +101,51 @@ class RouterSharedDriver(router_driver.RouterBaseDriver):
|
||||
edge_utils.update_routes(self.nsx_v, context, target_router_id,
|
||||
all_routes, nexthop)
|
||||
|
||||
# return a dic of each router -> list of vnics from the other routers
|
||||
def _get_all_routers_vnic_indices(self, context, router_ids):
|
||||
|
||||
all_vnic_indices = {}
|
||||
if len(router_ids) < 1:
|
||||
# there are no routers
|
||||
return all_vnic_indices
|
||||
|
||||
intf_ports = self.plugin.get_ports(
|
||||
context.elevated(),
|
||||
filters={'device_owner': [l3_db.DEVICE_OWNER_ROUTER_INTF]})
|
||||
|
||||
edge_id = edge_utils.get_router_edge_id(context, router_ids[0])
|
||||
edge_vnic_bindings = nsxv_db.get_edge_vnic_bindings_by_edge(
|
||||
context.session, edge_id)
|
||||
|
||||
for this_router_id in router_ids:
|
||||
# get networks IDs for this router
|
||||
router_net_ids = list(
|
||||
set([port['network_id']
|
||||
for port in intf_ports
|
||||
if port['device_id'] == this_router_id]))
|
||||
|
||||
# get vnic index for each network
|
||||
vnic_indices = []
|
||||
for net_id in router_net_ids:
|
||||
vnic_indices.extend([edge_vnic_binding.vnic_index
|
||||
for edge_vnic_binding
|
||||
in edge_vnic_bindings
|
||||
if edge_vnic_binding.network_id == net_id
|
||||
])
|
||||
|
||||
# make sure the list is unique:
|
||||
vnic_indices = list(set(vnic_indices))
|
||||
# add to the result dict
|
||||
all_vnic_indices[this_router_id] = list(vnic_indices)
|
||||
|
||||
return all_vnic_indices
|
||||
|
||||
def _update_nat_rules_on_routers(self, context,
|
||||
target_router_id, router_ids):
|
||||
snats = []
|
||||
dnats = []
|
||||
vnics_by_router = self._get_all_routers_vnic_indices(
|
||||
context, router_ids)
|
||||
for router_id in router_ids:
|
||||
router_qry = context.session.query(l3_db.Router)
|
||||
router = router_qry.filter_by(id=router_id).one()
|
||||
@ -112,6 +153,21 @@ class RouterSharedDriver(router_driver.RouterBaseDriver):
|
||||
snat, dnat = self.plugin._get_nat_rules(context, router)
|
||||
snats.extend(snat)
|
||||
dnats.extend(dnat)
|
||||
if len(dnat) > 0:
|
||||
# Copy each DNAT rule to all vnics of the other routers,
|
||||
# to allow NAT-ed traffic between routers
|
||||
other_vnics = []
|
||||
for other_router_id in router_ids:
|
||||
if other_router_id != router_id:
|
||||
other_vnics.extend(
|
||||
vnics_by_router[other_router_id])
|
||||
for rule in dnat:
|
||||
for vnic_index in other_vnics:
|
||||
new_rule = rule.copy()
|
||||
# use explicit vnic_index
|
||||
new_rule['vnic_index'] = vnic_index
|
||||
dnats.extend([new_rule])
|
||||
|
||||
edge_utils.update_nat_rules(
|
||||
self.nsx_v, context, target_router_id, snats, dnats)
|
||||
|
||||
|
@ -803,14 +803,23 @@ class EdgeApplianceDriver(object):
|
||||
nat_rules = []
|
||||
|
||||
for dnat in dnats:
|
||||
vnic_index = constants.EXTERNAL_VNIC_INDEX
|
||||
if 'vnic_index' in dnat:
|
||||
vnic_index = dnat['vnic_index']
|
||||
nat_rules.append(self._assemble_nat_rule(
|
||||
'dnat', dnat['dst'], dnat['translated']))
|
||||
'dnat', dnat['dst'], dnat['translated'], vnic_index=vnic_index
|
||||
))
|
||||
nat_rules.append(self._assemble_nat_rule(
|
||||
'snat', dnat['translated'], dnat['dst']))
|
||||
'snat', dnat['translated'], dnat['dst'], vnic_index=vnic_index
|
||||
))
|
||||
|
||||
for snat in snats:
|
||||
vnic_index = constants.EXTERNAL_VNIC_INDEX
|
||||
if 'vnic_index' in snat:
|
||||
vnic_index = snat['vnic_index']
|
||||
nat_rules.append(self._assemble_nat_rule(
|
||||
'snat', snat['src'], snat['translated']))
|
||||
'snat', snat['src'], snat['translated'], vnic_index=vnic_index
|
||||
))
|
||||
|
||||
userdata = {
|
||||
'edge_id': edge_id,
|
||||
|
Loading…
x
Reference in New Issue
Block a user