NSXv: evaluate NAT rules correctly

Change-Id: Ic558a08cd629e3b2b02190bb5fff9d4b5ad05396
2019-12-10 11:33:09 +02:00 · 2019-12-10 11:33:09 +02:00 · 6966160da6
commit 6966160da6
parent 59dbb0dc0c
1 changed files with 19 additions and 20 deletions
--- a/vmware_nsx/plugins/nsx_v/plugin.py
+++ b/vmware_nsx/plugins/nsx_v/plugin.py
@ -3890,26 +3890,25 @@ class NsxVPluginV2(addr_pair_db.AllowedAddressPairsMixin,
                context.elevated(), router['id'])
            gw_address_scope = self._get_network_address_scope(
                context.elevated(), gw_port['network_id'])
-            if gw_address_scope:
+            for subnet in subnets:
-                for subnet in subnets:
+                # Do not build NAT rules for v6
-                    # Do not build NAT rules for v6
+                if subnet.get('ip_version') == 6:
-                    if subnet.get('ip_version') == 6:
+                    continue
-                        continue
+                # if the subnets address scope is the same as the gateways:
-                    # if the subnets address scope is the same as the gateways:
+                # no need for SNAT
-                    # no need for SNAT
+                subnet_address_scope = self._get_subnetpool_address_scope(
-                    subnet_address_scope = self._get_subnetpool_address_scope(
+                    context.elevated(), subnet['subnetpool_id'])
-                        context.elevated(), subnet['subnetpool_id'])
+                if (gw_address_scope and
-                    if gw_address_scope == subnet_address_scope:
+                    gw_address_scope == subnet_address_scope):
-                        LOG.info("No need for SNAT rule for router %(router)s "
+                    LOG.info("No need for SNAT rule for router %(router)s "
-                                 "and subnet %(subnet)s because they use the "
+                             "and subnet %(subnet)s because they use the "
-                                 "same address scope %(addr_scope)s.",
+                             "same address scope %(addr_scope)s.",
-                                 {'router': router['id'],
+                             {'router': router['id'],
-                                  'subnet': subnet['id'],
+                              'subnet': subnet['id'],
-                                  'addr_scope': gw_address_scope})
+                              'addr_scope': gw_address_scope})
-                        continue
+                    continue
-
+                snat.append(self._get_default_nat_rule(
-                    snat.append(self._get_default_nat_rule(
+                    context, router['id'], subnet, snat_ip))
                        context, router['id'], subnet, snat_ip))
        return (snat, dnat)
    def _get_default_nat_rule(self, context, router_id, subnet, snat_ip):