x/vmware-nsx
Code Issues Proposed changes

NSX|P: Fix ipv6 adverisement rules

Browse Source 
These rules must be updated on router interface changes

Change-Id: I2f801387e5e55eabc6e40ca8e79c922c867dd6b5
This commit is contained in:
Anna Khmelnitsky 2019-04-22 11:18:37 -07:00
parent 30eab6bb8c
commit 5dc582775a
1 changed files with 29 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
vmware_nsx/plugins/nsx_p/plugin.py
View File

@ -820,7 +820,7 @@ class NsxPolicyPlugin(nsx_plugin_common.NsxPluginV3Base):
# to have an accurate picture of existing subnets.
profile_id = None
slaac_subnet = (subnet['ipv6_address_mode'] == 'slaac')
slaac_subnet = (subnet.get('ipv6_address_mode') == 'slaac')
if slaac_subnet and not delete:
# slaac subnet connected - verify slaac is set on router
@ -834,8 +834,9 @@ class NsxPolicyPlugin(nsx_plugin_common.NsxPluginV3Base):
# advertising (vlan advertising is attached on interface level)
slaac_subnets = [s for s in rtr_subnets
if s['id'] != subnet['id'] and
s['ipv6_address_mode'] == 'slaac' and
self._is_overlay_network(s['network_id'])]
s.get('ipv6_address_mode') == 'slaac' and
self._is_overlay_network(context,
s['network_id'])]
if not slaac_subnets and slaac_subnet:
# this was the last slaac subnet connected -
@ -1562,25 +1563,27 @@ class NsxPolicyPlugin(nsx_plugin_common.NsxPluginV3Base):
for subnet in router_subnets:
self._add_subnet_no_dnat_rule(context, router_id, subnet)
# always advertise ipv6 subnets if gateway is set
actions['advertise_ipv6_subnets'] = True if info else False
self._update_router_advertisement(router_id, actions, router_subnets)
if actions['remove_service_router']:
self.delete_service_router(router['project_id'], router_id)
def _update_router_advertisement(self, router_id, actions, subnets):
self.nsxpolicy.tier1.update_route_advertisement(
router_id,
nat=actions['advertise_route_nat_flag'],
subnets=actions['advertise_route_connected_flag'])
# always advertise ipv6 subnets if gateway is set
advertise_ipv6_subnets = True if info else False
self._update_router_advertisement_rules(router_id,
router_subnets,
advertise_ipv6_subnets)
if actions['remove_service_router']:
self.delete_service_router(router['project_id'], router_id)
def _update_router_advertisement_rules(self, router_id, subnets,
advertise_ipv6):
# There is no NAT for ipv6 - all connected ipv6 segments should be
# advertised
ipv6_cidrs = [s['cidr'] for s in subnets if s.get('ip_version') == 6]
if ipv6_cidrs and actions['advertise_ipv6_subnets']:
if ipv6_cidrs and advertise_ipv6:
self.nsxpolicy.tier1.add_advertisement_rule(
router_id,
IPV6_ROUTER_ADV_RULE_NAME,
@ -1854,6 +1857,12 @@ class NsxPolicyPlugin(nsx_plugin_common.NsxPluginV3Base):
subnet, gw_address_scope, gw_ip)
self._add_subnet_no_dnat_rule(context, router_id, subnet)
if subnet.get('ip_version') == 6 and gw_network_id:
# if this is an ipv6 subnet and router has GW,
# we need to add advertisement rule
self._update_router_advertisement_rules(
router_id, subnets, True)
# update firewall rules
self.update_router_firewall(context, router_id, router_db)
@ -1941,6 +1950,12 @@ class NsxPolicyPlugin(nsx_plugin_common.NsxPluginV3Base):
self._del_subnet_snat_rule(router_id, subnet)
self._del_subnet_no_dnat_rule(router_id, subnet)
if subnet and subnet.get('ip_version') == 6 and router_db.gw_port:
# if this is an ipv6 subnet and router has GW,
# we need to remove advertisement rule
self._update_router_advertisement_rules(
router_id, subnets, True)
# update firewall rules
self.update_router_firewall(context, router_id, router_db)